Immutable
release. Only release title and notes can be modified.
Added
- C extension (
_guardian.c) for tamper-resistant locked mode. Snapshots the identity
of every critical Python object at activation time and verifies integrity on every
socket event. Detects config replacement, method monkey-patching, frozen field mutation
viaobject.__setattr__, and bytecode swapping. On tamper detection, blocks ALL network
access (fail-closed) and writes a tamper alert to stderr viaos.write(fd 2). - The C extension is now required — installation fails without a C compiler (pre-built
wheels include the compiled extension for all platforms). cibuildwheelCI job builds platform-specific wheels with the compiled C extension
for Linux, macOS, and Windows across Python 3.10–3.14.- Publish workflow split into a separate GitHub Actions workflow, triggered via
workflow_runafter CI succeeds. - CodeQL now scans both Python and C/C++ code.
cppcheckstatic analysis for C code via Docker-based pre-commit hook.
Changed
- Build backend switched from
hatchlingtosetuptoolsfor native C extension support.