Skip to content

v1.6.2 — Security Hardening & Documentation Refresh

Choose a tag to compare

View all tags
@holeyfield33-art holeyfield33-art released this 10 Apr 17:28
· 294 commits to main since this release
v1.6.2
e45ad35
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's New

Security Hardening

  • Ed25519 manifest signing with key versioning and expiry enforcement (7-day grace period)
  • Prometheus metrics — 5 metrics exported at GET /metrics
  • Runtime secret rotationSIGUSR1 signal + POST /v1/rotate endpoint
  • PII redaction — email, phone, SSN, credit card patterns scrubbed from audit logs
  • HMAC-keyed key hashing — API keys hashed with HMAC-SHA256 at rest
  • Config ownership validation — rejects world-writable config files
  • Input hardening — NFKC normalization, zero-width strip, entropy quarantine

Documentation

  • 5 new docs: API Reference, SDK Integration Guide, Threat Model, Key Rotation Runbook, Monitoring & Alerting Guide
  • Full docs refresh across README, SECURITY.md, Operations Runbook, Launch Guide, Smoke Tests, Incident Response
  • Removed fictional marketing claims from simulation reports
  • Corrected all version (v1.6.2) and test count (689) references

Tests

  • 689 tests passing, 0 failures, 89% core coverage
  • 6 new test modules: config ownership, manifest expiry, metrics, PII redaction, ReDoS mitigation, secret rotation

Install

pip install aletheia-cyber-core==1.6.2

Full Changelog: v1.6.1...v1.6.2

Assets 4
Loading