Skip to content

v0.4.0: DevSecOps Benchmarking, GitHub Actions & Enterprise Compliance

Latest
Marketplace
Latest
Marketplace

Choose a tag to compare

View all tags
@Vishisht16 Vishisht16 released this 18 Apr 15:26
· 27 commits to main since this release
v0.4.0
8337a05

This release pivots HumaneProxy further into the DevSecOps lifecycle by introducing robust CLI benchmarking capabilities, a native GitHub Action for PR safety gates, and enterprise-grade compliance transparency.

🎉 Major Features

  • Safety Benchmarking Dashboard: Added the benchmark CLI command (hp benchmark --dataset evals/sample.json) to evaluate custom datasets against HumaneProxy's pipeline. It produces beautiful terminal analytics containing latency statistics, precision, recall, and a per-category confusion matrix using rich.
  • GitHub Actions Integration: HumaneProxy is now available as a GitHub Action! Block PRs automatically if testing thresholds fail, preventing regressions from slipping into production.
  • hp Shorthand Alias: Added the hp CLI shortcut in pyproject.toml so developers can run commands quickly (e.g., hp start, hp check, hp benchmark).
  • Sample Evaluations Dataset: Packaged evals/sample.json containing 20 curated baseline strings designed to safely test false positives and boundary conditions.

🔒 Security & Fast-Tracking

  • Enterprise Compliance Specs: Created COMPLIANCE.md heavily targeted towards engineering leaders, defining our explicit architecture controls supporting HIPAA, GDPR, and SOC 2 requirements. Emphasises the strict zero-BAA threshold achieved by self-hosting.
  • Coordinated Vulnerability Disclosure: Deployed standard .github/SECURITY.md defining supported versions, timelines, and email escalation routes indicating explicit exclusion parameters.
  • CODEOWNERS Lock: Adopted .github/CODEOWNERS blocking unregulated modification of core configuration and architecture files.

🧩 Ecosystem Polish & Maintenance

  • Contributor License Agreement (CLA): CONTRIBUTING.md now establishes a CLA mandate to eliminate long-term evolution and liability bottlenecks.
  • Platform Availability Enhancements: Included an "Available On" matrix in README.md containing transparent platform badges for PyPI, Glama AAA Registry, and the MCP Marketplace. Added a new dedicated "As an MCP Server" quick start flow.
  • FastAPI Core Bump: Shifted minimum dependency for FastAPI to >=0.109.1 successfully addressing the python-multipart Content-Type Header ReDoS vulnerability (GHSA-qf9m-vfgh-m389).
  • Marketplace Strict Typing: server.json parameters now explicitly mark "required": false ensuring parity against stubborn third-party MCP JSON parsers.

Full Changelog: v0.3.1...v0.4.0

Assets 2
Loading
0 Join discussion