Skip to content

v4.0.0: Sentinel Edition πŸ›‘οΈ

Choose a tag to compare

@rahuldass19 rahuldass19 released this 11 Mar 21:13
50e5dbf

πŸ›‘οΈ QWED v4.0.0 β€” Sentinel Edition

147 commits since v3.0.1 β€” the largest update in QWED history.

QWED v4.0.0 introduces Agentic Security Guards, Process Determinism, critical security hardening, and enterprise-grade CI/CD infrastructure. This release makes QWED the most comprehensive open-source deterministic verification layer for LLMs and AI Agents.


πŸ†• Agentic Security Guards (Phase 17)

A brand-new guard subsystem purpose-built for securing AI agent tool chains and RAG pipelines.

All three guards went through five rounds of security review and hardening via CodeRabbit and SonarCloud.

Guard Description
RAGGuard Detects prompt injection, data poisoning, and context manipulation in Retrieval-Augmented Generation pipelines. Produces IRAC-compliant compliance reports.
ExfiltrationGuard Prevents data exfiltration through AI agent tool calls by analyzing output patterns, destination URLs, and payload structure.
MCP Poison Guard Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution, protecting against supply-chain attacks on AI tools.

πŸ“ Documentation & Badges

  • Added OpenSSF Best Practices badge (Silver level)
  • Added Snyk security badge and partner attribution
  • Added Docker Hub pulls badge and dynamic BuildKit badge
  • Updated engine count to reflect all 11 verification engines
  • Added Ecosystem Trust & Infrastructure section to README

πŸ§ͺ Test Coverage

  • ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data
  • Attestation edge cases and qwed_local execution tests
  • Logic exception handling and stats engine coverage
  • Secure executor Docker availability checks

πŸ“¦ Installation

pip install qwed==4.0.0

πŸ”— Links


Full Changelog: v3.0.1...v4.0.0

# πŸ›‘οΈ QWED v4.0.0 β€” Sentinel Edition

147 commits since v3.0.1 β€” the largest update in QWED history.

QWED v4.0.0 introduces Agentic Security Guards, Process Determinism, critical security hardening, and enterprise-grade CI/CD infrastructure. This release makes QWED the most comprehensive open-source deterministic verification layer for LLMs and AI Agents.


πŸ†• Agentic Security Guards (Phase 17)

A brand-new guard subsystem purpose-built for securing AI agent tool chains and RAG pipelines.

All three guards went through five rounds of security review and hardening via CodeRabbit and SonarCloud.

Guard Description
RAGGuard Detects prompt injection, data poisoning, and context manipulation in Retrieval-Augmented Generation pipelines. Produces IRAC-compliant compliance reports.
ExfiltrationGuard Prevents data exfiltration through AI agent tool calls by analyzing output patterns, destination URLs, and payload structure.
MCP Poison Guard Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution, protecting against supply-chain attacks on AI tools.

πŸ†• New Standalone Guards

Guard Description
SovereigntyGuard Enforces data residency policies and local routing rules for compliance-sensitive deployments (GDPR, data localization).
ToxicFlowGuard Stateful detection of toxic tool-chaining patterns across multi-step agent workflows. Catches attack sequences that single-step guards miss.
SelfInitiatedCoTGuard (S-CoT) Verifies self-initiated Chain-of-Thought logic paths for reasoning integrity, ensuring LLMs don't fabricate reasoning chains.

πŸ†• Process Determinism

A new class of deterministic verification:

  • ProcessVerifier β€” IRAC/milestone-based process verification with decimal scoring, budget-aware timeouts, and structured compliance reporting. Ensures AI-driven workflows follow deterministic process steps β€” not just correct answers, but correct procedures.

πŸ”’ Critical Security Fixes

Fix Details
Code Injection Prevention Replaced all eval() calls with AST-compiled execution (SonarCloud S5334).
Sandbox Escape Fix Patched critical sandbox escape and namespace mismatch vulnerability in the code verification engine.
SymPy Injection Fix Hardened symbolic math input parsing against injection attacks.
Protocol Bypass Fixes Fixed URL whitespace bypass and protocol wildcard bypass vulnerabilities.
CVE Patches Resolved CVE-2026-24049 (Critical, pip/wheel), CVE-2025-8869, and HTTP request smuggling via h11/httpcore upgrades.
Snyk Remediation Fixed all 19 Snyk Code findings across the codebase.
CodeQL Remediation Secured exception handling in verify_logic, ControlPlane, verify_stats, and agent_tool_call endpoints.

🐳 Docker Hardening

15+ improvements to the Docker image:

  • Pinned base image digests with hash-verified requirements
  • Non-root user execution with gosu/runuser
  • Inlined entrypoint script to fix exec format errors across platforms
  • Enforced LF line endings via .gitattributes and dos2unix
  • Automated Docker Hub publishing on release and main branch push
  • SBOM generation (SPDX) and Docker Scout vulnerability scanning
docker pull qwedai/qwed-verification:4.0.0

πŸ”§ CI/CD Infrastructure

Tool Integration
Sentry SDK Integrated error tracking and monitoring for production deployments.
CircleCI Added Python matrix testing pipeline (3.10, 3.11, 3.12).
SonarCloud Added code quality and coverage workflow.
Snyk Added security scanning workflow with SARIF output.
Docker Auto-Publish Automated image publishing to Docker Hub on every release.

πŸ“ Documentation & Badges

  • Added OpenSSF Best Practices badge (Silver level)
  • Added Snyk security badge and partner attribution
  • Added Docker Hub pulls badge and dynamic BuildKit badge
  • Updated engine count to reflect all 11 verification engines
  • Added Ecosystem Trust & Infrastructure section to README

πŸ§ͺ Test Coverage

  • ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data
  • Attestation edge cases and qwed_local execution tests
  • Logic exception handling and stats engine coverage
  • Secure executor Docker availability checks

πŸ“¦ Installation

pip install qwed==4.0.0

πŸ”— Links


Full Changelog: [v3.0.1...v4.0.0](https://github.com/QWED-AI/qwed-verification/compare/v3.0.1...v4.0.0)