v0.4.0: DevSecOps Benchmarking, GitHub Actions & Enterprise Compliance

This release pivots HumaneProxy further into the DevSecOps lifecycle by introducing robust CLI benchmarking capabilities, a native GitHub Action for PR safety gates, and enterprise-grade compliance transparency.

🎉 Major Features

• Safety Benchmarking Dashboard: Added the benchmark CLI command (hp benchmark --dataset evals/sample.json) to evaluate custom datasets against HumaneProxy's pipeline. It produces beautiful terminal analytics containing latency statistics, precision, recall, and a per-category confusion matrix using rich.
• GitHub Actions Integration: HumaneProxy is now available as a GitHub Action! Block PRs automatically if testing thresholds fail, preventing regressions from slipping into production.
• hp Shorthand Alias: Added the hp CLI shortcut in pyproject.toml so developers can run commands quickly (e.g., hp start, hp check, hp benchmark).
• Sample Evaluations Dataset: Packaged evals/sample.json containing 20 curated baseline strings designed to safely test false positives and boundary conditions.

🔒 Security & Fast-Tracking

• Enterprise Compliance Specs: Created COMPLIANCE.md heavily targeted towards engineering leaders, defining our explicit architecture controls supporting HIPAA, GDPR, and SOC 2 requirements. Emphasises the strict zero-BAA threshold achieved by self-hosting.
• Coordinated Vulnerability Disclosure: Deployed standard .github/SECURITY.md defining supported versions, timelines, and email escalation routes indicating explicit exclusion parameters.
• CODEOWNERS Lock: Adopted .github/CODEOWNERS blocking unregulated modification of core configuration and architecture files.

🧩 Ecosystem Polish & Maintenance

• Contributor License Agreement (CLA): CONTRIBUTING.md now establishes a CLA mandate to eliminate long-term evolution and liability bottlenecks.
• Platform Availability Enhancements: Included an "Available On" matrix in README.md containing transparent platform badges for PyPI, Glama AAA Registry, and the MCP Marketplace. Added a new dedicated "As an MCP Server" quick start flow.
• FastAPI Core Bump: Shifted minimum dependency for FastAPI to >=0.109.1 successfully addressing the python-multipart Content-Type Header ReDoS vulnerability (GHSA-qf9m-vfgh-m389).
• Marketplace Strict Typing: server.json parameters now explicitly mark "required": false ensuring parity against stubborn third-party MCP JSON parsers.

---

Full Changelog: v0.3.1...v0.4.0

v0.3.1 - Exponential Time Decay, MCP Fix & Multilingual Stage 2 Docs

What's New

⏱️ Exponential Time-Decay for Risk Trajectory

Historical risk scores in the rolling trajectory window are now weighted by an exponential decay function:

$$w_i = e^{-\lambda , \Delta t_i}$$

This means stale scores from hours or days ago naturally fade toward zero, giving returning users a fair baseline — a bad weekend won't haunt someone on Thursday. But rapid within-session escalation (messages seconds apart) is still caught identically to before, since decay over seconds is negligible.

Time elapsed	Weight	Effect
5 minutes	99.8%	Live conversation — full weight
6 hours	84%	Still relevant
24 hours	50%	Half weight (default half-life)
48 hours	25%	Fading
72 hours	12.5%	Nearly forgotten

Configuration:

trajectory:
  decay_half_life_hours: 24.0  # default; set to 0 to disable

Or: export HUMANE_PROXY_DECAY_HALF_LIFE=12

🔧 MCP stdio Transport Fix

Fixed a bug where humane-proxy mcp-serve printed a startup log line to stdout, which violates the MCP stdio protocol (stdout must be pure JSON-RPC). This caused MCP registries like Glama to fail to detect tools, prompts, and capabilities. The log now routes to stderr.

🌍 Multilingual Stage 2 Recommendation

Added documentation recommending paraphrase-multilingual-MiniLM-L12-v2 as a drop-in replacement for the default all-MiniLM-L6-v2 when users need to catch intent in non-English languages (Roman Hindi, Spanish, Arabic, etc.). Simply change the model field in stage2 config.

📊 Test Coverage

216 tests passing (+5 new time-decay tests covering decay mechanics, long-absence spike detection, and disabled-decay fallback).

