v0.1.3policy-scout2026-06-10
Incident response layer with lockdown and playbooks
One-command lockdown, YAML-driven runbooks per threat class, and evidence preservation land as a structured incident response layer.
v0.1.32026-06-10
- ·lockdown.py activates a kill-switch blocking all non-read-only commands until explicitly cleared
- ·playbooks.yaml defines runbooks per threat class; playbooks.py surfaces the matching one on DENY_AND_ALERT
- ·preserve.py snapshots the active audit log, reports, and config to a timestamped evidence directory
- ·clearance.py is the single read point for lockdown state, consumed by the policy engine and CLI