Release v0.7.4 — trust-spine audit fixes + security-hardening pass · john-broadway/proximo

Security-hardening pass: SECURITY.md + private vulnerability reporting; supply-chain scanning — pip-audit (blocking gate), Trivy, OpenSSF Scorecard, scoped CodeQL.

Adversarial 8-dimension trust-spine audit — 7 fixes landed:

PLAN multi-node integrity (C-1)
audit-ledger corrupt-tail crash guard (H-1)
exec opt-in enforced at the backend (M-3)
cloud-init UNDO honesty (M-1 / M-2)

⚠️ Breaking: ApiBackend now refuses unverified TLS (H-2). If you ran with verify_tls=false, set PROXIMO_CA_BUNDLE to the PVE CA cert (preferred) or PROXIMO_VERIFY_TLS=true.

README restructured to lead with what it does + the trust layer. 2,610 tests green, 0 skipped. ruff + pyright clean.

Full detail in the CHANGELOG.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.7.4 — trust-spine audit fixes + security-hardening pass

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!