Skip to content

Commit 3912cca

Browse files
committed
chore(release): bump to 1.0.0 — the Trust Spine release
Machine-verified findings with portable proof: verifier + receipt contract, recipe-driven oracles, proof capsules + replay, prove-or-kill gating, verified-only SARIF export, REST path-parameter injection, and honest verdicts. Field-validated against live OWASP Juice Shop.
1 parent 9805e3a commit 3912cca

2 files changed

Lines changed: 25 additions & 1 deletion

File tree

CHANGELOG.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,30 @@
22

33
All notable changes to ptai are documented here. Format follows [Keep a Changelog](https://keepachangelog.com/), versioning follows [Semantic Versioning](https://semver.org/).
44

5+
## [1.0.0] - 2026-06-25
6+
7+
The Trust Spine release. ptai now proves what it finds: a finding earns the VERIFIED badge only when a machine oracle re-runs the exploit and reproduces it N out of N times. No oracle, no badge, and no verdict from an LLM assertion.
8+
9+
### Added
10+
11+
- **Verifier + receipt contract.** A verified verdict must name the machine oracle that earned it, enforced in code.
12+
- **Recipe-driven oracles:** unescaped reflection, open redirect, IDOR/BOLA differential, error signature, MCP exposure, SQLi boolean and boolean-blind, SSTI (including error-based), sensitive data exposure, and HTTP request smuggling (CL.TE), plus an out-of-band OAST callback oracle for blind SSRF/XXE over a self-hosted loopback collaborator.
13+
- **Portable proof capsules and `ptai replay`**, plus multi-hop chain capsules, so a finding's proof travels and replays without trusting ptai.
14+
- **Prove-or-kill gating:** third-party scanner output (nuclei, nikto, zap) is held back until an oracle re-proves it.
15+
- **Verified-only SARIF export** (`ptai export --sarif`) with a frozen, versioned export-properties contract.
16+
- **REST path-parameter injection** in the SQLi/XSS/SSTI fuzzers, so injection in `/rest/products/<id>` style routes is caught, not just query parameters.
17+
- **Experimental CL.TE request-smuggling discovery probe**, oracle-gated.
18+
- **CI gate** (`--fail-on verified`) with a composite action, and a bundled `ptai demo`.
19+
20+
### Changed
21+
22+
- **Honest verdicts.** An oracle miss now reads as `candidate` (could not re-prove), never `refuted`; `refuted` is reserved for an oracle that can truly disprove a vulnerability.
23+
- **Impact-honest severity:** a bare out-of-band callback proves existence, not impact, so it is rated medium until impact is reproduced.
24+
25+
### Verified
26+
27+
- 100% precision with zero false positives on the honeypot benchmark, and field-validated against live OWASP Juice Shop: a real broken-object-level-authorization bug verified end to end with a replayable proof capsule.
28+
529
## [0.17.2] - 2026-06-09
630

731
Patch release: tool-installer fixes from user feedback on issue #12 (`lukeswitz`).

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
44

55
[project]
66
name = "ptai"
7-
version = "0.17.2"
7+
version = "1.0.0"
88
description = "Autonomous AI pentesting with 200+ tools, exploit chaining, PoC validation, and credential-safe MCP server"
99
readme = "README.md"
1010
license = {text = "MIT"}

0 commit comments

Comments
 (0)