Full Changelog: https://github.com/Vishisht16/Humane-Proxy/blob/main/CHANGELOG.md

v0.3.0 - Storage Backends, AI Agent Integrations & Safety Refinements

What's New

🗄️ Swappable Storage Backends

Escalation data is no longer locked to a single SQLite file. The new EscalationStore repository pattern supports three backends out of the box:

Backend	Install	Use case
SQLite (default)	built-in	Zero-config, single-process
Redis	pip install humane-proxy[redis]	Multi-container / ephemeral
PostgreSQL	pip install humane-proxy[postgres]	Persistent relational storage

Configure via storage.backend in humane_proxy.yaml or HUMANE_PROXY_STORAGE_BACKEND env var. Existing SQLite users need zero changes — local_db.py is now a transparent shim.

🤖 AI Agent Integrations

Native safety tool wrappers for major agentic frameworks, no MCP subprocess required:

• LlamaIndex — get_safety_tools() returns FunctionTool instances
• CrewAI — get_safety_tools() returns BaseTool subclasses with Pydantic schemas
• AutoGen (AG2) — register_safety_tools(assistant, user_proxy) one-liner
• LangChain — existing MCP-based integration (unchanged)

🛡️ Safety Pipeline Improvements

• Configurable self-harm threshold — New escalate_threshold (default 0.5) replaces the old behaviour of forcing every self-harm score to 1.0. Operators can now tune sensitivity.
• Ambiguity dampening — When Stage 2 embedding scores land in the grey zone (0.30–0.55), they're compared against benign anchor phrases (e.g. "no point in continuing this project"). If benign semantics are competitive, the score is halved — dramatically reducing false positives on ambiguous phrases.

📊 Enhanced Admin API

New Endpoint	Description
GET /admin/health	Uptime, version, enabled stages (no auth required)
GET /admin/config	Active config with secrets auto-redacted
GET /admin/escalations/export	CSV download of escalation records

Existing /admin/escalations now supports date_from, date_to, sort_by, and sort_order parameters. /admin/stats adds top_sessions, by_stage, and hourly_last_24h breakdowns.

⚡ Performance

• Model singleton cache — The all-MiniLM-L6-v2 embedding model is now loaded once per process and shared across all calls. Repeated humane-proxy check invocations no longer re-read 80MB from disk.
• Warm-up encode — A single warm-up call during init eliminates cold-start latency on the first real query.

🔧 CI/CD

• Merged publish-mcp.yml into pypi.yml — MCP Registry publishing now runs automatically after PyPI publish succeeds, in a single workflow.
• Added Dockerfile and .dockerignore for containerised deployments (~500KB build context).

📦 New Install Extras

pip install humane-proxy[redis]       # Redis backend
pip install humane-proxy[postgres]    # PostgreSQL backend
pip install humane-proxy[llamaindex]  # LlamaIndex integration
pip install humane-proxy[crewai]      # CrewAI integration
pip install humane-proxy[autogen]     # AutoGen integration
pip install humane-proxy[all]         # Everything

Full Changelog: v0.2.3...v0.3.0

v0.2.3 - Fix Stage 2 Embedding Classifier & Stage 3 Warning

What's Changed

🐛 Bug Fixes

• Stage 2 embedding classifier never ran — The pipeline's early-exit logic was too aggressive. When Stage 1 heuristics scored a message as safe (score 0.0), it would exit before Stage 2 ever got a chance. This defeated Stage 2's entire purpose: catching semantically dangerous messages that keyword matching misses (e.g. "Nobody would notice if I disappeared"). Now, when Stage 2 is enabled via enabled_stages: [1, 2], all messages flow through the embedding classifier — only definitive self_harm from Stage 1 early-exits.
• Stage 3 warning shown incorrectly — Users with enabled_stages: [1] or [1, 2] saw a misleading "Stage-3 classification is DISABLED" warning even though they never configured Stage 3. The warning now only appears when 3 is in enabled_stages but no API key is available.
• HUMANE_PROXY_ENABLED_STAGES env var was documented in the README but never wired up. Now accepts comma-separated ints (e.g. 1,2).

✨ Added

• glama.json for Glama MCP directory listing.
• Glama badges in README (server card + quality score).
• Real embedding model tests — 7 tests using the actual all-MiniLM-L6-v2 model (auto-skipped in CI via importorskip).
• Pipeline regression tests — 7 new tests covering the early-exit fix and Stage 3 warning gating.
• Test count: 186 → 200.

