the big one: scan no longer lies about results.
verdict model:
- test outcomes are now 5-state: vulnerable, blocked, refused, inconclusive, error. old pass/fail still there for backward compat.
- CLEAN requires at least one test to be exercised. if every test was refused by model alignment, scan reports INCONCLUSIVE, not CLEAN.
- summary.json includes verdicts breakdown with exercise_rate and refusal_rate.
scan ux:
- bare aipop scan with no target now errors with usage examples instead of silently running mock.
- scan shows which suite its using and tips for picking a different one.
- findings show the attack prompt and matched indicators, not just a severity badge.
recon:
- nmap-style probe selection: --probe http, --probe behavior, --probe guardrails, --probe model, or any combo.
- bare aipop recon with no target now errors instead of running mock.
engine:
- extracted 130 lines of duplicated fuzz execution into shared function. fixes applied once now.
- pdf strategy bypass fixed. fuzz sends actual pdf bytes instead of raw text.
- retrieval verification probe checks if poison was actually retrieved before scoring.
- suite yaml validation catches typos in expected/risk values on load.
- all 8 adapters return consistent metadata keys.
- schema_version field added to json output.
21 regression tests, all green.