Skip to content

Release v4.7.0#160

Merged
sidmohan0 merged 9 commits into
mainfrom
release/4.7.0
Jul 2, 2026
Merged

Release v4.7.0#160
sidmohan0 merged 9 commits into
mainfrom
release/4.7.0

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

What ships in 4.7.0

Additive minor release, engine + adapters (#159):

  • Allowlist (exact values + full-match regex patterns) on scan/redact, threaded through the Claude Code hook (env vars) and LiteLLM guardrail (params) — with ReDoS guards (nested-quantifier rejection, length caps, fail-safe skip)
  • Presidio entity aliases (EMAIL_ADDRESS, US_SSN) for config migration
  • py.typed (PEP 561) — also lets the upstream litellm PR drop its type-stub suppression
  • Behavior change worth noting: LiteLLM guardrail redactions now report guardrail_status="guardrail_intervened" (was "success") — see CHANGELOG

Release mechanics

Same checklist as 4.6.0: merge commit (not squash), then I verify merged tree == this branch, dispatch stable dry_run=true, confirm "Would have published: 4.7.0", dispatch dry_run=false, verify PyPI + tag, fast-forward dev.

Why tonight

Starts litellm's 3-day package quarantine clock now: 4.7.0 clears ~July 5, so the scheduled CI-pin push to BerriAI/litellm#31991 can pin 4.7.0 directly and drop the pyright suppression in one commit.

Test plan

sidmohan0 added 9 commits July 2, 2026 13:25
docs: give Claude Code plugin install top billing
Adds allowlist (exact values) and allowlist_patterns (full-match
regexes) to scan/redact and threads them through both agent adapters:
DATAFOG_HOOK_ALLOWLIST / DATAFOG_HOOK_ALLOWLIST_PATTERNS env vars for
the Claude Code hook, allowlist/allowlist_patterns params for the
LiteLLM guardrail. Motivated by a day of dogfooding: unix timestamps
and numeric IDs match the PHONE pattern, and intentional identifiers
(own support email, doc placeholders) should be exemptable.

Accepts presidio-style entity names (EMAIL_ADDRESS, US_SSN) as input
aliases via the existing canonical type map, ships a py.typed marker
so downstream type checkers see our annotations, and backports the
upstream-review fixes to the in-repo litellm adapter (guardrail spans
recorded on the returned dict, redaction reported as intervention).

Also corrects an entity-name documentation error introduced in #156:
the scan API returns DATE and ZIP_CODE (DOB/ZIP are input aliases).
Review findings: reject quantified groups containing nested quantifiers
at compile time (catastrophic backtracking on attacker-influenced entity
text), cap pattern length at 512 chars, and skip pattern matching for
entities longer than 512 chars (fail-safe: the finding is kept). Match
semantics documented as case-sensitive with no Unicode normalization;
allowlist entries are operator configuration, never end-user input.
Adds regression tests for the rejection heuristic, the smart-engine
path, and the redact(entities=..., allowlist=...) guard. Replaces a
walrus assignment with a plain one in the litellm adapter.
feat: allowlist support, presidio entity aliases, py.typed (4.7.0)
@sidmohan0 sidmohan0 merged commit 07ae2d2 into main Jul 2, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant