mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
David Abutbul
600c945fe2
* feat(hermes-attestation-guardian): harden attestation verification and drift controls * docs(wiki): add human-friendly claim mapping for hermes attestation guardian * docs(wiki): expand hermes attestation claim narratives and archive draft * fix(attestation): address Baz review findings for schema and verifier * fix(attestation): reject broken symlink output paths * docs(attestation): pass clean community install guard without force * fix(attestation): harden writes and fail-closed config parsing * feat(ui): add Hermes to rotating platform text * test(attestation): add sandboxed Hermes regression runner script --------- Co-authored-by: David Abutbul <David.a@prompt.security>
1011 B
1011 B
Changelog
[0.0.1] - 2026-04-15
- Implemented deterministic Hermes attestation generator CLI (
scripts/generate_attestation.mjs). - Implemented fail-closed verifier CLI with schema, canonical digest, expected checksum, and optional detached signature checks (
scripts/verify_attestation.mjs). - Implemented meaningful baseline diff engine with stable severity mapping for risky toggle regressions, feed verification regressions, trust anchor drift, and watched file drift (
lib/diff.mjs). - Implemented Hermes-only cron setup helper with print-only default and managed-block apply mode (
scripts/setup_attestation_cron.mjs). - Added shared attestation library for canonicalization, schema validation, digest generation, and policy parsing (
lib/attestation.mjs). - Expanded tests for schema determinism, diff behavior, generator/verifier fail-closed behavior, and cron helper Hermes-only output.
- Updated metadata/docs to match actual implemented behavior and ClawSec release pipeline expectations.