Releases: alex-jb/shadow-mentor
Release list
Shadow v1.5.15 — cross-vertical trader-pack live
Shadow v1.5.15 — the "one engine, three verticals" release
Bundles the 2026-07-06 evening → 2026-07-07 morning autonomous shipping burst. Delivers the strategic claim from docs/strategy/roadmap-2026-2028.md: banking + trading share one attestation key, one signing payload, one MCP tool namespace, one SBOM manifest.
v1.5.15 (2026-07-07) — Trader-pack MCP tool + Ed25519 on trading verdicts
shadow_size_position= 8th MCP tool. Bank analysts inside Cursor / Claude Desktop / OpenCode can size trades from natural language: "Size a $10k long on this thesis, medium vol, 55% p_win, 4%/2% avg win/loss." Returns a signed, Kelly-cap-respecting, drawdown-adjusted position in <5ms. Never emits a direction (FinPos Contract #1 — Judge owns direction).POST /api/deliberatewith{"mode": "trading", "trade": {...}}— dispatch to trader-pack Risk Sizer before banking-mode validation. Same endpoint, two verticals.- Ed25519 attestation on trading verdicts — same signing key + payload format as banking (
modelId = "shadow/trader-pack-risk-sizer@v0.2"). Bank counsel who reads a banking attestation reads a trading attestation with zero context switch. - Cross-language contract — 7 pure-JS tests parallel to Orallexa
tests/test_risk_sizer_contract.py. Any drift breaks both sides.
v1.5.14 (2026-07-06) — Persona professionalization
Every loan-council voice rationale now speaks in the register of a real Fed / CFPB examiner. Compliance cites Reg B §1002.6 + CFPB Circular 2022-03. Risk cites SR 26-2 materiality + effective challenge. Fair Lending cites the FFIEC three-step. Customer Advocate cites CFPB Bulletin 2024-09. Macro Contrarian cites historical stress episodes (2008 CMBS, 2020 SVB, 2023 Signature).
v1.5.13 (2026-07-06) — POST /api/spatial-render for Flow ingestion
3D scene descriptor with 4 render modes (full / reduced / focus / tethered) that any WebXR client can consume. Powers the Ambient Council HUD demo path. Layout math server-side so bandwidth-constrained mobile / XREAL clients don't have to.
v1.5.12 (2026-07-06) — Batch attestation + GET /api/mcp-manifest SBOM
lib/attestation-batch.js— batch Ed25519 signing over a SHA-256 root hash of concatenated per-decision hashes. SIEM verifies O(1) instead of O(N). Closes the Holistic AI Guardian Agents throughput gap.GET /api/mcp-manifest— 8 MCP tools published as an SBOM with per-tool + envelope SHA-256 hashes. Bank counsel pinsmanifest_hash_sha256in procurement contracts. Closes the Comply.ai MCP-native discoverability gap.
Why one bundle?
Because to procurement, this is one story: cross-vertical + tamper-evident + discoverable. Splitting it into 4 tiny releases dilutes the pitch. The v1.5.12 → v1.5.15 chain proves shipping velocity on a compressed timeline.
Tests
706/707 → 727/728 (+21 across the burst, zero regressions on banking tests, 1 skipped is OCR live smoke on billing envelope). GitHub Actions CI green throughout.
Cross-vertical evidence chain
- Bank pitch shows
POST /api/deliberatewith loan council + risk council + attestation. - Trading desk pitch shows
POST /api/deliberatewithmode=trading+ Risk Sizer + attestation. - Same key, same payload, same MCP surface. If the bank believes the audit chain, the trading desk gets it for free.
Upstream refs
- FinPos: arXiv 2510.27251
- Orallexa v1.2.0
engine/risk_sizer.py(Python counterpart oflib/personas/trader-pack/risk-sizer.js) - CFPB Circular 2022-03; Reg B §1002.6; FFIEC three-step; SR 26-2
🤖 Generated with Claude Code
v1.5.14 — Persona professionalization + Strategic roadmap 2026-2028
Post 4-agent full-web deep research burst.
Persona professionalization
Rewrote all 5 core persona rationale strings in real regulatory examiner voice:
- Credit Fundamentals — Reg B §1002.6 + CFPB Circular 2022-03 principal reasons
- Risk Officer — SR 26-2 materiality + effective challenge framing
- Fair Lending Compliance — FFIEC three-step disparate-impact framework
- Customer Advocate — CFPB Bulletin 2024-09 model traceability + Circular 2022-03
- Macro Contrarian — historical stress episodes (2008 CMBS, 2020 SVB, 2023 Signature CRE) + SR 26-2 conservatism
Voice sounds like a Fed / CFPB examiner. 706/707 tests pass, zero regressions.
Strategic roadmap
docs/strategy/roadmap-2026-2028.md + PDF. 18-month plan covering voice+AR stack, hardware bet, three-vertical opportunity (Bank/Trading/Data-Science), design references, and path to $1M ARR by 2028-Q1.
Test surface
707 tests / 13 previous releases + this = 14 GitHub Releases live.
v1.5.13 — POST /api/spatial-render for Flow Immersive
XREAL One Pro integration path shipped. Third 2026-07-06 competitor-audit gap closed.
