Back to blog

Release

Gemma 4 pilot lanes with a clearer assurance contract

Ink/charcoal doodle: text and image lanes pass through an assurance gate into a reviewed proof-pack folder.

InvarLock 0.6.0 adds a shipped Gemma 4 E2B text lane, phase-1 multimodal evaluation, and a unified `--assurance attested|trusted-local` workflow.

2 min read
InvarLock Team

Release: InvarLock 0.6.0 - Gemma 4 pilots, multimodal groundwork, and explicit assurance modes

Highlights

  • InvarLock now ships a Gemma 4 E2B text lane plus phase-1 multimodal evaluation support through the built-in hf_multimodal adapter and vision_text dataset provider.
  • The public execution contract is clearer: evaluate, verify, and report verify now align on --assurance attested|trusted-local, while networked downloads move to an explicit --allow-network flag on evaluate.
  • Proof packs and reports surface more reviewer context through evidence levels and reviewer summaries, with a round of fixes for multimodal reporting, dataset cache fallbacks, and trusted-local verification ergonomics.

0.6.0 is the first release where the Gemma 4 pilot lane and multimodal groundwork feel like part of the public surface instead of repo-only scaffolding. The shipped google/gemma-4-E2B-it text lane, the new hf_multimodal adapter, and the vision_text provider put image-text evaluation on a concrete path while keeping the support language explicit about what is still experimental and what remains deferred.

The other big change is vocabulary. 0.5.x tightened the fail-closed defaults, but the public docs and CLI still carried some split language around attested versus local execution. In 0.6.0, that is pulled into the clearer --assurance attested|trusted-local contract, with matching updates across evaluate, verify, report verify, and the docs/examples that teach those flows. For operators, that means the trust boundary is easier to see in both command lines and generated artifacts.

This release also makes the review surface calmer. Proof-pack manifests now carry evidence levels and reviewer summaries, multimodal reused-baseline reports keep their measured classification counts, and dataset loading can fall back to a writable cache when the default path is read-only. If you maintain scripts or docs around older --mode local language, or rely on pre-0.6.0 report-verify ergonomics, this is the release to re-check against the current docs and examples.

For more details, see CHANGELOG.md.

More from the blog

Continue through recent releases and implementation notes.

Research Note

What InvarLock Actually Claims

A narrow claim can be stronger than a broad one. InvarLock is about auditable regression risk from weight edits, not general model safety.

Release

Attested smoke lanes with package-native proof-pack signing

InvarLock 0.5.1 adds a push-gated tiny attested smoke lane, a scheduled GPT-2 canary lane, and package-native Ed25519 proof-pack signatures.

Release

Offline release verification with a slimmer public CLI

InvarLock 0.5.0 adds offline release-verification bundles, package-native proof-pack verification, and a simplified public CLI centered on evaluate, verify, and report.