Keesan12/Martin-Loop

v0.1.8 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 13d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-runtime ai-agent-runtime ai-coding-agents ai-control-plane ai-governance ai-safety

+13 more

audit-trail budget-enforcement claude-code codex coding-agents control-plane governed-runtime llmops mcp model-context-protocol observability policy-as-code rollback

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 12d

The v0.1.8 release adds a Red‑Blue Testing adversarial probe suite to the core and removes several ancillary artifacts (blog exports, npm auth steps) from the public package and CI pipelines.

Why it matters: Test the new Red-Blue Testing suite in dev environments before production use; no immediate action required for removed artifacts.

Summary

AI summary

Updates core, ci, and T02 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Adds Red-Blue Testing adversarial probe suite to core by GobiShanthan. Adds Red-Blue Testing adversarial probe suite to core by GobiShanthan. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Removes blog export artifacts from public OSS package by Keesan12. Removes blog export artifacts from public OSS package by Keesan12. Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Clarifies README positioning for agent proof workflows by Keesan12. Clarifies README positioning for agent proof workflows by Keesan12. Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Removes npm auth setup from publish workflows by Keesan12. Removes npm auth setup from publish workflows by Keesan12. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

What's Changed

feat(core): add Red-Blue Testing adversarial probe suite by @GobiShanthan
ci: remove npm auth setup from publish workflows by @Keesan12 in https://github.com/Keesan12/martin-loop/pull/57
Clarify README positioning for agent proof workflows by @Keesan12 in https://github.com/Keesan12/martin-loop/pull/59
Remove blog export artifacts from the public OSS package by @Keesan12 in https://github.com/Keesan12/martin-loop/pull/58

🔴🔵 Red-Blue Testing

Adversarial probe suite that runs before a patch is accepted. Six deterministic probes detect patch-level cheating: assertion deletion (T01), silent export reverts (T02), manifest scope creep (T03), context directory poisoning (T07), budget self-reporting (T10), and grounding evasion pragmas (T11).

Three risk tiers:

baseline — 6-probe sweep, no model call
high_risk — paranoid 12-probe scan, no model call
release_critical — paranoid scan + optional Haiku model call for deeper inspection

A single block-severity finding rejects the patch. warn findings are recorded but do not block.

Exported from martin-loop SDK: runRedPhase, shouldAcceptPatch, buildRedFindings, resolveRedBudgetPolicy

Full Changelog: https://github.com/Keesan12/martin-loop/compare/v0.1.7...v0.1.8

Breaking Changes

Removed npm authentication setup from publish workflows (CI)
Removed blog export artifacts from the public OSS package

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Keesan12/Martin-Loop

Get notified when new releases ship.

About Keesan12/Martin-Loop

All releases →

Related context

Related tools

Earlier breaking changes

vmcp-v0.1.3 martin_status uses oneOf for selector exclusivity, latest as const.
vmcp-v0.1.3 maxIterations and maxTokens modeled as integers in tool schemas.
vmcp-v0.1.3 Tool schemas enforce additionalProperties: false on public contracts.
vmcp-v0.1.3 Packaged artifacts now require and ship server.json alongside package.json.