You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+52Lines changed: 52 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,58 @@ All notable changes to the QWED Protocol will be documented in this file.
4
4
5
5
## [Unreleased]
6
6
7
+
## [5.1.0] - 2026-04-19
8
+
### Agent State Governance and Fail-Closed Hardening
9
+
10
+
Minor release expanding QWED from action verification into state governance while closing the adversarial fail-open gaps identified after v5.0.0. This release includes AgentStateGuard plus a focused hardening wave across execution, tool governance, mathematical verification, API semantics, and schema validation.
11
+
12
+
#### New Capability
13
+
-**AgentStateGuard**: Added deterministic state verification with strict structural validation, semantic transition checks, and governed atomic state commits. This extends QWED from action-only verification to state and memory governance.
14
+
15
+
#### Fail-Closed Hardening
16
+
-**Legacy CodeExecutor hard-blocked**: `CodeExecutor.execute()` now raises `RuntimeError` unconditionally. All supported execution remains on `SecureCodeExecutor`.
17
+
-**Unknown tools default-denied**: `ToolApprovalSystem` now blocks unknown tools regardless of heuristic risk score.
18
+
-**Bounded math tolerance**: `verify_math()` rejects oversized, negative, non-finite, and malformed tolerances instead of letting callers weaken correctness checks.
19
+
-**Legacy logic path fails closed**: `verify_logic_rule()` now raises `NotImplementedError` instead of returning `None`.
20
+
-**Identity sampling rejected**: `verify_identity()` now returns `BLOCKED` when numerical sampling matches but no formal proof exists.
21
+
-**Ambiguous math API rejected**: `/verify/math` now blocks ambiguous implicit-multiplication expressions instead of returning `is_valid: true`.
22
+
-**Schema uniqueness fail-closed**: `SchemaVerifier` now emits `uniqueness_validation_error` when `uniqueItems` cannot be proven deterministically.
23
+
24
+
#### Runtime and Security Follow-Through
25
+
-**Progress-aware doom loop guard**: Added LOOP-004 state-aware replay protection for repeated actions on unchanged state.
26
+
-**Security and infrastructure hardening**: Incorporated follow-up hardening across configs, CI, and infrastructure.
27
+
-**Stats verifier coverage expansion**: Added edge-case coverage for the statistics engine.
28
+
-**CodeQL and cleanup follow-ups**: Merged syntax, test, and static-analysis cleanup work after the v5.0.0 boundary release.
29
+
30
+
#### Upgrade Notes
31
+
-`CodeExecutor` is no longer usable as a legacy execution path. Migrate any direct imports to `SecureCodeExecutor`.
32
+
- Unknown tools now require explicit allowlisting and are no longer auto-approved at low heuristic risk.
33
+
-`verify_math()` may return `BLOCKED` for tolerances that exceed the deterministic policy bound.
34
+
-`verify_logic_rule()` no longer returns an ambiguous non-result; callers must migrate to `LogicVerifier`.
35
+
- Sampling-only `verify_identity()` matches now return `BLOCKED`, not `UNKNOWN`.
36
+
- Ambiguous `/verify/math` expressions now return `BLOCKED` with `is_valid: false`.
37
+
-`uniqueItems` validation failures are now explicit schema errors instead of silent passes.
Copy file name to clipboardExpand all lines: pyproject.toml
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
[project]
2
2
name = "qwed"
3
-
version = "5.0.0"
3
+
version = "5.1.0"
4
4
description = "The Deterministic Verification Protocol for AI - 11 verification engines for math, logic, code, SQL, facts, images, and more. Now with Agentic Security Guards."
0 commit comments