Skip to content

Commit 1dfac30

Browse files
authored
Merge pull request #156 from QWED-AI/release/v5.1.0-prep
release: prepare v5.1.0
2 parents db5e94f + 036752f commit 1dfac30

7 files changed

Lines changed: 59 additions & 7 deletions

File tree

CHANGELOG.md

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,58 @@ All notable changes to the QWED Protocol will be documented in this file.
44

55
## [Unreleased]
66

7+
## [5.1.0] - 2026-04-19
8+
### Agent State Governance and Fail-Closed Hardening
9+
10+
Minor release expanding QWED from action verification into state governance while closing the adversarial fail-open gaps identified after v5.0.0. This release includes AgentStateGuard plus a focused hardening wave across execution, tool governance, mathematical verification, API semantics, and schema validation.
11+
12+
#### New Capability
13+
- **AgentStateGuard**: Added deterministic state verification with strict structural validation, semantic transition checks, and governed atomic state commits. This extends QWED from action-only verification to state and memory governance.
14+
15+
#### Fail-Closed Hardening
16+
- **Legacy CodeExecutor hard-blocked**: `CodeExecutor.execute()` now raises `RuntimeError` unconditionally. All supported execution remains on `SecureCodeExecutor`.
17+
- **Unknown tools default-denied**: `ToolApprovalSystem` now blocks unknown tools regardless of heuristic risk score.
18+
- **Bounded math tolerance**: `verify_math()` rejects oversized, negative, non-finite, and malformed tolerances instead of letting callers weaken correctness checks.
19+
- **Legacy logic path fails closed**: `verify_logic_rule()` now raises `NotImplementedError` instead of returning `None`.
20+
- **Identity sampling rejected**: `verify_identity()` now returns `BLOCKED` when numerical sampling matches but no formal proof exists.
21+
- **Ambiguous math API rejected**: `/verify/math` now blocks ambiguous implicit-multiplication expressions instead of returning `is_valid: true`.
22+
- **Schema uniqueness fail-closed**: `SchemaVerifier` now emits `uniqueness_validation_error` when `uniqueItems` cannot be proven deterministically.
23+
24+
#### Runtime and Security Follow-Through
25+
- **Progress-aware doom loop guard**: Added LOOP-004 state-aware replay protection for repeated actions on unchanged state.
26+
- **Security and infrastructure hardening**: Incorporated follow-up hardening across configs, CI, and infrastructure.
27+
- **Stats verifier coverage expansion**: Added edge-case coverage for the statistics engine.
28+
- **CodeQL and cleanup follow-ups**: Merged syntax, test, and static-analysis cleanup work after the v5.0.0 boundary release.
29+
30+
#### Upgrade Notes
31+
- `CodeExecutor` is no longer usable as a legacy execution path. Migrate any direct imports to `SecureCodeExecutor`.
32+
- Unknown tools now require explicit allowlisting and are no longer auto-approved at low heuristic risk.
33+
- `verify_math()` may return `BLOCKED` for tolerances that exceed the deterministic policy bound.
34+
- `verify_logic_rule()` no longer returns an ambiguous non-result; callers must migrate to `LogicVerifier`.
35+
- Sampling-only `verify_identity()` matches now return `BLOCKED`, not `UNKNOWN`.
36+
- Ambiguous `/verify/math` expressions now return `BLOCKED` with `is_valid: false`.
37+
- `uniqueItems` validation failures are now explicit schema errors instead of silent passes.
38+
39+
#### SDK and Package Versions
40+
- `qwed` (PyPI): `5.0.0` -> `5.1.0`
41+
- `qwed_sdk` (Python): `5.0.0` -> `5.1.0`
42+
- `@qwed-ai/sdk` (NPM): `5.0.0` -> `5.1.0`
43+
44+
#### Included PRs since v5.0.0
45+
- `#124` feat(agent): add progress-aware doom loop guard (LOOP-004)
46+
- `#126` security: harden configs, CI, and infrastructure -- full audit fixes
47+
- `#127` test(stats): add edge case coverage for statistics engine
48+
- `#136` fix(codeql): resolve remaining syntax and test cleanup alerts
49+
- `#137` Update contributors section in README
50+
- `#139` feat: AgentStateGuard - full implementation (structural + semantic + atomic commit)
51+
- `#149` fix: hard-block legacy CodeExecutor execution path
52+
- `#150` fix: default deny unknown tool approvals
53+
- `#151` fix: bound verify_math tolerance by computed magnitude
54+
- `#152` fix: fail closed in verify_logic_rule
55+
- `#153` fix: fail closed in verify_identity
56+
- `#154` fix: fail closed for ambiguous math api inputs
57+
- `#155` fix: fail closed on uniqueItems validation errors
58+
759
## [5.0.0] - 2026-04-04
860
### 🛡️ Enforcement Boundary Hardening
961

deploy/kubernetes/deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ spec:
1717
spec:
1818
containers:
1919
- name: qwed-core
20-
image: ghcr.io/qwed-ai/qwed-core:5.0.0
20+
image: ghcr.io/qwed-ai/qwed-core:5.1.0
2121
imagePullPolicy: IfNotPresent
2222
ports:
2323
- containerPort: 8000

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[project]
22
name = "qwed"
3-
version = "5.0.0"
3+
version = "5.1.0"
44
description = "The Deterministic Verification Protocol for AI - 11 verification engines for math, logic, code, SQL, facts, images, and more. Now with Agentic Security Guards."
55
authors = [
66
{name = "QWED Team", email = "rahul@qwedai.com"},

qwed_sdk/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
VerificationType,
3838
)
3939

40-
__version__ = "5.0.0"
40+
__version__ = "5.1.0"
4141
__all__ = [
4242
"QWEDClient",
4343
"QWEDAsyncClient",

sdk-ts/package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

sdk-ts/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@qwed-ai/sdk",
3-
"version": "5.0.0",
3+
"version": "5.1.0",
44
"description": "TypeScript SDK for QWED Verification Protocol",
55
"main": "dist/index.js",
66
"module": "dist/index.mjs",

src/qwed_new/api/main.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
SessionDependency = Annotated[Session, Depends(get_session)]
3333
AgentTokenHeader = Annotated[str, Header(...)]
3434

35-
APP_VERSION = "5.0.0"
35+
APP_VERSION = "5.1.0"
3636

3737
app = FastAPI(
3838
title="QWED API",

0 commit comments

Comments
 (0)