CHANGELOG

What shipped. When. What it actually does.

Every release notes the checks involved, the failure modes covered, and the measured behaviour.

Latest

Shield 1.0 GA

Offline grounding verdict, signed decision receipts, and compliance evidence bundles.

  • CHK-023 grounding verdict against retrieved context — fully offline
  • CHK-024 off-topic detection with per-key topic centroids
  • HMAC-signed decision receipts + verosek-verify-receipt offline CLI
  • NIST AI RMF + EU AI Act evidence bundles at /api/v1/security/compliance/*
  • Custom PII recognizers via regex (Patient MRN, Case Number, internal IDs)
  • Policy-as-code: YAML export / validated import endpoint

Shield 0.9 — Session drift

Session-level exfiltration drift detection (CHK-022) and tool-output scanning (CHK-020, CHK-021).

  • CHK-020 indirect prompt injection in MCP tool output
  • CHK-021 PII in MCP tool output with per-connection redaction
  • CHK-022 cumulative session drift — PII + URL + byte thresholds
  • Shield profiles: baseline (default) / strict / none / custom

Shield 0.5 — Input/output scanning

First ML-backed checks: prompt injection, jailbreak, toxicity, PII, secrets.

  • CHK-013 / CHK-014 — offline prompt-injection and jailbreak classifier
  • CHK-015 / CHK-018 — multilingual PII with four redaction modes
  • CHK-016 / CHK-019 — seventeen provider-specific secret regex patterns
  • CHK-017 — offline multilingual toxicity classifier
  • Two-service architecture: optional verosek-shield-ml container

Gateway 1.0

Cross-SDK translation generally available. OpenAI, Anthropic, and Gemini SDKs interchangeable.

  • 12 OpenAI-compatible endpoints
  • Native Anthropic /v1/messages
  • Native Gemini /v1beta/models/{model}:* surface
  • Weighted routing with priority fallback and cooldown
  • Virtual keys with spend / TTL / rate limits

Policy Engine 1.0

Deterministic policy engine shipped with CHK-001..012 and explainable verdicts.

  • 12 deterministic policy checks, fully scored
  • ALLOW / MODIFY / HOLD / BLOCK / TERMINATE decision matrix
  • DBeaver-style access control: SQL operations, blocked tables, column masking
  • HMAC-SHA256 signed audit trace

Get release notes in your inbox.

One email per release. No marketing.