Release Notes¶

Unreleased¶

Changed (breaking)¶

airs runtime dlp-gen moved to airs runtime dlp generate. The DLP test-file generator now lives under the dlp namespace alongside dictionaries, filtering-profiles, patterns, and profiles. Flags and behavior are unchanged — --types, --count, --out, --techniques, --seed, --output work identically. Update any scripts or aliases that called airs runtime dlp-gen.

Removed (breaking)¶

airs runtime dlp-profiles list removed. Use airs runtime dlp profiles list (DLP namespace) instead — it is now the canonical listing and returns populated profile IDs plus type, profile_type, status, and version fields, paginated as {items, page:{number,size,total,returned}}.

Migration note¶

The two endpoints overlap heavily but are not identical on the same tenant. Before switching scripts that consumed the legacy command, verify the profiles you rely on are present in the new output:

The legacy Management endpoint may have surfaced profiles the new DLP namespace endpoint does not (observed on at least one tenant: PII Basic Block All Data was legacy-only).
The new DLP namespace endpoint may surface profiles the legacy endpoint did not (observed: Malware was new-only).
The new endpoint is paginated — pass --page / --size to walk past the first page.
Field shape changes: legacy returned [{id,name}] with empty IDs; new returns {items:[{id,name,type,profile_type,status,version}], page:{...}}.

See #226 for the divergence analysis.

v2.10.0¶

Changed¶

DLP write commands now take structured flags — patterns|profiles|filtering-profiles create/replace accept --name, --regex, --weighted-regex, --pattern-id, --file-based, --direction, --tag k=v, etc. instead of forcing --body-file pattern.json. --body/--body-file retained as escape hatches for complex rule trees.
DLP output curated across all formats — --output json|yaml now returns {items, page:{number,size,total,returned}} for lists and {action,id,name,type,status,version} for acks, dropping the raw SDK envelope leak (tenant_id, is_parent_managed, pageable.*).

Fixed¶

dlp dictionaries create now honors --output — was hardcoded to pretty, ignoring the flag. Now matches the rest of the DLP command surface.

v2.9.0¶

New¶

DLP command group — airs runtime dlp adds full CRUD across four DLP subclients:
filtering-profiles (list/get/replace)
patterns (list/create/get/replace/patch/soft-delete)
profiles (list/create/get/replace/patch — no delete; archive via patching profile_status)
dictionaries (full CRUD with multipart upload; handles both 200+body and 204+empty replace responses)
Optional PANW_DLP_ENDPOINT env var (defaults to SDK built-in).

Fixed¶

--debug now captures DLP traffic — fetch interceptor's host allowlist was missing api.dlp.paloaltonetworks.com, so runtime dlp commands were silently bypassing the JSONL log.

Dependencies¶

@cdot65/prisma-airs-sdk bumped to ^0.9.2 (DLP nested helper nullable sweep — unblocks runtime dlp patterns list and runtime dlp profiles list against live tenants).

v2.4.0¶

New¶

Profile cleanup -- airs runtime profiles cleanup deletes old profile revisions, keeping only the latest revision per profile name. AIRS creates a new revision (with a new UUID) on every profile update; this command prunes the accumulated duplicates. Supports --force to skip confirmation, --updated-by <email> (defaults to git config user.email), and --output json for structured output.

v2.3.0¶

New¶

Target init from templates -- airs redteam targets init <provider> scaffolds a target config JSON from provider templates (OPENAI, HUGGING_FACE, DATABRICKS, BEDROCK, REST, STREAMING). Supports --output <file> for custom paths.

v2.2.0¶

New¶

EULA management -- airs redteam eula {status,content,accept} for checking, viewing, and accepting the Red Team end-user license agreement
Instance management -- airs redteam instances {create,get,update,delete} for managing Red Team compute instances
Device management -- airs redteam devices {create,update,delete} for managing devices attached to instances
Registry credentials -- airs redteam registry-credentials for fetching container registry tokens
Target auth validation -- airs redteam targets validate-auth to test auth credentials without modifying targets
Target metadata -- airs redteam targets metadata to retrieve field metadata and validation rules
Target templates -- airs redteam targets templates to get provider-specific configuration templates

Fixed¶

Bulk scan polling hang -- async query API returns lowercase "complete"/"failed" but polling checked for uppercase "COMPLETED"/"FAILED", causing infinite loop. Status comparison is now case-insensitive.