What ships
lib/spatial-render.js + POST /api/spatial-render — deterministic Flow-shaped scene JSON from a Shadow /api/deliberate response.
Every persona becomes a spatial card in a semicircle around a reviewer standing at (0, 1.6, 1), looking toward -Z. Positions are pre-computed and returned in the response so the Flow scene template consumes a one-line JSON.parse instead of re-deriving positions.
Four render modes for XREAL One Pro FPS pressure
| Mode | Personas visible | Ambient background | Tethered hint | When to use |
|---|---|---|---|---|
full |
All | 3DGS webcam capture | No | Default; laptop + XREAL good FPS |
reduced |
All | None | No | X1 chip standalone under FPS pressure |
focus |
2 (configurable) | None | No | Reviewer summon-on-demand pattern |
tethered |
All | 3DGS | Yes | Hint client to plug XREAL into laptop |
Ownership context
XREAL One Pro arrives at Loredana Levitchi 2026-07-11 (Amazon max Saturday). Test protocol lives at docs/xreal-one-pro-test-protocol/ (shipped 2026-07-06). This endpoint feeds that test protocol.
Backward compatibility
- No existing endpoint changed
/api/spatial-renderis a new POST endpoint;/api/deliberateresponse shape is unchanged- Layout is deterministic: same council response always renders to the same scene
Test surface
- 690 → 707 (+17, 706 pass / 0 fail / 1 skip)
- New:
test/spatial-render.test.js— 17 tests covering deterministic layout, mode switches, focus hiding, audit-chain object placement, and loan_council.voices fallback path
v1.5.12 — Batch Ed25519 attestation signing + MCP manifest SBOM
Two 2026-07-06 competitor-audit gaps closed by direct API surface additions. No breaking changes; both additions are opt-in for consumers.
1. Batch Ed25519 attestation signing — lib/attestation-batch.js
Banks processing 10,000+ loan files per day were paying O(N) Ed25519 verifications to walk the full per-decision hash chain from an audit SIEM. Batch signing summarizes the per-decision chain into one Ed25519 signature over a SHA-256 root hash of concatenated per-decision hashes.
- Per-decision integrity is unchanged —
previous_hashchain (v1.5.10) +dictionary_hashbinding (v1.5.8) still hold. - Batch signature is an aggregate — a SIEM running an hourly integrity sweep now verifies 10K decisions in one Ed25519 op instead of 10K.
- New API:
computeBatchRootHash,batchSignAttestations({privateKey, keyId, batchId?}),batchVerifyAttestations(batchRecord, attestations, {publicKey}). - Tamper detection retained: reordering, count mismatch, signature tamper all detected in the batch verification pass.
Closes the Holistic AI Guardian Agents throughput gap identified in the 2026-07-06 competitor audit.
2. MCP manifest SBOM endpoint — GET /api/mcp-manifest
Bank SIEM + compliance-oversight teams asked: 'what MCP tools are actually in my LLM session with Shadow?' Now answered with a JSON manifest listing every tool Shadow's MCP server exposes.
Response shape:
{
"shadow_version": "v1.5.12",
"mcp_protocol_version": "2024-11-05",
"tool_count": 7,
"tools": [
{
"name": "shadow_loan_council",
"description": "...",
"regulatoryScope": ["SR 26-2 Tier 3 companion", "ECOA/Reg B (12 CFR 1002)", "CFPB Bulletin 2024-09"],
"determinismClaim": "no-llm-inside-tool",
"latencyPercentiles": {"p50_ms": 2, "p95_ms": 5},
"hash_sha256": "<64-char hex>"
},
...6 more tools
],
"manifest_hash_sha256": "<64-char hex over the whole envelope>",
"generated_at_utc": "..."
}- Bank counsel can pin
manifest_hash_sha256in the procurement contract to detect silent tool-set changes across Shadow version bumps. - Every tool carries regulatoryScope + determinismClaim + latencyPercentiles so a compliance oversight officer can audit each tool without reading source.
- Cache-safe 5 minutes.
- Cross-file parity: contract test asserts the manifest tool list matches
mcp/server.jsTOOLS. Adding a tool without updating both fails CI.
Closes the Comply.ai MCP-native discoverability gap identified in the 2026-07-06 competitor audit.
Test surface
- 668 → 690 (+22 new tests, 689 pass / 0 fail / 1 skip)
- New:
test/attestation-batch.test.js(10 tests) — batch signing + verification + tamper detection - New:
test/mcp-manifest.test.js(11 tests) — endpoint shape + cross-file parity + hash determinism
Not shipping in this release
The third competitor-audit gap (POST /api/integrate-rating-service for Moody's/S&P/Fitch attestation binding) is deferred to v1.5.13 next week. The binding needs a partner rating vendor API to test against; not blocking the two upgrades above.
Backward compatibility
buildAttestationAPI is unchanged.- Existing v1.5.7 through v1.5.11 attestations verify unchanged (no wire format change).
- Batch signing is a separate module that consumers opt into.
