Skip to content

v0.4.0 — Security & Performance Hardening

Choose a tag to compare

View all tags
@Knapp-Kevin Knapp-Kevin released this 10 Mar 22:10
· 8 commits to main since this release
v0.4.0
f5cf892
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Breaking Changes

  • HMAC key now requiredFailSafeAuditSink(hmac_key=...) no longer defaults to a dev key. Pass hmac_key=b"failsafe-dev-key" explicitly for development or set a production key.

Security Hardening

  • DecisionRequest.__post_init__ validates action, agent_did, and normalizes artifact_path via os.path.normpath
  • Exception messages sanitized — no str(exc) leak in fail-open responses
  • Artifact paths in webhook events reduced to os.path.basename only
  • SLI signal reasons truncated to 200 chars max
  • Escalation queue eviction now runs under lock

Performance

  • Persistent SQLite connections with WAL mode and busy_timeout=5000 in both LocalFailSafeClient and FailSafeAuditSink
  • LocalFailSafeClient.close() method for explicit connection cleanup
  • MCP client subprocess cleanup on handshake failure

Reliability

  • fail_open: bool = True parameter on FailSafeInterceptor and GovernancePipeline
  • Fail-closed mode raises on governance errors instead of silently allowing
  • Trust score diminishing returns: 0.8 ** consecutive_successes decay prevents score inflation

Stats

  • 18 source files, 3,387 lines
  • 305 tests passing, clean lint

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Assets 2
Loading