When was v5.10.0 published?

v5.10.0 was published on Jun 8, 2026.

How much validation backed v5.10.0?

The release notes report 3,211 tests across 32 suites, all passing.

Release

v5.10.0 — ClaimVerifier: Tier 1 Agent Honesty / Lie Detector

Published 2026-06-08 | Release notes

Network-AI v5.10.0 ships ClaimVerifier, a new subsystem that lets the orchestrator independently verify whether an agent's claimed actions actually happened — catching fabricated results, exaggerated outcomes, and undisc

Read the release here or open the original release on GitHub.

Open release on GitHub Open changelog Open quick start Release RSS

ClaimVerifier — Tier 1 Agent Honesty / Lie Detector

Network-AI v5.10.0 ships ClaimVerifier, a new subsystem that lets the orchestrator independently verify whether an agent's claimed actions actually happened — catching fabricated results, exaggerated outcomes, and undisclosed side-effects.

How it works

AgentRuntime now issues an HMAC-signed ExecutionReceipt for every exec() and writeFile() call, committing to { agentId, action, target, exitCode, outputHash }. The runtime — not the agent — is the sole outcome authority. Tampering with any field (including exitCode or outputHash) invalidates the signature.

ClaimVerifier.verify(manifests, agentId, windowMs) reconciles agent-declared ActionManifest[] against the in-memory RuntimeAuditEntry log:

UNSUPPORTED_CLAIM — agent declared an action that has no matching runtime witness (forged or imagined)
UNDISCLOSED_ACTION — runtime witnessed an action the agent did not declare

Both violation types surface through ComplianceMonitor and can trigger AuthGuardian trust decay.

Trust decay

AuthGuardian.recordClaimViolation() increments a per-agent counter on each UNSUPPORTED_CLAIM. After N consecutive violations (default 3) trust drops by 0.1. Below 0.4 trust, the agent is forced into ApprovalGate supervised execution. esetClaimViolations() resets the counter on a corroborated turn.

New exports

ypescript import { ClaimVerifier, ActionManifest, VerificationOutcome, VerificationResult } from 'network-ai' import { ExecutionReceipt } from 'network-ai'

Scope (Tier 1)

ClaimVerifier operates on AgentRuntime-mediated actions only. Unmediated BYOC adapter network calls, per-session audit log boundaries, and the interpretive gap between "ran" and "succeeded semantically" are documented in THREAT_MODEL.md section 8 as Tier 2 hardening candidates (capability broker + process isolation + egress-deny).

Changes

New: lib/claim-verifier.ts — ClaimVerifier, ActionManifest, VerificationOutcome, VerificationResult, ClaimVerifierOptions
New: est-claim-verifier.ts — 50 tests (Phase 1: receipt, Phase 2: reconciliation, Phase 3: trust decay)
Modified: security.ts — ExecutionReceipt interface; SecureTokenManager.generateReceipt() / alidateReceipt()
Modified: lib/agent-runtime.ts — ShellResult.receipt?, FileResult.receipt?, receipt emission after exec/write
Modified: lib/auth-guardian.ts — ecordClaimViolation(), esetClaimViolations(), getClaimViolationCount(), getTrustLevel()
Modified: lib/compliance-monitor.ts — ViolationType extended with UNSUPPORTED_CLAIM, UNDISCLOSED_ACTION
Modified: ypes/agent-adapter.d.ts — AgentResult.metadata.receipts?
Modified: index.ts — exports for all new types
Modified: THREAT_MODEL.md — section 8 Tier 1 scope ceiling + Tier 2 hardening path
Docs: README, SECURITY, .github/SECURITY, SKILL.md, CONTRIBUTING, AUDIT_LOG_SCHEMA, CHANGELOG, ARCHITECTURE — all updated for v5.10.0

Test suite

3211 tests across 32 suites (50 new + 3161 existing), 0 failures.

Full changelog

See CHANGELOG.md.