Skip to content

v2.7.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jun 04:57
· 49 commits to main since this release
v2.7.0
This tag was signed with the committer’s verified signature.
luckyPipewrench Josh
GPG key ID: 3DC0FDCD57B5B3A5
Verified
Learn about vigilant mode.
6482bc5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

  • 5b7beb1 Add Conductor emergency control and stale-policy fail-closed enforcement (#741)
  • 0ed5f57 Add Conductor fleet observability and audit query commands (#740)
  • 05268b0 Add Conductor production operator runbook and provisioning docs (#739)
  • 954c3df Add conductor publish for signed policy bundle distribution (#738)
  • e606f17 Add contain egress explanations and response-size allowances (#706)
  • 5b246c1 Add live baseline ratify operator surface (#732)
  • 1953501 Bind EvidenceReceipt v2 decisions to policy_hash (#719)
  • eb462a1 Bind action receipts to process runs with nonce (#729)
  • f8690af Conductor follower enrollment, rollback application, head-reset (#743)
  • 6adfb48 Contain control-plane adaptive escalation (#709)
  • 3d07dcb Emit receipts on A2A block paths for transport parity (#727)
  • 867bd6d Export recorder signing public keys (#735)
  • dbcb080 Fail closed when signed receipts are required (#730)
  • f8f849e Fix Conductor rollback reconcile upgrade crashloop, restore coverage (#745)
  • 1d08461 Fix URL-DLP false-positive remediation hint (#742)
  • 3e52a2f Fix receipt-chain rotation and operator evidence ACLs (#725)
  • 2f3556c Gate per-profile address allowlists on verified entitlement (#714)
  • bcb9741 Harden conductor audit ingest idempotency and lookup (#678)
  • 094e9f2 Harden conductor audit queue lifecycle and error mapping (#724)
  • b3dffd0 Harden contain credential defaults and git push guard (#705)
  • 2bccfb8 Harden contain setup and MCP receipt parity (#723)
  • d5c2dfc Make receipt verification safe by default (#726)
  • 29ecdc7 chore(deps): update dependency cryptography to v48 (#669)
  • 5588a58 chore(hooks): scope pre-commit stages so a Go-only push doesn't need verifier toolchains (#682)
  • 511b209 chore(verifiers): make TS + Rust reference verifiers publishable (npm + crates.io) (#713)
  • 15dd5c2 ci(govulncheck): float to latest 1.26.x so stdlib advisories self-heal (#667)
  • fda3d19 ci: Update Azure/setup-helm action to v5 (#651)
  • 7a5031a ci: Update ci-actions (#717)
  • d3be8d3 ci: run python verifier from source to stop recurring Scorecard pin alert (#665)
  • 7351c78 deps: Lock file maintenance rust-verifier (#649)
  • 786052a deps: Pin dependencies (#646)
  • 42c2978 deps: Update Rust crate serde_json to v1.0.150 (#647)
  • 736a519 deps: Update docker-base-images (#638)
  • 49c01ff deps: Update docker-base-images (#675)
  • f3f9cd6 deps: Update docker-base-images (#694)
  • ed5855d deps: Update docker-base-images (#702)
  • 7585a71 deps: Update docker-base-images (#716)
  • dadcde0 deps: Update go-deps to v0.46.0 (#718)
  • 3638b23 deps: Update go-deps to v1.51.0 (#703)
  • 2299f75 deps: Update rust-verifier to v0.1.25 (#668)
  • a976cfa docs(aarp): publish claims dictionary (#721)
  • 54e3bac feat(a2a): verify Agent Card signatures against trusted origin-scoped keys (#689)
  • 8bd4fbd feat(aarp): AARP v0.1 assurance envelope core (#660)
  • 1e2ae96 feat(aarp): SVID X.509 attestation appraisal + hostile corpus (Go reference) (#670)
  • 7eeeb05 feat(aarp): four-language hostile corpus + verifier lock (#663)
  • 381c4fc feat(aarp): make the appraiser brutally literal about what it proves (#720)
  • 55e3eb0 feat(aarp): port X.509-SVID attestation to TS/Rust/Python; lock four-language SVID corpus (#674)
  • 10fa815 feat(aarp): verified X.509-SVID attestation binding (#661)
