Changelog
- b799b2a Add posture capsule emit scaffold (#391)
- 388421d Add task boundaries for taint-scoped trust overrides (#384)
- cdd0a0f Harden exposure-based policy escalation across MCP transports (#383)
- 5b2b482 ci: bump govulncheck Go to 1.26.2 (GO-2026-4865 fix) (#376)
- d1187a7 ci: bump the ci-actions group with 3 updates (#395)
- 5d4ceae deps: bump the go-deps group with 6 updates (#394)
- b3ea7c3 examples: add tool-response-injection reproduction harness (#387)
- 905ab19 feat: RFC 9421 envelope signing + canonical policy hash + redirect refresh (#403)
- a8470d0 feat: add pipelock session CLI for airlock inspection and recovery (#399)
- f0b3130 feat: add posture verify CLI with score model and CI gate (#397)
- f9d12ae feat: cross-implementation receipt conformance suite (#379)
- 8182493 feat: emit signed action receipts from pipelock mcp proxy (#385)
- a24be72 feat: extend receipt emission to fetch error paths, WebSocket, and A2A (#402)
- f1318e9 feat: mediation envelope — sideband metadata on proxied requests (#374)
- ac13a66 feat: per-pattern warn mode for DLP rollout safety (#392)
- 5c4dd61 feat: pipelock init sidecar + agent identity default + exemption audit emission (#400)
- a6bb095 feat: standard tier source selection, rules status, core SSRF literal, RequiredFeatures (#373)
- 67cd7d7 feat: stego stripping, media policy, SVG active content hardening (#382)
- 058806b feat: wire DLP warn audit emission into runtime lifecycle (#396)
- f5e654b fix: SVG active content bypass — unquoted event handlers and animation injection (#393)
- 28b3fa1 fix: edge-trigger airlock from adaptive escalation (#388)
- 508ddf7 fix: emit block receipts on post-fetch deny paths, extract bundleExecCtx (#377)
- c75a837 fix: harden log context field routing (#389)
- 3d2a365 fix: pre-tag hardening — media policy parity, receipt chain restart, posture integrity, CLI polish (#404)
- 9392aed fix: strict posture policy requires MCP server discovery (#398)
- 21d57a2 fix: v2.2.0 pre-tag hardening bundle (#408)
- 8936062 refactor: typed LogContext constructors and URL field semantic split (#378)