Skip to content

v0.6.0 — Detection depth, recovery round-trip, conformance, benchmark

Choose a tag to compare

View all tags
@requie requie released this 06 May 13:19
· 116 commits to main since this release
v0.6.0
a65103d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

The release that closes Phase 2 of the dev plan. Full notes in CHANGELOG.md; headline below.

Highlights

  • 4-layer default pipeline. RecoveryLayer is now a first-class default alongside Adversarial / Cortical / Governance.
  • AdversarialLayer. 21-pattern regex taxonomy across six attack families (prompt_injection, jailbreak, role_confusion, system_prompt_extraction, data_exfiltration, prompt_obfuscation). Scans direct input + memory_reads + tool_outputs + retrieved_documents + peer_messages.
  • CorticalLayer. Jensen-Shannon distance drift with Laplace smoothing and a min_drift_samples guard.
  • RecoveryLayer. Checkpoint Protocol with InMemory / File / Sqlite reference backends + tested snapshot() / restore_to() tamper-recover round trip.
  • BaselineStore Protocol. Behavioural baselines persist across process restarts via InMemory / File / Sqlite backends.
  • Cross-adapter conformance suite. 9 invariants × 5 adapters + a registry-stability sentinel test.
  • Detection benchmark harness. pytest -m benchmark; synthetic suite always runs; PINT / AgentDojo / InjecAgent loaders skip when their AGENTEGRITY_BENCH_* env var is unset. Real InjecAgent numbers (TPR=0.000) published in STATUS.md as the honest baseline that the next-release LLM classifier should improve.
  • Branch coverage gates. Python ≥ 85% (currently 86.71%), TypeScript ≥ 80% lines / ≥ 70% functions (currently 89.99% / 83.40%).
  • Nightly detection benchmark workflow.

Migration notes

  • PropertyWeights default recovery_integrity bumped from 0.0 to 0.15. Callers passing three keyword args (adversarial_coherence / environmental_portability / verifiable_assurance) without recovery_integrity will now hit the sum-to-1.0 validator. Either add recovery_integrity=0.0 or drop the explicit weights= argument and adopt the new default.
  • Cortical drift scores now come from Jensen-Shannon distance, not forward KL. Numeric values differ. Tuned drift_tolerance thresholds should be revalidated.

Stats

  • 313 unit tests + 5 benchmark tests + 2 benchmark skips.
  • ruff clean, mypy --strict clean across 29 source files.
  • Python branch coverage 86.71%; TS line coverage 89.99%, function coverage 83.40%.
  • 17 commits since v0.5.3 — see the merged PR for the full list.

Released by @requie.

Contributors

requie
Assets 2
Loading