v0.5.0

Highlights

• Completed Control Plane Split baseline and external control-plane reliability contract.
• Closed remaining identity/ingress/MAE/supply-chain risks from Wave D Bundle B.
• Completed Wave E Bundles A/B/C end-to-end: deployment gates, verification hardening, policy-as-code, and security telemetry.
• Significantly expanded security verification depth: matrix contracts, mock-to-contract parity, skip-budget governance, triple-assert contracts, fuzz harness, and mutation baseline.

Security Hardening

• Enforced Control Plane Split for public posture, with high-risk embedded surfaces blocked by policy.
• Added external control-plane adapter with versioned contract, timeout/retry/backoff, idempotency propagation, circuit-breaker behavior, and deterministic degrade modes.
• Added startup deployment profile gate (fail-closed) for lan/public posture validation before route/worker registration.
• Delivered secrets-at-rest v2 with encryption-backed storage path (cryptography-based).
• Implemented bridge token lifecycle v2: issue/expiry/rotation/revoke/overlap-window with auditability.
• Enforced webhook mapping privilege clamp with post-map schema gate.
• Enforced public MAE route-plane segmentation and route-surface policy checks.
• Replaced placeholder registry signature checks with trust-root based verification and revocation-aware key governance.
• Added threat-intel policy gate (OFF/AUDIT/STRICT) and provider resilience contracts.
• Added signed, versioned policy posture bundles (stage/activate/rollback with fail-closed verification path).
• Added bounded security anomaly telemetry contract (SEC-001 to SEC-004) with audit emission.
• Fixed Security Doctor SSRF posture to honor canonical callback allow-host keys with legacy fallback and regression coverage.

Reliability, Operator Experience, and DX

• Added deployment self-check CLI: check_deployment_profile.py (local/lan/public, JSON output, strict warnings mode).
• Added security_deployment_guide.md with profile-based hardening templates.
• Improved split-mode UX continuity with clearer blocked/degraded behavior signaling.
• Added live backend parity E2E coverage for critical operator paths (submit/status/results/degraded).
• Added implementation-record linting and strengthened pre-push/full-gate test orchestration.

Verification and Test Hardening

• Added security state-matrix contract tests (token/mapping/route/signature).
• Added mock-to-contract parity tests for critical security paths.
• Added skip-budget governance and no-skip policy enforcement for critical suites.
• Added triple-assert security contracts (status + machine code + audit event).
• Added defect-first implementation-record lint gate.
• Added deterministic adversarial fuzz harness and mutation baseline tooling.
• Added broad new test coverage across deployment gates, control-plane split, bridge token lifecycle, webhook mapping clamp, MAE segmentation, registry signature verification, policy posture, and telemetry.

Breaking / Upgrade Notes

• cryptography>=41.0 is now required (pyproject.toml) for secrets-at-rest v2 paths.

• Public posture deployments should be validated for split control-plane readiness to avoid fail-closed startup gating.

• Recommended after upgrade:

  1. check_deployment_profile.py --profile <local|lan|public> --strict-warnings
  2. Confirm required tokens/proxy/callback allow-hosts/bridge mTLS settings for your deployment profile.