|
2 | 2 |
|
3 | 3 | All notable changes to the QWED Protocol will be documented in this file. |
4 | 4 |
|
| 5 | +## [4.0.0] - 2026-03-12 |
| 6 | +### 🛡️ Sentinel Edition |
| 7 | + |
| 8 | +#### 🆕 Agentic Security Guards (Phase 17) |
| 9 | +- **RAGGuard**: Detects prompt injection, data poisoning, and context manipulation in RAG pipelines with IRAC-compliant reporting. |
| 10 | +- **ExfiltrationGuard**: Prevents data exfiltration through AI agent tool calls by analyzing output patterns and destination validation. |
| 11 | +- **MCP Poison Guard**: Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution. |
| 12 | +- Five rounds of security review and hardening (CodeRabbit + SonarCloud). |
| 13 | + |
| 14 | +#### 🆕 New Standalone Guards |
| 15 | +- **SovereigntyGuard**: Enforces data residency policies and local routing rules for compliance-sensitive deployments. |
| 16 | +- **ToxicFlowGuard**: Stateful detection of toxic tool-chaining patterns across multi-step agent workflows. |
| 17 | +- **SelfInitiatedCoTGuard (S-CoT)**: Verifies self-initiated Chain-of-Thought logic paths for reasoning integrity. |
| 18 | + |
| 19 | +#### 🆕 Process Determinism |
| 20 | +- **ProcessVerifier**: A new class of deterministic verification — IRAC/milestone-based process verification with decimal scoring, budget-aware timeouts, and structured compliance reporting. Ensures AI-driven workflows follow deterministic process steps. |
| 21 | + |
| 22 | +#### 🔒 Critical Security Fixes |
| 23 | +- **Code Injection Prevention**: Replaced all `eval()` calls with AST-compiled execution (SonarCloud S5334). |
| 24 | +- **Sandbox Escape Fix**: Patched critical sandbox escape and namespace mismatch vulnerability. |
| 25 | +- **SymPy Injection Fix**: Hardened symbolic math input parsing against injection attacks. |
| 26 | +- **Protocol Bypass Fixes**: Fixed URL whitespace bypass and protocol wildcard bypass vulnerabilities. |
| 27 | +- **CVE Patches**: Resolved CVE-2026-24049 (Critical, pip/wheel), CVE-2025-8869, and HTTP request smuggling (h11/httpcore). |
| 28 | +- **Snyk Remediation**: Fixed all 19 Snyk Code findings across the codebase. |
| 29 | +- **CodeQL Remediation**: Secured exception handling in `verify_logic`, `ControlPlane`, `verify_stats`, and `agent_tool_call`. |
| 30 | + |
| 31 | +#### 🐳 Docker Hardening (15+ improvements) |
| 32 | +- Pinned base image digests with hash-verified requirements. |
| 33 | +- Non-root user execution with `gosu`/`runuser`. |
| 34 | +- Inlined entrypoint script to fix exec format errors across platforms. |
| 35 | +- Enforced LF line endings via `.gitattributes` and `dos2unix`. |
| 36 | +- Automated Docker Hub publishing on release and main branch push. |
| 37 | +- SBOM generation and Docker Scout vulnerability scanning. |
| 38 | + |
| 39 | +#### 🔧 CI/CD Infrastructure |
| 40 | +- **Sentry SDK**: Integrated error tracking and monitoring. |
| 41 | +- **CircleCI**: Added Python matrix testing pipeline. |
| 42 | +- **SonarCloud**: Added code quality and coverage workflow. |
| 43 | +- **Snyk**: Added security scanning workflow with SARIF output. |
| 44 | +- **Docker Auto-Publish**: Automated image publishing to Docker Hub on every release. |
| 45 | + |
| 46 | +#### 📝 Documentation & Badges |
| 47 | +- Added OpenSSF Best Practices badge (Silver level). |
| 48 | +- Added Snyk security badge and partner attribution. |
| 49 | +- Added Docker Hub pulls badge and dynamic BuildKit badge. |
| 50 | +- Updated engine count from 8 to 11 across all documentation. |
| 51 | +- Added Ecosystem Trust & Infrastructure section to README. |
| 52 | + |
| 53 | +#### 🧪 Test Coverage |
| 54 | +- ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data. |
| 55 | +- Attestation edge cases and qwed_local execution tests. |
| 56 | +- Logic exception handling and stats engine coverage. |
| 57 | +- Secure executor Docker availability checks. |
| 58 | + |
5 | 59 | ## [3.0.1] - 2026-02-04 |
6 | 60 | ### 🦾 Ironclad Update (Security Patch) |
7 | 61 |
|
|
0 commit comments