v2.17.3 — security review (2026-07-05)
Patch release carrying the 2026-07-05 pre-launch security review fixes.
Supply-chain / deploy (#457): install.sh checksum verification now fails closed (missing .sha256 or missing hash tool aborts; opt out with PERSEUS_VAULT_INSECURE_SKIP_CHECKSUM=1); Docker image runs as a non-root vault user; new Security Audit CI workflow runs cargo audit on every push/PR (making the SECURITY.md claim true).
Hardening (#458): traverse clamps caller-supplied max_depth/max_nodes; dense recall clamps a negative limit; GitHub connector validates repo as strict owner/name.
Audit-chain (#460): the journal chain is now a real SHA-256 hash chain (was a 64-bit non-cryptographic DefaultHasher); new verify-audit-chain CLI command (the verifier was previously never invoked); v13→v14 rehash migration. The chain deliberately covers event existence/order/time/workspace (not payload, so purge erasure stays compatible) and remains unkeyed — a keyed MAC for full tamper-evidence is the tracked follow-up.
Full ranked review: docs/security-review-2026-07-05.md.