All notable changes to Creed Guardian will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
-
H1: Prompt injection mitigation - Added input sanitization that detects suspicious patterns ("ignore previous", "disregard instructions", etc.) and logs warnings. Inputs are now length-limited to 10KB. Multiple newlines are collapsed to prevent section injection.
-
H2: SSRF protection - Added URL validation for
ollama_urlparameter. Cloud metadata endpoints (AWS 169.254.169.254, GCP metadata.google.internal, Azure metadata.azure.com) and private IP ranges (10.x, 172.16-31.x, 192.168.x) are now blocked. Only localhost and public URLs are allowed. -
M1: Removed API key exposure -
get_status()no longer returnshas_api_keyorescalate_uncertainfields to prevent information leakage. -
M2: Reduced logging verbosity - Changed operational logs from INFO to DEBUG level to reduce log exposure.
-
M3: TLS verification option - Added
verify_sslparameter (default: True) to support custom CA bundles or disable verification for self-signed certificates. -
M4: Sanitized exception messages - Error messages are now generic and don't expose internal details. Technical details available via exception attributes.
-
L1: Specific exception handling - Cloud escalation now catches specific exceptions instead of bare
except. -
L2: Fixed async patterns -
check_sync()now properly detects running event loops and usesasyncio.run(). -
L4: Pinned dependencies - httpx and psutil now have upper version bounds.
- Security section in README documenting prompt injection limitations, network security, and vulnerability reporting.
- Comprehensive security tests for SSRF protection, input sanitization, and TLS configuration.
- Initial release of Creed Guardian
- Local AI safety evaluation using Ollama-powered models
- Auto-tier selection based on available RAM (1.5B to 32B models)
- Fail-closed mode (default) for uncertain verdicts
- Synchronous and async APIs
@guardian.protectdecorator for protecting functions- Async context manager support