  • 6157e26 feat(assess): honor CRL in paid artifact gating (#690)
  • e7dde68 feat(capture): add rpc id to CaptureRequest for request<->response join (#708)
  • 720b67e feat(conductor): add bootstrap command for a self-verifying dev fleet (#655)
  • ae2b537 feat(contain): runtime contract + contain doctor self-test (#704)
  • ced2901 feat(dlp): detect DB connection strings, GitLab token families, and cloud service-account keys (#657)
  • e828c3f feat(license): intermediate signing certificates with CRL revocation (#684)
  • 22958a7 feat(license): wire intermediate license chain through runtime and service flows (#687)
  • 343a4e9 feat(playground): synthetic replay capture rig for signed Audit Packet gallery (#681)
  • d075eab feat(receipt): add source-span v2 receipt payload (#697)
  • d8c4b0b feat(receipt): dual-emit v2 proxy_decision receipts on the live proxy path (#691)
  • 7c65323 feat(receipts): enable flight recorder by default and seal transcript root on shutdown (#728)
  • c2c3ba9 feat(runtime): close in-flight conductor apply window and add license-reload error precision (#712)
  • a4119e1 feat(runtime): enforce fleet-license revocation at runtime (#707)
  • 1e25fb1 feat(svid): offline X.509-SVID validation against pinned trust-bundle history (#653)
  • e909785 feat(taint): cross-agent contamination tracking across A2A/MCP (#677)
  • f653dce feat(verifier): verify EvidenceReceipt v2 chains offline (#664)
  • 43f9dcb feat(verifiers): add spanned EvidenceReceipt v2 verification (#700)
  • 521cdbb feat: add operation-aware playground replay capture (#686)
  • 30b62ca feat: add skill scan command (#672)
  • e98995c feat: self-service Enterprise Eval fulfillment (license service) (#680)
  • 6907555 fix(ci): avoid unpinned AARP verifier install (#679)
  • 9df41e3 fix(dlp): bound Twilio + Mailgun patterns to documented key shapes (#656)
  • 92981b6 fix(dlp): require secret-plausible leading value char on credential patterns (#715)
  • 03db814 fix(mcp): protect concurrent subprocess teardown (#733)
  • 496e968 fix(mcp): treat connection teardown as a clean stream end in ForwardScanned (#654)
  • bab2d93 fix(mcp/provenance): domain-separate tool signatures and block duplicate names (#659)
  • 8da835c fix(proxy): harden cross-request exfil detection against key partitioning and flood-to-evict (#666)
  • 4802074 fix(receipt): align cross-language verifier canonicalization, reject duplicate keys (#652)
  • f5fd95e fix(receipt): sanitize secret-bearing fields before signing (#676)
  • 6482bc5 fix(release): build with patched Go 1.25.11 (#746)
  • 92d9c70 fix(runtime): join listener goroutines before cleanup nils shared fields (#688)
  • f174d70 fix(scanner): direction-scope agent-secret exfil checks; skip path-shaped env values (#693)
  • d8d278a fix(scanner): exempt operator-governed API paths from path entropy; harden flaky test families (#701)
  • 00a5266 fix(scanner): label MatchSpan offsets by indexed view (#685)
  • 40abeb4 fix(seedprotect): close Unicode evasion gaps in BIP-39 seed-phrase detection (#658)
  • caa96d1 fix(testdata): force LF line endings for test goldens on Windows checkouts (#710)
  • 8a790bf fix(windows): cross-platform file-permission gate (#695) + key-free MCP capture (#696) (#698)
  • 6dda831 fix: clarify conductor key purposes and chart examples (#736)
  • 4ce2833 fix: detect cross-tool sensitive file directives (#650)
  • eb102fb fix: response-injection FPs on standards prose + seccomp CI test hang (#737)
  • 069a2e7 helm: add enterprise deployment modes (#648)
  • d2eff87 test(aarp): add Evidence Theater Kill Suite overclaim gate (#722)
  • 1b5f812 test(cli): harden run listener port allocation (#692)
Assets 18
Loading