Skip to content

v0.10.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Jun 07:09
· 87 commits to main since this release
v0.10.0
This tag was signed with the committer’s verified signature.
CybotTM Sebastian Mendel
SSH Key Fingerprint: BsdGvKi3Med56Wy4VisZQhWin20c4hORHHUxNM9bVlw
Verified
Learn about vigilant mode.
c86ede0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Specialized AI services now authenticate through nr-vault — the DALL-E, FAL, Whisper, TTS, and DeepL single-task services previously read a plaintext API key from extension configuration and assembled their own Authorization header over a plain HTTP client. They now store an nr-vault secret identifier and authenticate through the audited secure HTTP client, exactly as the database-backed LLM providers have since ADR-012. The secret is resolved, injected, audited, and memory-scrubbed inside the vault and never surfaces in this extension's code.

FAL (Authorization: Key …) and DeepL (Authorization: DeepL-Auth-Key …) use the non-Bearer prefix option added in nr-vault 0.8.0. DeepL's Free/Pro endpoint routing stays automatic: the key is retrieved once, lazily, only to test the :fx suffix, then scrubbed — auth itself always flows through the secure client.

Breaking changes:

  • Requires netresearch/nr-vault ^0.8.0 (the prefix option). The composer floor is raised from ^0.6.0 || ^0.7.0.
  • The specialized-service configuration keys are now vault identifiers: providers.openai.apiKeyIdentifier, image.fal.apiKeyIdentifier, and translators.deepl.apiKeyIdentifier. Host applications that wrote plaintext keys into these settings must store a vault secret and write its identifier instead.

See ADR-030 for the design rationale. Full details in the changelog.

Installation

composer require netresearch/nr-llm

Publication status

Security

All release artifacts are signed with Sigstore keyless signing.

Verify signatures

cosign verify-blob \
  --bundle nr-llm-0.10.0.zip.bundle \
  --certificate-identity-regexp "https://github.com/netresearch/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  nr-llm-0.10.0.zip

Verify checksums

sha256sum -c checksums.txt

Software Bill of Materials (SBOM)

SBOMs are provided in both SPDX and CycloneDX formats for supply chain transparency.

Assets 12
Loading