v0.4.0

Security Hardening - Wave A, B, C

• Hardened runtime startup posture: runtime profile gates, module capability boot boundaries, and bridge protocol handshake checks.
• Added startup hard-stop for unsafe non-loopback exposure to prevent insecure boot.
• Added scoped RBAC + multi-token least-privilege model for sensitive endpoints.
• Added canonical endpoint inventory drift guard to prevent auth coverage regressions on routes.
• Added non-repudiation audit trail coverage for sensitive actions.
• Upgraded external tools to true sandbox-style isolation; removed insecure fallback paths; strengthened tool path resolution against realpath/symlink bypass.
• Enforced durable replay/idempotency storage for webhook and bridge strict paths.
• Enforced stricter outbound endpoint policy for callback + LLM egress (scheme/port policy hardening).
• Fixed pack path traversal vectors (install, uninstall, and path resolution flows).
• Added strict input validation for pack API route handlers.
• Added pack manifest completeness enforcement (reject unlisted payload files).
• Added pack archive canonicalization hardening (zip-slip, drive-relative path, Unicode normalization bypass resistance).
• Added bridge/connector mTLS + device binding hardening.
• Added global DoS governance controls (quotas + lifecycle/storage protections).
• Added release provenance verification workflow (generation + verification scripts, checklist integration).
• Added connector semantic guardrails and command firewall controls to reduce prompt-injection/unsafe-command risk.
• Expanded Security Doctor contract and diagnostics; added fail-closed posture on transform runtime unavailability.
• Closed prior “implemented but pending validation” security items with full TEST_SOP acceptance evidence.