GET /api/mcp-manifestis a new endpoint; no existing endpoint changed.
v1.5.11 — Schema↔runtime coherence drift gates
48 tests fired every npm test: L3 threshold values must match LOAN_DEFAULTS, every PERSONA_PROMPTS × seniority must contain 5 required clauses + persona anchor + MAX cap in 250-360 range. Structural pins catch benchmark-affecting drift at PR time without live Anthropic credits. Not shipped: actual benchmark rerun (blocked on credit topup). Tests 620 → 668 (+48).
v1.5.10 — Hash-chain integrity verifier
previous_hash was populated in every attestation but never exercised. This ships the exercise: lib/attestation-chain.js primitive + POST /api/verify-chain + bin/verify-chain.mjs CLI over JSONL logs. Attack detection covered: truncation, reordering, mid-chain insertion, post-hoc edit cascades. Chain verification is separate from signature verification — run both. Tests 598 → 620 (+22).
v1.5.9 — AML/KYC adversarial hardening (32 tests)
ACAMS 2026 procurement lane hardening. 32 new tests: every AML flag + KYC status fires independently with correct citation; block wins over escalate; kyc_status × aml_flags cross-dimension; unknown-flag escalate fail-safe (never silent drop); tipping-off compliance (rationale must NOT contain raw flag key string, AA06 label must NOT name OFAC/SDN); confidence tiering 0.95/0.75/0.60; policy tables frozen. Bank compliance procurement teams read the test file. Tests 566 → 598 (+32).
v1.5.8 — dictionary_hash binding attestation (Reg B moat)
Closes Reg B's highest-stakes control. Bank counsel signs the reason-code dictionary; before v1.5.8 a downstream could swap that file between signature and audit time. Now every attestation binds SHA-256(dictionary bytes) into the signing payload. Post-hoc edit → hash mismatch → signature fails. Wire back-compat: field appended to signing payload ONLY when present, so pre-v1.5.8 attestations verify unchanged. Python side updated to match. Tests 556 → 566 (+10).
v1.5.7 — GET /api/attestation-info discovery + fingerprint
Bank SIEM pipelines auto-hydrate the verifier's public key by hitting a single endpoint. Ed25519 mode returns public_key_pem + SHA-256 SPKI fingerprint (RFC 5280). HMAC mode exposes only mode + key_id. 5-min cache. Auditors cross-check the endpoint fingerprint against an out-of-band copy from procurement time to detect silent rotation. Tests: 548 → 556 (+8). All green.
v1.5.6 — Python verifier + Node↔Python cross-language proof
Extends the verifier reach past Node. Banks whose SIEM pipelines are Python-based (Splunk SDK, pandas-based audit tooling, custom compliance harnesses) no longer need Node on the box.
What's new
- `python/shadow_verify/` — pure-Python verifier. Same wire contract as the Node primitive (pipe-delimited signing payload, sorted-key JSON canonicalization, base64 signature for Ed25519, hex for HMAC). Response shape identical to the Node MCP tool + HTTP endpoint. Stdlib-only for HMAC mode; `cryptography>=41` required only for Ed25519 PEM parsing.
- `python/pyproject.toml` — `pip install python/` works out of the box. Ready for PyPI publish as `shadow-verify` v0.1.0.
- `test/python-verify-cross-lang.test.js` — 5 cross-language tests where Node signs and Python verifies. Includes a nested-array-in-nested-object edge case that catches ANY canonicalization drift between the two implementations. Skips gracefully if `python3` or `cryptography` aren't installed on the runner — CI without Python stays green, but Python-equipped environments actively prove compat.
Verifier surface (cross-language complete)
| Language | Surface | Path | Best for |
|---|---|---|---|
| Node | CLI | `bin/verify-attestation.mjs` | dev machines, procurement demos |
| Node | MCP tool | `shadow_verify_attestation` | Claude Desktop / Cursor / OpenCode chat |
| Node | HTTP endpoint | `POST /api/verify-attestation` | SIEM pipelines, CI, curl from anywhere |
| Python | library | `from shadow_verify import verify_attestation` | Splunk SDK, pandas audit tooling, Python compliance harnesses |
Why this matters
Banks are typically Python shops for compliance work. A Node-only verifier told a bank: "your ops team has to learn Node just to check a signature." That's friction that scuttles procurement conversations. `pip install shadow-verify` removes it.
Use
```python
from shadow_verify import verify_attestation
result = verify_attestation(
attestation=persisted["response"]["attestation"],
original_request=persisted["request"],
original_response={k: v for k, v in persisted["response"].items()
if k != "attestation"},
public_key_pem=open("shadow-public.pem").read(),
)
if result["ok"]:
print(f"verified — model_id: {result['model_id']}, key_id: {result['key_id']}")
```
Response shape identical to the Node MCP tool + HTTP endpoint, so audit-trail comparability holds regardless of language.
Tests
- Node test suite: 543 → 548 (+5 cross-language). All green.
- Python test suite: 16/16 passed via `python3 python/tests/test_verify.py`.
Not yet shipped
- PyPI publish (needs Alex's Trusted Publisher setup at pypi.org)
Full details: CHANGELOG.md