Releases: backbay-labs/hush
v0.1.1-alpha
HushSpec v0.1.1-alpha
First published release of the HushSpec specification and multi-language SDK suite.
What's in the box
Specification — 10 core rule types (forbidden paths, egress, tool access, secret patterns, shell commands, patch integrity, path allowlist, computer use, remote desktop channels, input injection) plus 3 extension modules (posture, origins, detection).
Four SDKs — Full pipeline from parse → validate → resolve → evaluate → audit, with conformance-tested parity across Rust, TypeScript, Python, and Go.
h2h CLI — hush to hush. Validate, lint, test, diff, format, scaffold, sign, verify, and panic your way through the policy lifecycle.
Published packages
| Package | Registry | Install |
|---|---|---|
| `hushspec` | crates.io | `cargo add hushspec` |
| `hushspec-cli` | crates.io | `cargo install hushspec-cli` |
| `@hushspec/core` | npm | `npm install @hushspec/core` |
| `hushspec` | PyPI | `pip install hushspec` |
| `hushspec` | Go | `go get github.com/backbay-labs/hush/packages/go@v0.1.1-alpha` |
Highlights
- Fail-closed by design — unknown fields rejected at parse time, ambiguous rules deny
- Evaluation engine — allow/warn/deny decisions with matched rule traces
- Decision receipts — structured audit trail with SHA-256 policy hashes, rule traces, and microsecond timing
- Detection pipeline — pluggable prompt injection, jailbreak, and exfiltration detectors
- Policy signing — Ed25519 sign/verify with the `h2h` CLI
- Emergency override — deny-all panic mode via sentinel file or API
- HushGuard middleware — one-liner policy enforcement for application code
- Framework adapters — prebuilt mappings for Claude, OpenAI, and MCP tool calls (TypeScript)
- Hot reload — `PolicyWatcher` and `PolicyPoller` for live policy updates
- Observability — structured evaluation events, JSON line observers, metrics collection
- Built-in rulesets — default, strict, permissive, ai-agent, cicd, remote-desktop, panic
- Compliance library — HIPAA, SOC 2, PCI-DSS, FedRAMP, FERPA, CI/CD hardened templates
Alpha notice
The API surface is stabilizing but not yet frozen. Expect refinements before v1.0. Breaking changes will be called out in release notes.