Dependencies¶

@cdot65/prisma-airs-sdk bumped to ^0.7.0 (Red Team EULA, instances, target auth/metadata/templates, WebSocket support)

v2.1.0¶

New¶

Intent-aware eval CSV format — eval CSV now requires three columns: prompt, expected, intent (block/allow). The expected column is intuitive (belongs to topic category: true/false) and intent controls the trigger mapping.
airs runtime topics sample command — prints a template CSV showing the three-column format with both block and allow intent examples. Supports --output <path> to write to file.
Agent instruction ecosystem — rewritten program.md with battle-tested optimization protocol. New agent entrypoints: GEMINI.md, .github/copilot-instructions.md. Any AI coding agent can now pick up the guardrail optimization loop.
JSON eval output includes intent — --format json output now includes an intent field at the top level.

Changed¶

topics create flags: --name, --description, --examples replace the old --topic flag
topics apply flags: --name replaces --topic, --intent added
topics eval flags: --prompts replaces --input, --format replaces --output
topics revert flags: --name replaces --topic
Updated AGENTS.md with correct flag names, sample command, and three-column CSV docs
Updated all mkdocs pages to reflect new CLI flags and CSV format

Breaking¶

Eval CSV files must now include an intent column. Existing two-column CSVs will error with "Missing required column: intent".

v2.0.0¶

Changed¶

Major refactor: removed embedded LLM-driven generation loop. CLI now provides atomic commands (create, apply, eval, revert) for external agent orchestration.
Removed topics generate, topics resume, topics report, topics runs commands.
Removed memory/persistence subsystem.

v1.4.2¶

Fixed¶

Profile create now includes AIRS UI-required defaults: app-protection, data-protection, latency, mask-data-in-storage
--toxic-content alert expands to "high:alert, moderate:alert" (AIRS UI expects severity:action format)
Fixes "is not iterable" crash in AIRS UI when viewing CLI-created profiles

v1.4.1¶

Fixed¶

profiles delete by UUID now shows profile name in success message
profiles create handles AIRS 409 race — detects successful creation despite SDK error
profiles create defaults latency config to block / 5s when not explicitly set

v1.4.0¶

New¶

--rate <n> flag for generate/resume — caps AIRS scan API calls to N per second during guardrail generation and resumed runs. Uses a sliding-window token bucket. Default: unlimited. Prevents hitting API rate limits during intensive scan loops.
--debug global flag — logs all AIRS and Strata Cloud Manager API requests and responses to a JSONL file (~/.prisma-airs/debug-api-<timestamp>.jsonl) for offline inspection and sharing with Palo Alto Networks support. Works with any subcommand across all three command groups. Auth tokens are redacted.

Fixed¶

profiles delete and profiles update now accept name or UUID (same auto-detect as profiles get)
profiles delete prints proper success message instead of undefined
profiles create gives actionable error on 409 conflict: suggests profiles update

v1.3.0¶

New¶

Docs restructured by AIRS module — navigation reorganized into Runtime Security, AI Red Teaming, and Model Security top-level sections instead of flat Capabilities/Guides layout
Profile create/update CLI flags — profiles create and profiles update now use 20+ CLI flags (--prompt-injection, --toxic-content, --malicious-code, etc.) instead of --config JSON files
Read-modify-write profile updates — profiles update fetches current profile, merges only specified flags, then PUTs full payload (no config overwrites)

Changed¶

Docs site navigation: features/ and examples/ directories merged into runtime/, redteam/, model-security/ module sections
Architecture and LLM Providers moved under Reference tab

v1.2.0¶

New¶

Profile builder — converts CLI flags to CreateSecurityProfileRequest, supports all protection flags
mergeProfilePolicy() — deep-merges CLI flag overrides into existing profile policy for PUT-only API
profiles create — create security profiles with CLI flags for all protection categories
profiles update — update profiles with read-modify-write pattern; only specify what changes
profiles delete --force --updated-by — force deletion of profiles with dependencies

v1.1.0¶

New¶

profiles get command — retrieve full security profile configuration by name or UUID
- Auto-detects UUID vs profile name
- Supports --output pretty|json|yaml
- Shows complete policy JSON (topic guardrails, DLP, app protection, etc.)
Bump @cdot65/prisma-airs-sdk to v0.6.10

v1.0.9¶

Fixed¶

Make changeType optional in learning extraction schema — LLM omits it for neutral-outcome learnings, causing OUTPUT_PARSING_FAILURE during memory extraction. Defaults to 'initial' when omitted.

