Skip to content

v1.0.0

Choose a tag to compare

@github-actions github-actions released this 28 Jun 16:48

First production release. SCRUB is a single-binary forward proxy that masks
secrets / PII / sensitive data on outbound LLM-provider requests and rehydrates
them on responses (including streaming). The 0.x entries below built up to this;
from 1.0 the public CLI, config schema, and chart values follow SemVer.

Highlights

  • Engine: reversible sentinel masking (⟦S:TYPE·id⟧), single-pass detection
    (glossary + regex meta-engine + entropy + heuristic NER), provider-aware scan
    paths, and streaming/SSE-correct rehydration.
  • Secret sources: .env, file, and HashiCorp Vault (KV v2); a curated ruleset.
  • Sessions: request- or session-scoped pseudonyms; in-memory or Redis backend
    with node-disjoint ids and AES-256-GCM at-rest encryption.
  • Policy: dry-run, per-route overrides, multi-tenant isolation, constant-time auth.
  • Transport: TLS termination and interception (SNI-transparent + CONNECT proxy)
    with on-the-fly per-host certs; usable as an OS HTTP proxy.
  • Auditing: tamper-evident hash-chained audit log + full (masked) transaction log.
  • Delivery: static multi-arch binaries, a multi-arch container image, and a
    Helm chart (single-node + HA StatefulSet/Redis) published as an OCI artifact;
    a documentation website.