v0.1.9 - Tavily claim verification fallback

Verification\n- Implements Tavily rating-claim verification behind TAVILY_API_KEY.\n- Preserves deterministic fixture fallback for CI, no-key runs, and Tavily failures.\n- Carries source_hash through Claim and audit trace surfaces.\n- Keeps final APPROVE/BLOCK/ESCALATE ownership in deterministic gate code.\n\n## Checks\n- pytest: 115 passed.\n- seed eval: 25/25.\n- frontend audit/lint/build: passed.\n- CI: https://github.com/vedantggwp/sentinel/actions/runs/26732367571\n- CodeQL: https://github.com/vedantggwp/sentinel/actions/runs/26732367585

v0.1.8 - release limits documentation

Maintenance evidence release for Codex for OSS review.\n\n- Added README known limits for current offline claim verification, optional/fallback integrations, adversarial held-out measurement status, and demo CORS.\n- Added release check commands before tagging.\n- Added hosted MCP smoke guidance for deployed /mcp URLs.\n- Completes the public-doc acceptance criteria for issue #16.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.

v0.1.7 - Thrad bid fallback hardening

Maintenance evidence release for Codex for OSS review.\n\n- Hardened Thrad live-shaped bid normalization.\n- Added OpenRTB-style seatbid/bid payload support.\n- Rejected malformed live payloads without creative instead of manufacturing invalid ad creative.\n- Added timeout, 500, malformed payload, and /v1/thrad/mock-to-/v1/analyze fallback tests.\n- Synced README verification evidence to 110 passing tests.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.

v0.1.6 - optional trace export tests

Maintenance evidence release for Codex for OSS review.\n\n- Added tests for optional Overmind span export.\n- Proved local audit JSONL persists without Overmind.\n- Proved mocked Overmind receives expected decision span attributes when configured.\n- Proved /v1/analyze still succeeds and writes local audit when Overmind raises.\n- Synced README verification evidence to 105 passing tests.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.

v0.1.5 - API contract hardening

Maintenance evidence release for Codex for OSS review.\n\n- Added public API/MCP contract tests covering route envelopes, policy shape, scenario list, analyze/audit persistence, escalation decisions, signed MCP receipt verification, and tamper failure.\n- Bounded /v1/audit/latest limit to 1..100 via FastAPI validation.\n- Synced README verification evidence to 102 passing tests.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.

v0.1.4 - community readiness

Maintenance evidence release for Codex for OSS review.\n\n- Added Code of Conduct, Support policy, and a general issue template.\n- Reworded the README top-line claim verification copy to match the current verifier.\n- GitHub community profile now reports 100% health.\n- CI and CodeQL are green on this commit; open code-scanning alerts remain 0.

v0.1.3 - public truth sync

Maintenance evidence release for the Codex for OSS application.\n\n- Truth-synced README and frontend copy so Tavily is presented as public-v1 roadmap/live-with-fallback work, not current backend behavior.\n- Clarified current claim verification as deterministic offline/fixture-backed.\n- Clarified Overmind as optional export while local audit JSONL remains source of truth.\n- Preserved green public gates: CI, CodeQL, frontend audit/lint/build, backend tests, and seed eval.

Sentinel v0.1.2 Evidence Sync

Sentinel v0.1.2 Evidence Sync

Small maintenance release to keep public verification evidence aligned with the
current repository state.

Changed

• Synced the README's full-suite count to the current 95 passing tests.
• Added a release badge to the README.
• Documented active maintenance gates in the README:
  • backend tests and seed eval in GitHub Actions;
  • frontend audit, lint, and build in GitHub Actions;
  • CodeQL for Python and JavaScript/TypeScript;
  • Dependabot security updates;
  • secret scanning and push protection.
• Merged green Dependabot PRs for React, React-DOM, Node types, and TypeScript.

Verification

• CI: https://github.com/vedantggwp/sentinel/actions/runs/26731233681
• CodeQL: https://github.com/vedantggwp/sentinel/actions/runs/26731233685
• Local backend: 95 passed, 1 warning
• Seed eval: 25/25
• Frontend audit: 0 vulnerabilities
• Open PRs: 0
• Open code-scanning alerts: 0

Sentinel v0.1.1 Maintenance Release

Sentinel v0.1.1 Maintenance Release

Maintenance release focused on public OSS readiness and security posture.

Security and Reliability

• Added CodeQL scanning for Python and JavaScript/TypeScript.
• Fixed a CodeQL-reported high-severity polynomial regular expression risk in
  scarcity-claim extraction.
• Added regression coverage for bounded scarcity-claim parsing, including a
  long-space adversarial input.
• Added frontend npm audit --audit-level=moderate to CI.
• Resolved the frontend PostCSS advisory with a narrow postcss@8.5.15
  override; npm audit now reports 0 vulnerabilities.

Maintainer Automation

• Expanded CI to cover backend tests, seed eval, frontend audit, lint, and build.
• Added Dependabot schedules for GitHub Actions, pip, and frontend npm packages.
• Grouped React and React-DOM updates so runtime package bumps are reviewed
  together.
• Deferred ESLint semver-major updates until the migration can be handled
  intentionally.

Verification

• Latest CI: https://github.com/vedantggwp/sentinel/actions/runs/26730949015
• Latest CodeQL: https://github.com/vedantggwp/sentinel/actions/runs/26730949013
• python -m pytest -q passes 95 tests.
• python -m sentinel.eval reports seed regression 25/25.
• GitHub code scanning reports 0 open alerts after this release.

Sentinel v0.1.0 Public Preview

Sentinel v0.1.0 Public Preview

Initial public preview of Sentinel, a safety and claim-verification layer for
sponsored recommendations inside AI conversations.

Included

• FastAPI /v1/analyze endpoint for ad placement verification.
• MCP verify tool using the same safety pipeline.
• Deterministic APPROVE, BLOCK, and ESCALATE gate.
• Signed receipt support when an ed25519 key is configured.
• Local audit trail and trace-console demo assets.
• Seed eval regression and adversarial held-out measurement.
• Security policy, contributing guide, maintainer file, roadmap, and GitHub CI.

Verification

• GitHub Actions CI: https://github.com/vedantggwp/sentinel/actions/runs/26730578617
• python -m pytest -q passes 92 tests in CI.
• python -m sentinel.eval reports seed regression 25/25.
• Adversarial held-out set is reported as measurement only and currently passes 3/10.

Known Limits

• Tavily live claim verification, Overmind span export, and Thrad bid
  normalization are public-v1 roadmap items with fixture or optional paths today.
• No broad adoption is claimed for this release.
• External services must never bypass the deterministic placement gate.