v1.0.8¶

Fixed¶

Remove unused OUTPUT_FORMATS import in redteam.ts
Add missing intent parameter to improveTopic test
Update langchain ecosystem to resolve standard_schema export crash

Dependencies¶

@cdot65/prisma-airs-sdk 0.6.3 → 0.6.7
@langchain/aws 1.3.0 → 1.3.3
@langchain/core 1.1.29 → 1.1.34
@langchain/anthropic 1.3.21 → 1.3.25
@langchain/google-genai 2.1.22 → 2.1.26
@langchain/google-vertexai 2.1.22 → 2.1.26

Security¶

Resolved transitive fast-xml-parser CVE via @langchain/aws update

v1.0.7¶

Fixed¶

Display full API key value on create/regenerate
Show last 8 characters of API key in list and detail views

v1.0.6¶

New¶

--output flag on all list commands — unified structured output across all 3 command groups
- Formats: pretty (default), table, csv, json, yaml
- Supported on: runtime profiles list, runtime topics list, runtime api-keys list, runtime customer-apps list, runtime deployment-profiles list, runtime dlp-profiles list, runtime scan-logs query, redteam list, redteam targets list, redteam prompt-sets list, redteam properties list, model-security groups list, model-security rules list, model-security scans list

v1.0.5¶

New¶

airs model-security install — one-command setup of the model-security-client Python package from AIRS private PyPI
- Auto-detects uv (uses uv init + uv add) or falls back to python3 -m venv + pip install
- --extras for source type selection: all, aws, gcp, azure, artifactory, gitlab
- --dir to specify project directory
- --dry-run to preview commands

Fixed¶

CLI help menus now display subcommands in alphabetical order across all command groups

v1.0.0¶

First release of Prisma AIRS CLI (renamed from daystrom). See MIGRATION.md for upgrade steps.

Highlights¶

5 capability domains: Runtime Security scanning, Guardrail Generation with iterative refinement, AI Red Teaming, Model Security scanning, Profile Audits
Runtime configuration management: Full CRUD for security profiles, custom topics, API keys, customer apps, deployment/DLP profiles, scan logs
Guardrail generation loop: LLM-driven topic refinement with two-phase generation, test composition, weighted category generation, 3-tier recovery, plateau detection
AI Red Teaming: Static/dynamic/custom scans, target CRUD with connection validation, prompt set management, property management
Model Security: Security groups CRUD, rule browsing, rule instance configuration, scan operations with evaluations/violations/files, label management
Profile Audits: Multi-topic evaluation with per-topic metrics, cross-topic conflict detection, JSON/HTML report export
6 LLM providers: Claude (API, Vertex, Bedrock) and Gemini (API, Vertex, Bedrock)
Cross-run learning memory with keyword categorization and budget-aware prompt injection
Structured evaluation reports: JSON, HTML, and terminal formats with run comparison (--diff)
Resumable runs with full state persistence
537 tests across 29 spec files
Docker support with multi-arch images (amd64 + arm64)

CLI Structure¶

airs runtime scan            # Sync scan
airs runtime bulk-scan       # Async bulk scan
airs runtime resume-poll     # Resume polling
airs runtime profiles ...    # Security profile CRUD
airs runtime topics ...      # Custom topic CRUD + guardrail generation
airs runtime api-keys ...    # API key management
airs runtime customer-apps   # Customer app CRUD
airs runtime deployment-profiles  # Deployment profile listing
airs runtime dlp-profiles    # DLP profile listing
airs runtime scan-logs       # Scan log querying
airs redteam scan            # Launch red team scan
airs redteam targets ...     # Target CRUD
airs redteam prompt-sets ... # Prompt set CRUD
airs redteam prompts ...     # Individual prompt CRUD
airs redteam properties ...  # Property management
airs model-security groups    # Security group CRUD
airs model-security install   # Install model-security-client Python package
airs model-security labels    # Label management
airs model-security rules     # Rule browsing
airs model-security scans     # Scan operations

Breaking Changes (from daystrom)¶

CLI binary renamed: daystrom → airs
Package renamed: @cdot65/daystrom → @cdot65/prisma-airs-cli
Data directory: ~/.daystrom/ → ~/.prisma-airs/
Guardrail commands moved under airs runtime topics
Audit command moved under airs runtime profiles audit
Deprecated top-level aliases removed — use airs runtime topics and airs runtime profiles subcommands