v2.1.0: prove what your agent actually did

[luckyPipewrench]

Your agent got prompt injected last Tuesday. You don't know it happened. The attacker exfiltrated 3 API keys through encoded POST bodies. You have no evidence, no timeline, no way to tell your security team what happened.

That's what v2.1.0 fixes.

Flight recorder. Hash-chained evidence log with signed checkpoints. Every request, every verdict, every enforcement decision. DLP-redacted so the evidence itself doesn't become a leak. When something goes wrong, you hand your security team the chain, not "we had a firewall, trust us."

pipelock assess. One command. Runs attack simulations against your config, captures evidence, generates a signed report with compliance mappings (OWASP, NIST, EU AI Act, SOC 2). The free version shows you where the gaps are. The paid version gives you the signed attestation bundle you can hand to auditors.

Denial-of-wallet detection. A prompt injection tells your agent to call an expensive API in a loop. Without limits, that's a $500 bill before anyone notices. Pipelock now tracks loop patterns, retry storms, fan-out, and concurrent call limits per session.

Canary tokens. Plant a fake AWS key in your agent's environment. If it shows up in egress traffic, you know the agent leaked. Block and audit event, instant.

Behavioral baseline. Let pipelock learn what your agent normally does for a few hours. Then lock the profile. Anything outside the baseline gets flagged. No rules to write.

A2A protocol scanning. Google's Agent-to-Agent protocol is new and untested. Pipelock scans for agent card poisoning, card drift, and session smuggling. First runtime scanner for A2A.

Try it:

brew install luckyPipewrench/tap/pipelock
pipelock simulate
pipelock assess init && pipelock assess run && pipelock assess finalize

Setup for Claude Code, Cursor, VS Code, and JetBrains:

pipelock claude setup
pipelock cursor install
pipelock vscode install
pipelock jetbrains install

Full changelog: CHANGELOG.md