chore(release): bump to 3.7.0 with audit hardening

[tkhquang]

Summary

Prepares the v3.7.0 release. Bumps project(VERSION) to 3.7.0 and folds in the small, verified fixes from the recent architecture and performance audit. Everything here is additive or internal hardening with no public API or behavior change, so this stays a minor release.

Changes

• Version: bump project(VERSION) to 3.7.0 and make the version tests relational, so a future bump touches a single literal.
• Hardening: defensive bound check on the input binding query, full-span validation in the RTTI COL walk, and a UTF-8/wide-aware bootstrap process gate.
• Release safety: a validate-version CI job that fails closed when the release tag does not match project(VERSION).
• Docs and comments: correct the SafetyHook teardown description (vectored-handler IP relocation, not thread suspension) in code and the hot-reload guide, plus header notes on a few call-site footguns.

Summary by CodeRabbit

• Documentation

  • Clarified hot-reload thread safety behavior during hook removal
  • Enhanced API documentation for configuration parsing, logger performance, and RTTI scanning

• Bug Fixes

  • Strengthened bounds validation in input binding state access and RTTI operations
  • Added compile-time assertions for string scanning logic

[coderabbitai]

Warning

Review limit reached

@tkhquang, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 41 minutes and 23 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0274da94-ed18-4711-80bf-d6fd624c432a

📥 Commits

Reviewing files that changed from the base of the PR and between 210858d and f91272c.

📒 Files selected for processing (2)

• include/DetourModKit/hook_manager.hpp
• include/DetourModKit/scanner.hpp

📝 Walkthrough

Walkthrough

This PR bumps the project version from 3.6.1 to 3.7.0 and adds CI validation to ensure release workflow inputs match CMakeLists.txt. It also updates version tests to use macro-driven assertions, clarifies SafetyHook thread behavior in documentation, adds implementation hardening via bounds checks and wide-character handling, and documents API behavior across multiple headers.

Changes

Version 3.7.0 Release and Maintenance

Layer / File(s)	Summary
Version 3.7.0 release and CI validation CMakeLists.txt, .github/workflows/release.yml, AGENTS.md, tests/test_version.cpp	Project version bumped from 3.6.1 to 3.7.0 in CMakeLists.txt. New validate-version CI job extracts and compares canonical project version to workflow dispatch input; both build jobs updated to require validation success. Release documentation rules updated to enforce matching versions. Version tests rewritten to derive assertions from DMK_VERSION_* macros.
SafetyHook thread behavior documentation docs/hot-reload/README.md, src/hook_manager.cpp, include/DetourModKit/hook_manager.hpp	Hot-reload safety docs clarified: SafetyHook removal no longer freezes all threads but relocates faulting threads via vectored exception handlers. Persistent-host topology contract expanded to clarify that Bootstrap::on_logic_dll_unload() cannot prove consumer workers have stopped and SafetyHook won't freeze already-executing detour calls. Hook manager teardown comments updated to precisely describe disable() behavior and thread impact during hook removal and deinstallation.
Implementation hardening: bounds checks and wide-character handling src/bootstrap.cpp, src/input.cpp, src/rtti.cpp, src/string_xref.cpp	is_target_process upgraded from ANSI to wide-character path resolution using GetModuleFileNameW and bounded UTF-8 to wide conversion with invalid-char detection. InputPoller::is_binding_active adds explicit bounds check before array access. resolve_col_site adds module-end bounds check before SEH read. String scanner adds compile-time assertion ensuring instruction length covers maximum read indices during instruction scanning.
API behavior documentation include/DetourModKit/config.hpp, include/DetourModKit/drift_manifest.hpp, include/DetourModKit/logger.hpp, include/DetourModKit/rtti_dissect.hpp, include/DetourModKit/scanner.hpp	Documentation notes added across headers: INI parser behavior with narrow bytes and non-ASCII handling, non-atomic drift report writes and torn-write scenarios, synchronous logger flush performance impact on game threads, RTTI landmark selection guidance when multiple same-typed fields exist, and scanner prologue-fallback recovery scope covering only E9 and FF25 shapes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• tkhquang/DetourModKit#60: Both PRs depend on the same CMakeLists.txt project(VERSION ...) source; this PR adds CI validation that dispatch version matches it, while #60 generates DMK_VERSION_* macros from that same value.
• tkhquang/DetourModKit#69: Both PRs touch src/hook_manager.cpp SafetyHook teardown semantics; this PR updates comments/documentation, while #69 changes the actual destructor/shutdown logic.
• tkhquang/DetourModKit#74: Both PRs bump the CMake project(DetourModKit VERSION ...) value and update tests/test_version.cpp to assert DMK_VERSION_* consistency for the new version.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: a version bump to 3.7.0 paired with audit-driven hardening fixes, which aligns with the core PR objectives.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 35-36: Replace every occurrence of the mutable actions/checkout@v4
usage with a pinned full 40-character commit SHA (e.g.,
actions/checkout@<40-char-commit-sha>)—search for "uses: actions/checkout@v4"
and update each instance to the corresponding full commit SHA for the
actions/checkout repo; ensure the SHA is 40 hex characters and is used
consistently in all occurrences.

In `@include/DetourModKit/hook_manager.hpp`:
- Around line 635-639: The public docblock for VMT hooks (the comment above the
VMT hook behavior in hook_manager.hpp) is missing the required call‑site safety
classification; add a "`@note` Setup/control-plane only" line to that docblock so
it explicitly marks that callers must perform hook setup/teardown only from the
control plane and not from concurrent threads.

In `@include/DetourModKit/scanner.hpp`:
- Around line 644-648: The comment should be updated to clarify error mapping:
state that finalize_cascade_with_fallback() will return
PrologueFallbackNotApplicable when the prologue rebuild/fallback is not
applicable (so no fallback is attempted) and that NoMatch is returned only after
the fallback has been formed and actually tried but failed to match; mention
both error variants (PrologueFallbackNotApplicable and NoMatch) and that callers
should handle them differently rather than assuming all unsupported overwrite
shapes always map to NoMatch.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4c582c88-30da-48f9-be6e-49f53a4425ee

📥 Commits

Reviewing files that changed from the base of the PR and between 5053e9b and 210858d.

📒 Files selected for processing (16)

• .github/workflows/release.yml
• AGENTS.md
• CMakeLists.txt
• docs/hot-reload/README.md
• include/DetourModKit/config.hpp
• include/DetourModKit/drift_manifest.hpp
• include/DetourModKit/hook_manager.hpp
• include/DetourModKit/logger.hpp
• include/DetourModKit/rtti_dissect.hpp
• include/DetourModKit/scanner.hpp
• src/bootstrap.cpp
• src/hook_manager.cpp
• src/input.cpp
• src/rtti.cpp
• src/string_xref.cpp
• tests/test_version.cpp