| @@ -47,3 +47,4 @@ secrets/ | ||
| scratch/ | ||
| tmp/ | ||
| .tmp-tests/ | ||
| + | SESSION_*.md |
| @@ -1,6 +1,13 @@ | ||
| # Oversight CHANGELOG | ||
| - | ## Unreleased - 2026-04-20 security hardening | |
| + | ## v0.4.4 - 2026-04-20 security hardening | |
| + | ||
| + | Security patch line started from the `v0.4.3` Python package baseline | |
| + | (`0b1a4ab`) and incorporates the Codex review fixes made on 2026-04-20. | |
| + | This is the current `main` download line. Historical `v0.5.0` Rekor/Rust | |
| + | work remains in git history and the Rust workspace, but the Python package | |
| + | metadata now intentionally advances from `0.4.3` to `0.4.4` so users do not | |
| + | confuse the hardened tree with the vulnerable `v0.4.3` baseline. | |
| - `oversight_core/container.py`: `max_opens` now increments only after a | ||
| successful decrypt, and unsafe `seal_multi()` is disabled until the | ||
| @@ -15,10 +22,10 @@ | ||
| unsigned beacon / watermark sidecars that do not match the signed manifest. | ||
| - `oversight_core/formats/text.py`: text adapter now applies L3 before L2/L1, | ||
| matching the core watermark pipeline. | ||
| - | - `oversight_core/tlog.py`: empty-tree roots now use the RFC 6962 Merkle | |
| + | - `oversight_core/tlog.py`: empty-tree roots now use the RFC 6962 Merkle | |
| hash (`SHA-256("")`) instead of an all-zero placeholder. | ||
| - | - `oversight_core/__init__.py`: package `__version__` is back in sync with | |
| - | `pyproject.toml`. | |
| + | - `oversight_core/__init__.py`, `pyproject.toml`, and the Rich CLI banner: | |
| + | version metadata is now `0.4.4`, marking this post-`0.4.3` hardening train. | |
| - Added focused regression coverage in `tests/test_policy_unit.py`, | ||
| `tests/test_registry_unit.py`, `tests/test_rekor_unit.py`, | ||
| `tests/test_text_format_unit.py`, and `tests/test_tlog_unit.py`. |
| @@ -93,6 +93,22 @@ The attribute command runs a 5-phase pipeline: | ||
| 4. **Multi-layer Bayesian fusion** combining all evidence into ranked candidates | ||
| 5. **Content fingerprint comparison** (winnowing + sentence hashing) as a last resort when all watermarks are stripped | ||
| + | ## What's new in v0.4.4 | |
| + | ||
| + | **Security hardening over v0.4.3.** This line starts from the v0.4.3 Python | |
| + | package baseline and adds the 2026-04-20 review fixes from Codex (GPT-5.4). | |
| + | Use v0.4.4 or current `main` for the hardened behavior described below. | |
| + | ||
| + | **Signed evidence continuity.** Registry registration now stores only the | |
| + | beacons and watermarks that match the issuer-signed manifest, Rekor | |
| + | attestations index by real watermark IDs and actual content hashes, and the | |
| + | local transparency-log empty root matches RFC 6962. | |
| + | ||
| + | **Recipient-honest policy enforcement.** `max_opens` counts only successful | |
| + | recipient decryptions, Windows local counters work, registry-backed counter | |
| + | modes fail closed until implemented, and unsafe multi-recipient sealing is | |
| + | disabled until the manifest format can represent multiple recipients honestly. | |
| + | ||
| ## What's new in v0.4.3 | ||
| **Anti-stripping defenses.** ECC-protected synonym bits (R=7 repetition codes), winnowing content fingerprints, sentence-level content hashing, 25 spelling variant pairs, 30 contraction choices, number formatting marks. The VM-strip-export attack (open in airgapped VM, strip invisible chars, export clean file) is now defended by content fingerprinting. | ||
| @@ -105,6 +121,8 @@ See `CHANGELOG.md` for full version history. | ||
| ## Security hardening | ||
| + | These items are included in v0.4.4 and current `main`: | |
| + | ||
| - `max_opens` now counts only successful recipient decryptions, not failed key guesses. | ||
| - `LOCAL_ONLY` open counters now work on Windows as well as POSIX hosts. | ||
| - `REGISTRY` and `HYBRID` policy modes fail closed instead of silently falling back to local counters. |
| @@ -55,7 +55,7 @@ from oversight_core.fingerprint import ContentFingerprint | ||
| # Constants | ||
| # --------------------------------------------------------------------------- | ||
| - | CLI_VERSION = "0.4.1" | |
| + | CLI_VERSION = "0.4.4" | |
| CONFIG_FILENAME = "config.json" | ||
| CONFIG_DIR_NAME = ".oversight" | ||
| @@ -30,4 +30,4 @@ __all__ = [ | ||
| "beacon", | ||
| ] | ||
| - | __version__ = "0.4.3" | |
| + | __version__ = "0.4.4" |
| @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" | ||
| [project] | ||
| name = "oversight-protocol" | ||
| - | version = "0.4.3" | |
| + | version = "0.4.4" | |
| description = "Open protocol for cryptographic data provenance, recipient attribution, and leak detection." | ||
| readme = "README.md" | ||
| license = {text = "Apache-2.0"} |