📝 Documentation

• README clarifies that when Stage 2 is enabled, all messages flow through the embedding classifier. Stage 1 acts as a fast-path for clear self-harm only, not the sole safety determiner.
• README clarifies LLM_API_KEY / LLM_API_URL are only needed for the reverse proxy server (humane-proxy start), not for the library API or MCP server.

Upgrade

pip install --upgrade humane-proxy        # Stage 1 only
pip install --upgrade humane-proxy[ml]    # Stage 1 + 2 (recommended)

Full Changelog: v0.2.2...v0.2.3

v0.2.2 - MCP Registry, HTTP Transport & LangChain Integration

What's New

🌐 MCP HTTP Transport

The MCP server now supports Streamable HTTP transport alongside stdio, enabling remote access and registry listing:

humane-proxy mcp-serve --transport http --port 3000

📋 Official MCP Registry

HumaneProxy is now ready for the Official MCP Registry. server.json metadata is included, and a publish-mcp.yml workflow auto-publishes on every release via GitHub OIDC.

🦜 LangChain Integration

Plug HumaneProxy safety tools into any LangChain or LangGraph agent:

pip install humane-proxy[langchain]

from humane_proxy.integrations.langchain import get_safety_tools
tools = await get_safety_tools()

🗑️ Removed

• smithery.yaml — Smithery now requires live HTTP URLs, not stdio configs.

Install

pip install humane-proxy            # Stage 1 only
pip install humane-proxy[ml]        # + Stage 2 embeddings
pip install humane-proxy[mcp]       # + MCP server
pip install humane-proxy[langchain] # + LangChain adapter
pip install humane-proxy[all]       # Everything

186 tests passing.

Full Changelog: v0.2.0...v0.2.2

v0.2.0 - 3 Stage Safety Pipeline, Care Response, MCP Server

What's New

🧠 3-Stage Cascade Safety Pipeline

• Stage 1 — Heuristics (always on, <1ms): keyword corpus + intent regex patterns
• Stage 2 — Semantic Embeddings (~100ms): sentence-transformers cosine similarity. Install with pip install humane-proxy[ml]
• Stage 3 — Reasoning LLM (~1–3s): LlamaGuard (Groq), OpenAI Moderation API, or any OpenAI-compatible chat model. Auto-detects OPENAI_API_KEY or GROQ_API_KEY

🆘 Self-Harm Care Response System

• Block mode (default): Responds with an empathetic message and international crisis resources (🇺🇸 US, 🇮🇳 India, 🇬🇧 UK, 🇦🇺 Australia, 🇨🇦 Canada, 🇩🇪 Germany, 🇫🇷 France, 🇧🇷 Brazil, 🇿🇦 South Africa, 🌐 IASP/Befrienders)
• Forward mode: Injects a care-context system prompt before forwarding to your LLM
• Fully configurable via humane_proxy.yaml

🤖 MCP Server Integration

• Expose safety tools via Model Context Protocol: check_message_safety, get_session_risk, list_recent_escalations
• Smithery-ready (smithery.yaml included)
• Install with pip install humane-proxy[mcp]

🔐 REST Admin API

• GET /admin/escalations — paginated, filterable by category/session
• GET /admin/sessions/{id}/risk — trajectory replay
• GET /admin/stats — aggregate counts
• DELETE /admin/sessions/{id} — right to erasure
• Secured with HUMANE_PROXY_ADMIN_KEY Bearer token

📢 Enhanced Alerts

• Microsoft Teams webhook (adaptive card format)
• Email alerts via SMTP (stdlib, zero extra deps)
• Existing: Slack, Discord, PagerDuty

🖥️ New CLI Commands

• humane-proxy escalations [--category] [--limit] [--session]
• humane-proxy session <id>
• humane-proxy mcp-serve

🔒 Privacy & Explainability

• SHA-256 message hashing (raw text never stored by default)
• stage_reached and reasoning stored per escalation
• Enhanced trajectory: trend detection, category tracking, spike detection

Install

pip install humane-proxy          # Stage 1 only
pip install humane-proxy[ml]      # + Stage 2 embeddings
pip install humane-proxy[mcp]     # + MCP server
pip install humane-proxy[all]     # Everything

Tests

186 tests passing across heuristics, pipeline, admin API, care response, webhooks, interceptor, and trajectory.

Changelog

https://github.com/Vishisht16/Humane-Proxy/blob/main/CHANGELOG.md