|
2 | 2 |
|
3 | 3 | All notable changes to ClawZero are documented in this file. |
4 | 4 |
|
| 5 | +## [0.4.0] - 2026-04-16 |
| 6 | + |
| 7 | +### Added |
| 8 | + |
| 9 | +- Added enforcement-strength generated test surfaces and audit artifacts on top of `v0.3.0`, including: |
| 10 | + - policy matrix, witness integrity, OWASP ASI-2026, EU AI Act, adversarial evasion, adapter matrix, cross-session isolation, SARIF export, engine parity, and fuzzing suites added across commits `ac2ebd6` through `d32190a`. |
| 11 | + - documented audit baseline and authoring standard in: |
| 12 | + - `docs/test-suite-audit-summary.md` |
| 13 | + - `docs/test-authoring-guide.md` |
| 14 | +- Added compliance attestation CLI surface in `clawzero compliance verify` (commit `6776cdf`; hardened in later commits), including signed attestation payload output and suite presence checks. |
| 15 | +- Added official SARIF schema validation contracts (`tests/exports/test_sarif_official_schema_contract.py`, commit `db4db6e`). |
| 16 | + |
| 17 | +### Security Hardening (Post-PR81–PR86 MVAR Baseline) |
| 18 | + |
| 19 | +- Integrated and validated against the post-PR81–PR86 MVAR hardening baseline (`52f2038`, `6fbbb89`, `174beee`, `7513c7f`, `3f53bc7`, `a9a1dfd`) used in this workspace: |
| 20 | + - Ed25519 default signing with truthful algorithm labeling (`ed25519` vs `hmac-sha256`), removing algorithm-label misrepresentation in audit output. |
| 21 | + - Vault-mediated credential execution path for `credentials.access`, with token-reference mediation and no raw credential material returned to the agent path. |
| 22 | + - Cryptographic policy lineage enforcement with lineage-chain verification and fail-closed behavior in `prod_locked`. |
| 23 | + - Advanced risk scoring in the default execution path with profile-aware modes (`BLOCKING` in `prod_locked`) and counterfactual injection signals. |
| 24 | + - Taint-laundering prevention integration proofs covering single-hop/multi-hop propagation, trust-boundary crossing, source fragmentation, and Claim-18-style provenance differential behavior (`mvar/tests/integration/test_taint_laundering_prevention.py`). |
| 25 | + - Machine-readable architecture registry with signed runtime self-report, layer status, and compatibility matrix (`mvar/mvar-core/architecture.py`). |
| 26 | + |
| 27 | +### Validation |
| 28 | + |
| 29 | +- Full ClawZero suite green on this release line: |
| 30 | + - `9598 passed` |
| 31 | + - `17 skipped` (intentional gap markers) |
| 32 | + - `0 failed` |
| 33 | + - `9615 collected` |
| 34 | +- PyPI: `pip install clawzero==0.4.0` |
| 35 | +- GitHub: github.com/mvar-security/clawzero |
| 36 | + |
| 37 | +## [0.3.0] - 2026-04-11 |
| 38 | + |
| 39 | +### Added |
| 40 | + |
| 41 | +- Added session-level chain detection runtime and session/wrap CLI paths (`f0f48ee`). |
| 42 | +- Added key visibility support in CLI and release-aligned witness UX (`f0f48ee`, `926b49a`). |
| 43 | + |
| 44 | +### Changed |
| 45 | + |
| 46 | +- Stabilized CI ordering and SARIF generation lanes for attack-pack workflows (`ddc5aa9`, `efa43bc`, `2ddea65`, `fe10d1f`). |
| 47 | +- Narrowed compliance signing key typing for mypy correctness (`54dd1c0`). |
| 48 | + |
| 49 | +## [0.2.1] - 2026-04-09 |
| 50 | + |
| 51 | +### Added |
| 52 | + |
| 53 | +- Added MCP adapter alpha support and strengthened proof UX in release artifacts (`f31e015`). |
| 54 | +- Upgraded witness-signing flow and associated demo/proof ergonomics (`f31e015`). |
| 55 | + |
| 56 | +## [0.2.0] - 2026-03-31 |
| 57 | + |
| 58 | +### Added |
| 59 | + |
| 60 | +- Added `protect_agent()` API and the v0.2 framework adapter expansion for LangChain, CrewAI, AutoGen, OpenClaw, and MCP integration surfaces (`99477fe`). |
| 61 | +- Added expanded attack corpus coverage and release-proof packaging for the 0.2 line (`99477fe`, `ff5a102`). |
| 62 | + |
5 | 63 | ## [0.1.5] - 2026-03-18 |
6 | 64 |
|
7 | 65 | ### Added |
|
0 commit comments