Skip to content

HEEL v1.1.0

Latest

Choose a tag to compare

@ancilis ancilis released this 07 Jun 11:46

HEEL v1.1.0 — agent-native abuse-simulation tool. Rehearse how a customer could abuse your product before it ships.

pip install heel-sim · pure stdlib, zero dependencies · MCP-first · Apache-2.0

Highlights

  • Apache-2.0 relicense + DCO — enterprise-friendly patent grant; clean contribution provenance.
  • Research scenario library — 45 source-anchored business-logic abuse scenarios across all 10 categories (OWASP API/OAT/WSTG/LLM-Top-10, the MCP 2025-06-18 schema, Stripe/Kong/Microsoft/Auth0 config vocab). Library 67 → 119 scenarios.
  • +12pp honest recall lift: on the frozen, independently-LLM-authored held-out test set, localization recall 0.38 → 0.50 at precision 0.97 → 0.98 — measured against abuse vocabulary HEEL never saw.

Assurance

Four adversarial red-team passes (all findings fixed) · OpenSSF Scorecard + CodeQL · Sigstore-signed release provenance + SBOM · 53 tests on Python 3.11–3.13. See TRUST.md / SECURITY.md.

Full notes: CHANGELOG.md.