This release solidifies the security architecture with a "Defense in Depth" strategy, aligning AIsbom with the upcoming PyTorch 2.6+ security defaults (weights_only=True).
Security & Linter Improvements
- Arbitrary Execution Detection: The Migration Linter (--lint) now explicitly flags REDUCE, BUILD, and INST opcodes as WARNINGs. This highlights models that require dynamic object construction (a key vector for RCE) while acknowledging that some legacy models rely on this behavior. Logic is now fully aligned with PyTorch's safe_globals validation strategy.
Documentation & Strategy
- Defense in Depth Guide: Added Sandboxed Execution Docs, detailing how to combine Static Analysis (AIsbom) with Runtime Isolation (uvx + amazing-sandbox).
- README Expansion: Updated the README to articulate the two-layer security approach (Layer 1: Static, Layer 2: Runtime).
Maintenance
- Repo Cleanup: Removed temporary staging directories (repro_stage) and moved internal maintenance documentation to
.github/MAINTAINERS.md - Tests: Extended test suite coverage for opcode warnings.