What's New in Daena v3.7.0. The Security Supercharge

The Shape Of The Release

Every finding comes with a working exploit.
Or it doesn't make the report.

v3.6.x made Daena governed. v3.7.0 makes it defended. Three philosophical shifts: (1) security findings are proved, not guessed. (2) Defense runs inline during chat. No separate pentest cycle. (3) Asset exposure is gated by vault + egress filter + consent tokens, not by convention.

What shipped

Eight packages, one pipeline

Delivered in one continuous push against sleepy-shimmying-rivest. Every package gated on full-suite green before merge.

Package 01

Hidden activation + neutral UX

Silent keystroke interceptor in ChatInput. Neutral REST paths. Discrete gold lightning badge. No menu entries, no help text, no audit-UI hints.

Attackers can't attack what they can't see.

Package 02

Eight-kind target detection

URL, domain, IP, CIDR, host:port, APK/IPA, Android package, git repo. SECURITY_SCAN intent gated on target presence. Dangerous ops always beat scan intent.

If we can parse it, we can scan it.

Package 03

Chat → ScanWorkflow bridge

Stage 2.78 dispatcher. Live SSE event emitter at /api/v1/security/scans/{id}/events. Inline ScanProgressCard streams phase updates into the conversation.

Scans happen where your team already works.

Package 04

BeyondMythos enrichment

Every finding passes through ErrorOracle + AdversarialSimulator + CompositionalPlanner before aggregation. Hallucinated vulnerabilities get killed at the gate.

AI-assisted, human-auditable.

Package 05

Six-channel intelligence fan-out

Parallel queries to web search + CVE feeds + codebase graph + NBMF T3 + knowledge graph + knowledge hunter. 1-hour CVE cache. Per-channel status trace.

One scan. Six perspectives. One answer.

Package 06

Source correlator + Zero-FP gate

Whitebox/blackbox mapping via codebase-memory MCP. OPERATOR+ tier findings are dropped unless a working exploit is produced. No-exploit-no-report.

If we didn't prove it, we don't ship it.

Package 07

System-wide Asset Shield

Vault adapter + egress filter + consent tokens + operator-initiation marker. Tier collapse is initiator-aware: FOUNDER/ADMIN/MANAGER sessions get different gates than system-triggered ops.

Assets don't leave unless you said so.

Package 08

Verification

tsc --noEmit: 0 errors. 57 new package tests, 214/214 across 8 test files. Full-suite regression: 2,956 passed, 16 skipped, 0 failed in 765s.

Shipped means green, end-to-end.

Deep dive · Package 06

The Zero-FP Gate, explained

The single biggest QoL improvement in v3.7.0. Every security finding at tier OPERATOR or above must be reproducible. or it's dropped silently, before it ever hits your inbox.

How it works

Step 1ScanWorkflow aggregates findings from six channels (web, CVE, codebase, NBMF, knowledge graph, hunter).
Step 2source_correlator.py maps each finding against actual source code via codebase-memory MCP. Findings that point at code that doesn't exist are dropped.
Step 3zero_fp_gate.py runs reproduction attempts. For operator-facing findings, an exploit trace must be produced. If no trace → no report line.
Step 4BeyondMythos enrichment runs on the survivors. ErrorOracle double-checks reasoning, AdversarialSimulator stress-tests the claim, CompositionalPlanner attaches remediation.
Step 5You see the report. Every finding has CVE ref, exploit trace, source snippet, and remediation. No noise.

Always-on governance

Three layers. Non-negotiable.

v3.7.0 introduces asymmetric governance. Your experience is smooth, your attacker's experience is not.

1. Shield

PromptInjectionScanner + BehaviorGuard + tenant isolation. Runs before any model call. Four-layer injection defense: heuristic, risk accumulation, boundary markers, unicode normalization.

2. Security

SecurityGate + ToolCallClassifier + AsyncApprovalManager + LoopDetector. Every tool call classified. Dangerous ops halted at the gate. Approval queue where it matters.

3. Asset Shield

Vault adapter + egress filter + consent tokens + operator-initiation. Even authorized actions can't exfiltrate assets without an explicit consent token.

Release numbers

What "production-safe" looks like

2,956 / 2,956

Tests Passing

0 failed · 16 skipped · 765s total

0

TypeScript Errors

tsc --noEmit clean

214 / 214

Package Tests

8 new test files · 87 new assertions

Baseline before release: 3,086 passing. Full-suite fast-subset regression at delivery: 2,956 passing · 0 failed. Delta is the fast-subset scope, not a regression. Package 08 verification gate enforced green across all eight packages before merge.

Changelog

Files changed

Backend (10 new · 5 modified)

api/v1/security_mode.py. REST endpoints: mode/state, mode/activate, mode/deactivate
services/security/beyond_mythos_enricher.py. ErrorOracle + AdversarialSimulator + CompositionalPlanner wrapper
services/security/cve_intel.py. 1-hour-cached CVE feed client
services/security/intel_fanout.py. 6-channel parallel query orchestrator
services/security/source_correlator.py. Whitebox/blackbox mapping via codebase-memory MCP
services/security/zero_fp_gate.py. No-exploit-no-report gate on OPERATOR+ tier
services/security/asset_shield/. vault_adapter · egress_filter · consent_token · operator_initiation

Frontend (2 new · 4 modified)

stores/securityModeStore.ts. mode state store with SSE sync
components/chat/ScanProgressCard.tsx. inline live-progress card
components/chat/ChatInput.tsx. silent keystroke interceptor (hidden activation)
components/chat/SlashCommands.tsx. /scan command (not listed in menu)
components/chat/GovernanceEventStrip.tsx. scan-card rendering
components/layout/Header.tsx. elevated-mode gold lightning indicator
stores/chatStore.ts. scan_dispatched SSE handler

Run Daena v3.7.0

Local via Ollama, self-hosted on your cloud, or managed at daena.mas-ai.co.
The security pipeline ships on every tier.

Try Online Free Book a Security Audit View Pricing

The Security Supercharge.

Every finding comes with a working exploit.Or it doesn't make the report.