Skip to content

0.4.0

Choose a tag to compare

@github-actions github-actions released this 03 Jul 13:32

Release Notes

Added

  • Chinese (zh) injection detection across all four pattern families
    (ignore / reveal / roleplay / new-instructions), plus zh benign coverage so
    zh precision is measurable.
  • Detection for noun-free "disregard everything above" phrasing, DAN/persona
    jailbreaks, French negative-imperative and adjective-free ignore, Spanish
    adjective-free ignore, and the Turkish prompt loanword reveal.
  • Per-category recall breakdown in the detection eval report.

Changed

  • Grew the labeled eval corpus with curated, permissively-licensed samples
    from deepset/prompt-injections (Apache-2.0) plus hand-authored multilingual
    and mutation rows; provenance recorded in evals/corpus/SOURCES.md.
  • Recalibrated MIN_INJECTION_RECALL to the grown-corpus measurement
    (calibrate-to-measurement policy); precision 1.000 and benign FP 0.000 hold.

Documentation

  • Enriched the README title/intro and crates.io metadata (keywords,
    categories, description) for discoverability.

Install vallum 0.4.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.4.0/vallum-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install kahramanemir/tap/vallum

Install prebuilt binaries into your npm project

npm install vallum@0.4.0

Download vallum 0.4.0

File Platform Checksum
vallum-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
vallum-x86_64-apple-darwin.tar.xz Intel macOS checksum
vallum-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
vallum-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/Vallum

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>