Tags

Tags give the ability to mark specific points in history as being important

  • v0.1.2

    7aa22d0c · ci: add attest-fips job and link FIPS SLSA attestation to release ·
    Release: assay v0.1.2 
    v0.1.2 -- FIPS SLSA attestation on release page

Completes the release-page parity for FIPS variant:
- attest-fips job generates SLSA v1.0 provenance for assay-linux-amd64-fips
- add-security-assets now links the FIPS attestation from packages/generic/provenance/

  • v0.1.1

    fa7aa51b · ci: bump catalog to v1.4.2; link FIPS binary + SBOM via add-security-assets ·
    Release: assay v0.1.1 
    v0.1.1 -- link FIPS binary and SBOM to release page

v0.1.0 shipped the FIPS binary to the package registry but did not
link it on the release page. v0.1.1 adds explicit links via
add-security-assets.

  • v0.1.0

    5634b698 · ci: bump pipeline catalog to v1.4.0 ·
    Release: assay v0.1.0 
    v0.1.0 -- initial DoD-grade release

Two diagnostic tools as a single binary:
- ws-probe: WebSocket connectivity diagnostic
- duo-bench: AI Gateway profiling and benchmarking

Security posture:
- Six rounds of adversarial review
- 11 NIST SP 800-53 controls + CMMC 2.0 L2 + SSDF v1.1
- Trust manifest with CM-5(3) integrity verification
- Token scrubbing, no redirect following, hostname validation

FIPS variant (shipped from CI):
- assay-linux-amd64-fips built with aws-lc-rs + fips feature
- AWS-LC FIPS 140-3 Cert #4631

assay verify subcommand:
- Prints binary SHA-256 and compiled-in crypto provider
- Cosign attestation verification command
- Optional --checksums validation

Pipeline catalog v1.4.0 adopted.