docs: add v1.1.0 changelog for enterprise-hardening release (#98)

Covers 14 closed issues, 200+ tests, and 7 architectural features:
- Policy conflict resolution with 4 strategies
- Session policy pinning
- Tool alias registry for bypass prevention
- Human-in-the-loop escalation
- File-backed trust persistence
- Inter-package version compatibility
- Credential lifecycle management

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

CHANGELOG.md

@@ -7,6 +7,62 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.0] - 2026-03-08
+
+### 🚀 Highlights
+
+**14 issues closed, 200+ tests added, 7 architectural features shipped** — in 48 hours from first analysis to merged code. This release transforms the toolkit from a well-structured v1.0 into an enterprise-hardened governance layer with real adversarial durability.
+
+### Added — Security & Adversarial Durability
+
+- **Policy conflict resolution engine** — 4 declared strategies (`DENY_OVERRIDES`, `ALLOW_OVERRIDES`, `PRIORITY_FIRST_MATCH`, `MOST_SPECIFIC_WINS`) with 3-tier policy scope model (global → tenant → agent) and auditable resolution trace. Answers the question every security architect will ask: "if two policies conflict, which wins?" (#91)
+- **Session policy pinning** — `create_context()` now deep-copies policy so running sessions get immutable snapshots. Mid-flight policy mutations no longer leak into active sessions. (#92)
+- **Tool alias registry** — Canonical capability mapping for 7 tool families (30+ aliases) prevents policy bypass via tool renaming. `bing_search` can no longer dodge a `web_search` block. (#94)
+- **Human-in-the-loop escalation** — `EscalationPolicy` with `ESCALATE` tier, `InMemoryApprovalQueue`, and `WebhookApprovalBackend`. Adds the suspend-and-route-to-human path required by regulated industries (healthcare, finance, legal). (#81)
+
+### Added — Reliability & Operations
+
+- **Inter-package version compatibility matrix** — `doctor()` function with runtime compatibility checking across all 5 packages. Detects silent version skew before it causes trust handshake failures. (#83)
+- **Credential lifecycle management** — Wired `RevocationList` into `CardRegistry.is_verified()` so revoked credentials are actually rejected. Key rotation now has a kill path. (#82)
+- **File-backed trust persistence** — `FileTrustStore` with JSON persistence, atomic writes, and thread safety. Trust scores survive agent restarts — misbehaving agents can no longer reset reputation by crashing. (#86)
+- **Policy schema versioning** — `apiVersion` field with validation, migration tooling, and deprecation warnings. Schema evolution in v1.2+ won't silently break existing policy files. (#87)
+
+### Added — Governance Enhancements (PR #90)
+
+- **SIGKILL-analog process isolation** — Real `os.kill(SIGKILL)` for Linux, `TerminateProcess` for Windows, with PID tracking and cgroup integration. Not a simulated kill — actual process-level termination. (#77)
+- **OpenTelemetry observability** — `GovernanceTracer` with distributed traces, span events for policy checks, custom metrics (policy evaluations, violations, latency histograms), and OTLP exporter integration. (#76)
+- **Async concurrency safety** — `asyncio.Lock` guards on shared state, `ConcurrencyStats` tracking, deadlock detection with configurable timeouts. Concurrent agent evaluations no longer corrupt trust scores. (#75)
+- **Policy-as-code CI pipeline** — `PolicyCI` class with YAML linting, schema validation, conflict detection, and dry-run simulation. Integrates with GitHub Actions for PR-time policy validation. (#74)
+- **Deep framework integrations** — `LangChainGovernanceCallback`, `CrewAIGovernanceMiddleware`, `AutoGenGovernanceHook` with framework-specific lifecycle hooks, not just wrapper-level interception. (#73)
+- **External audit trail integrity** — `SignedAuditEntry` with Ed25519 signatures, `HashChainVerifier` for tamper detection, `FileAuditSink` for append-only external storage. Cryptographic proof that audit logs haven't been modified. (#72)
+- **Behavioral anomaly detection** — Statistical anomaly detection for agent behavior patterns (tool call frequency, response time, error rate) with configurable sensitivity. Catches rogue agents before they violate explicit rules. (#71)
+
+### Added — Infrastructure
+
+- **Copilot auto-review workflow** — Automated PR review on every pull request. (#70)
+- **7 production module ports** — Episodic Memory Kernel, CMVK, Self-Correcting Agent Kernel, Context-as-a-Service, Agent Control Plane, Trust Engine, Mute Agent infrastructure — ported from internal production with full test coverage. (#63–#69)
+
+### Fixed
+
+- **44 code scanning alerts resolved** — CodeQL SAST findings across the entire repository including CWE-209 (error information exposure), CWE-116 (improper encoding), and CWE-20 (improper input validation). (#79)
+
+### Security
+
+- All cryptographic operations use real Ed25519 primitives (not placeholder/XOR).
+- Prompt injection defense verified: `prompt_injection.py` + LlamaFirewall + `OutputValidationMiddleware`.
+- SLO alerting verified: `AlertManager` with Slack, PagerDuty, Teams, and OpsGenie channels.
+
+### Test Coverage
+
+- **200+ new tests** across all features with full assertion coverage.
+- All 5 packages pass CI independently.
+
+### Install
+
+```bash
+pip install ai-agent-compliance[full]
+```
+
 ## [1.0.1] - 2026-03-06
 
 ### Added
@@ -78,5 +134,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Pinned all Docker base images by SHA256 digest.
 - Removed `gradle-wrapper.jar` binary artifact.
 
+[1.1.0]: https://github.com/microsoft/agent-governance-toolkit/releases/tag/v1.1.0
 [1.0.1]: https://github.com/microsoft/agent-governance-toolkit/releases/tag/v1.0.1
 [1.0.0]: https://github.com/microsoft/agent-governance-toolkit/releases/tag/v1.0.0