Releases: mantiumai/chirps
0.3.2
What's Changed
- fix MultiQueryRule policy clone bug by @alex-nork in #201
- implement APIEndpointAsset ping functionality by @alex-nork in #203
- Update VERSION by @JustEmrick in #200
- Fix bug related to scan version and policy version by @alex-nork in #196
- Select model to be used for attack message generation by @alex-nork in #205
- Bugfix: properly aggregate rule findings by @zimventures in #207
Full Changelog: 0.3.1...0.3.2
0.3.1
What's Changed
- periodic task framework & worker status enhancement by @zimventures in #189
- properly render Findings by Severity doughnut by @alex-nork in #191
- Add MultiQueryResult and MultiQueryFinding models by @alex-nork in #188
- Refactor scan results and findings to support multiple types by @alex-nork in #190
- implement MultiQueryRule execution logic by @alex-nork in #192
- policy template fixture with MultiQueryRules by @alex-nork in #198
- update policy dashboard template to group rules by type by @alex-nork in #195
Full Changelog: 0.3.0...0.3.1
0.3.0
Feature Updates & Improvements
- Ability to cancel jobs: This will provide the ability to cancel a job that is in the running or in a queued state. Provides the action of clicking on the “stop” button on the scan dashboard to perform the cancellation.
- Introduction of agent classes: An Agentclass, along with Attacker and Evaluator subclasses were added. These will be used when executing the MultiQueryRule to generate messages to be sent to an asset and to evaluate the response from an asset.
- Ability to make an API request to an API Asset: The query included in the request POST body will be generated during a scan, and the entire response from the request will be parsed to determine if the response includes the pre-defined success outcome. If not, another query will be generated and the process repeated.
- And more…
Bug Fixes
- No reported bug since the week starting 07/31
- See all the fixes…
Community Contributions
Upcoming Milestones
- Periodic task scheduling: In Progress – This will enable users the ability to kick off tasks at regular intervals replacing the need to manually scan each asset, each time
- Automatic Patch version bumping: Week ending 09/08 – This will be helpful for developers to identify what version of Chirps an end-user is running to help with triaging issues.
What's Changed
- job stop and service indicator sauce by @zimventures in #176
- Refactor rules to simplify adding new rule type by @alex-nork in #178
- add MultiqueryRule by @alex-nork in #179
- refactor scan task by @zimventures in #177
- Implement APIEndpointAsset's fetch_api_data functionality by @alex-nork in #181
- fix asset tests by @alex-nork in #185
- Introduce agent classes by @alex-nork in #186
- add attack_count to multiqueryrule for use in rule execution by @alex-nork in #187
Full Changelog: 0.2.0...0.3.0
0.2.0
Weekly update
Feature Updates and Improvements
Policy Rule Application Refactor: RegexRule model created to move regular expression specific values out of the existing Rule model. Enables additional rule types to support new LLM Scanning and DDOS Vulnerability functionality.
Scans as configuration items: Scans now have a history, and are configurable items rather than execution items. Now with a Dashboard, Scan History and Scan Editing.
APIEndpoint Asset model: Provides the user with a means for connecting Chirps to an API endpoint, allowing Chirps to interact with their chatbot or some other LLM application
Bug Fixes
No reported bug since the week starting 07/31
Community Contributors
@PedroAVJ for the refactor of the rule model. The Mantium team is thankful for your continued contributions and commitment to expanding the capabilities of this project.
Upcoming Milestones
Expanding Chirps to scan LLM API's: In Progress – This will provide the ability to scan LLM (Language Models) APIs for specific security-related issues such as Prompt Injection, DDOS, and other potential vulnerabilities.
Ability to cancel jobs: By EOW - This will provide the ability to cancel a job that is in the running or in a queued state. Provides the action of clicking on the "stop" button on the scan dashboard to perform the cancellation.
What's Changed since 0.1.0
- Celery task failure mechanism by @zimventures in #115
- Finding vector source ID by @zimventures in #118
- Check openai key exists before running scan by @alex-nork in #119
- Embedding model service provider dropdown list by @alex-nork in #121
- Asset creation: provide available embedding models based on selected embedding model service by @alex-nork in #123
- Asset editing by @zimventures in #125
- add cohere embedding service by @alex-nork in #124
- Generic asset ping support by @zimventures in #126
- removing pycharm settings by @zimventures in #127
- Replacing custom Javascript with HTMX for embedding model retrieval by @zimventures in #131
- generate_embeddings management command by @alex-nork in #128
- redis ping enhancement by @zimventures in #132
- Configurable preview window size by @alex-nork in #134
- Add loading indicator to "ping" buttons by @PedroAVJ in #138
- User API key enhancements by @zimventures in #135
- Enable mypy pre-commit hook by @alex-nork in #137
- Add flash messages after Create/Update/Delete of an item by @PedroAVJ in #139
- Display worker status by @alex-nork in #151
- update address regex in the standard pii policy by @JustEmrick in #150
- remove vestigial fernet key code by @alex-nork in #153
- Css update - Table fixed width for policies by @JustEmrick in #160
- User password change by @PedroAVJ in #147
- configurable severity by @alex-nork in #161
- new rule severity dropdown by @alex-nork in #163
- refactor attribute display to make it easier when adding new asset types by @alex-nork in #166
- make workspace directory dynamic by @boyko11 in #152
- Scans as configuration items by @zimventures in #162
- APIEndpointAsset model by @alex-nork in #165
- Add auto restart for celery by @PedroAVJ in #170
- Revert "Add auto restart for celery" by @zimventures in #172
- Refactor Rule model by @PedroAVJ in #169
- Scan application refactor by @alex-nork in #173
New Contributors
- @PedroAVJ made their first contribution in #138
- @JustEmrick made their first contribution in #150
- @boyko11 made their first contribution in #152
Full Changelog: 0.1.0...0.2.0
0.1.0
Welcome to the initial release of Chirps!
With this release, users are able to create assets, policies, and perform scans. Instructions on how to setup and run the application can be found in the Getting Started Guide.