π‘οΈ QWED v4.0.0 β Sentinel Edition
147 commits since v3.0.1 β the largest update in QWED history.
QWED v4.0.0 introduces Agentic Security Guards, Process Determinism, critical security hardening, and enterprise-grade CI/CD infrastructure. This release makes QWED the most comprehensive open-source deterministic verification layer for LLMs and AI Agents.
π Agentic Security Guards (Phase 17)
A brand-new guard subsystem purpose-built for securing AI agent tool chains and RAG pipelines.
All three guards went through five rounds of security review and hardening via CodeRabbit and SonarCloud.
| Guard | Description |
|---|---|
| RAGGuard | Detects prompt injection, data poisoning, and context manipulation in Retrieval-Augmented Generation pipelines. Produces IRAC-compliant compliance reports. |
| ExfiltrationGuard | Prevents data exfiltration through AI agent tool calls by analyzing output patterns, destination URLs, and payload structure. |
| MCP Poison Guard | Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution, protecting against supply-chain attacks on AI tools. |
π Documentation & Badges
- Added OpenSSF Best Practices badge (Silver level)
- Added Snyk security badge and partner attribution
- Added Docker Hub pulls badge and dynamic BuildKit badge
- Updated engine count to reflect all 11 verification engines
- Added Ecosystem Trust & Infrastructure section to README
π§ͺ Test Coverage
- ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data
- Attestation edge cases and
qwed_localexecution tests - Logic exception handling and stats engine coverage
- Secure executor Docker availability checks
π¦ Installation
pip install qwed==4.0.0
π Links
- π Documentation
- π PyPI
- π³ Docker Hub
- π¦ npm
- π¦ crates.io
Full Changelog: v3.0.1...v4.0.0
147 commits since v3.0.1 β the largest update in QWED history.
QWED v4.0.0 introduces Agentic Security Guards, Process Determinism, critical security hardening, and enterprise-grade CI/CD infrastructure. This release makes QWED the most comprehensive open-source deterministic verification layer for LLMs and AI Agents.
π Agentic Security Guards (Phase 17)
A brand-new guard subsystem purpose-built for securing AI agent tool chains and RAG pipelines.
All three guards went through five rounds of security review and hardening via CodeRabbit and SonarCloud.
| Guard | Description |
|---|---|
| RAGGuard | Detects prompt injection, data poisoning, and context manipulation in Retrieval-Augmented Generation pipelines. Produces IRAC-compliant compliance reports. |
| ExfiltrationGuard | Prevents data exfiltration through AI agent tool calls by analyzing output patterns, destination URLs, and payload structure. |
| MCP Poison Guard | Detects poisoned or tampered Model Context Protocol (MCP) tool definitions before agent execution, protecting against supply-chain attacks on AI tools. |
π New Standalone Guards
| Guard | Description |
|---|---|
| SovereigntyGuard | Enforces data residency policies and local routing rules for compliance-sensitive deployments (GDPR, data localization). |
| ToxicFlowGuard | Stateful detection of toxic tool-chaining patterns across multi-step agent workflows. Catches attack sequences that single-step guards miss. |
| SelfInitiatedCoTGuard (S-CoT) | Verifies self-initiated Chain-of-Thought logic paths for reasoning integrity, ensuring LLMs don't fabricate reasoning chains. |
π Process Determinism
A new class of deterministic verification:
- ProcessVerifier β IRAC/milestone-based process verification with decimal scoring, budget-aware timeouts, and structured compliance reporting. Ensures AI-driven workflows follow deterministic process steps β not just correct answers, but correct procedures.
π Critical Security Fixes
| Fix | Details |
|---|---|
| Code Injection Prevention | Replaced all eval() calls with AST-compiled execution (SonarCloud S5334). |
| Sandbox Escape Fix | Patched critical sandbox escape and namespace mismatch vulnerability in the code verification engine. |
| SymPy Injection Fix | Hardened symbolic math input parsing against injection attacks. |
| Protocol Bypass Fixes | Fixed URL whitespace bypass and protocol wildcard bypass vulnerabilities. |
| CVE Patches | Resolved CVE-2026-24049 (Critical, pip/wheel), CVE-2025-8869, and HTTP request smuggling via h11/httpcore upgrades. |
| Snyk Remediation | Fixed all 19 Snyk Code findings across the codebase. |
| CodeQL Remediation | Secured exception handling in verify_logic, ControlPlane, verify_stats, and agent_tool_call endpoints. |
π³ Docker Hardening
15+ improvements to the Docker image:
- Pinned base image digests with hash-verified requirements
- Non-root user execution with
gosu/runuser - Inlined entrypoint script to fix exec format errors across platforms
- Enforced LF line endings via
.gitattributesanddos2unix - Automated Docker Hub publishing on release and main branch push
- SBOM generation (SPDX) and Docker Scout vulnerability scanning
docker pull qwedai/qwed-verification:4.0.0π§ CI/CD Infrastructure
| Tool | Integration |
|---|---|
| Sentry SDK | Integrated error tracking and monitoring for production deployments. |
| CircleCI | Added Python matrix testing pipeline (3.10, 3.11, 3.12). |
| SonarCloud | Added code quality and coverage workflow. |
| Snyk | Added security scanning workflow with SARIF output. |
| Docker Auto-Publish | Automated image publishing to Docker Hub on every release. |
π Documentation & Badges
- Added OpenSSF Best Practices badge (Silver level)
- Added Snyk security badge and partner attribution
- Added Docker Hub pulls badge and dynamic BuildKit badge
- Updated engine count to reflect all 11 verification engines
- Added Ecosystem Trust & Infrastructure section to README
π§ͺ Test Coverage
- ProcessVerifier: decimal scores, edge cases, IRAC long input, malformed data
- Attestation edge cases and
qwed_localexecution tests - Logic exception handling and stats engine coverage
- Secure executor Docker availability checks
π¦ Installation
pip install qwed==4.0.0π Links
- π Documentation
- π [PyPI](https://pypi.org/project/qwed/)
- π³ [Docker Hub](https://hub.docker.com/r/qwedai/qwed-verification)
- π¦ [npm](https://www.npmjs.com/package/@qwed-ai/sdk)
- π¦ [crates.io](https://crates.io/crates/qwed)
Full Changelog: [v3.0.1...v4.0.0](https://github.com/QWED-AI/qwed-verification/compare/v3.0.1...v4.0.0)