Skip to content

Commit 50e5dbf

Browse files
authored
Merge pull request #83 from QWED-AI/release/v4.0.0
release: v4.0.0 Sentinel Edition
2 parents 82f66d9 + 13c6bfc commit 50e5dbf

3 files changed

Lines changed: 60 additions & 3 deletions

File tree

.circleci/config.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,11 @@ jobs:
4949
name: Run pip-audit (project deps only)
5050
command: |
5151
set -o pipefail
52+
# Snapshot only project dependencies before adding audit tooling
53+
/tmp/audit-env/bin/pip freeze --exclude qwed > /tmp/audit-requirements.txt
5254
/tmp/audit-env/bin/pip install pip-audit
53-
/tmp/audit-env/bin/pip-audit --strict --skip-editable --desc \
55+
/tmp/audit-env/bin/pip-audit --strict --desc \
56+
-r /tmp/audit-requirements.txt \
5457
`# CVE-2025-8869: pip tar extraction vuln — build-only tool, not in runtime image` \
5558
--ignore-vuln CVE-2025-8869 \
5659
`# CVE-2026-1703: pip wheel path traversal (CVSS 2.0 Low) — build-only, pinned hashes used` \

CHANGELOG.md

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,60 @@
22

33
All notable changes to the QWED Protocol will be documented in this file.
44

5+
## [4.0.0] - 2026-03-12
6+
### 🛡️ Sentinel Edition
7+
8+
#### 🆕 Agentic Security Guards (Phase 17)
9+
- **RAGGuard**: Detects prompt injection, data poisoning, and context manipulation in RAG pipelines with IRAC-compliant reporting.
10+
- **ExfiltrationGuard**: Prevents data exfiltration through AI agent tool calls by analyzing output patterns and destination validation.
11+
- **MCP Poison Guard**: Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution.
12+
- Five rounds of security review and hardening (CodeRabbit + SonarCloud).
13+
14+
#### 🆕 New Standalone Guards
15+
- **SovereigntyGuard**: Enforces data residency policies and local routing rules for compliance-sensitive deployments.
16+
- **ToxicFlowGuard**: Stateful detection of toxic tool-chaining patterns across multi-step agent workflows.
17+
- **SelfInitiatedCoTGuard (S-CoT)**: Verifies self-initiated Chain-of-Thought logic paths for reasoning integrity.
18+
19+
#### 🆕 Process Determinism
20+
- **ProcessVerifier**: A new class of deterministic verification — IRAC/milestone-based process verification with decimal scoring, budget-aware timeouts, and structured compliance reporting. Ensures AI-driven workflows follow deterministic process steps.
21+
22+
#### 🔒 Critical Security Fixes
23+
- **Code Injection Prevention**: Replaced all `eval()` calls with AST-compiled execution (SonarCloud S5334).
24+
- **Sandbox Escape Fix**: Patched critical sandbox escape and namespace mismatch vulnerability.
25+
- **SymPy Injection Fix**: Hardened symbolic math input parsing against injection attacks.
26+
- **Protocol Bypass Fixes**: Fixed URL whitespace bypass and protocol wildcard bypass vulnerabilities.
27+
- **CVE Patches**: Resolved CVE-2026-24049 (Critical, pip/wheel), CVE-2025-8869, and HTTP request smuggling (h11/httpcore).
28+
- **Snyk Remediation**: Fixed all 19 Snyk Code findings across the codebase.
29+
- **CodeQL Remediation**: Secured exception handling in `verify_logic`, `ControlPlane`, `verify_stats`, and `agent_tool_call`.
30+
31+
#### 🐳 Docker Hardening (15+ improvements)
32+
- Pinned base image digests with hash-verified requirements.
33+
- Non-root user execution with `gosu`/`runuser`.
34+
- Inlined entrypoint script to fix exec format errors across platforms.
35+
- Enforced LF line endings via `.gitattributes` and `dos2unix`.
36+
- Automated Docker Hub publishing on release and main branch push.
37+
- SBOM generation and Docker Scout vulnerability scanning.
38+
39+
#### 🔧 CI/CD Infrastructure
40+
- **Sentry SDK**: Integrated error tracking and monitoring.
41+
- **CircleCI**: Added Python matrix testing pipeline.
42+
- **SonarCloud**: Added code quality and coverage workflow.
43+
- **Snyk**: Added security scanning workflow with SARIF output.
44+
- **Docker Auto-Publish**: Automated image publishing to Docker Hub on every release.
45+
46+
#### 📝 Documentation & Badges
47+
- Added OpenSSF Best Practices badge (Silver level).
48+
- Added Snyk security badge and partner attribution.
49+
- Added Docker Hub pulls badge and dynamic BuildKit badge.
50+
- Updated engine count from 8 to 11 across all documentation.
51+
- Added Ecosystem Trust & Infrastructure section to README.
52+
53+
#### 🧪 Test Coverage
54+
- ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data.
55+
- Attestation edge cases and qwed_local execution tests.
56+
- Logic exception handling and stats engine coverage.
57+
- Secure executor Docker availability checks.
58+
559
## [3.0.1] - 2026-02-04
660
### 🦾 Ironclad Update (Security Patch)
761

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
[project]
22
name = "qwed"
3-
version = "3.0.1"
4-
description = "The Deterministic Verification Protocol for AI - 11 verification engines for math, logic, code, SQL, facts, images, and more."
3+
version = "4.0.0"
4+
description = "The Deterministic Verification Protocol for AI - 11 verification engines for math, logic, code, SQL, facts, images, and more. Now with Agentic Security Guards."
55
authors = [
66
{name = "QWED Team", email = "rahul@qwedai.com"},
77
]

0 commit comments

Comments
 (0)