v0.7.0 — Guardrails (NeMo-style) + FTS5 fix
First stable release — exits the -alpha pre-release phase.
Added — Guardrails (NeMo-style input/output rails)
Adopts the NVIDIA NeMo Guardrails architecture natively (no LangChain/heavy deps), closing OpenCLAWN's biggest gap: nothing previously checked LLM output.
security/guardrails.py— pure-stdlibGuardrailEngine+ rails (extractable):- input:
PromptInjectionRail(wraps Shield, BLOCK) - output:
PromptLeakRail(BLOCK system-prompt leak),PIIRail(REDACT email/card/api-key)
- input:
core/guardrails_config.py— per-rail on/off inapp_settings, read per-turn (live UI toggles), fail-safe default-onagent_loopintegration: redacts/blocks before storing to history/memory; emitsguardrailSSE event
Streaming note: already-streamed tokens can't be unsent; output rails operate on the full
turn.contentto keep PII out of stored memory and flag the UI.
Fixed — FTS5 query sanitization (memory L4)
Raw user queries hit FTS5 MATCH; punctuation (. , : ( ) ") is FTS5 operator syntax, so ordinary queries like "bug login: OAuth." always errored → L4 cross-session search failed silently. New fts5_query() tokenizes + quotes + ORs terms; punctuated queries now find matches.
Tests: 490 passing, ruff clean.