Back to blog

Release

GPT-OSS pilots with CUDA-ready attested lanes

Ink/charcoal doodle: model routes feed a runtime panel and land in a checked proof-pack folder.

InvarLock 0.7.0 adds first-class GPT-OSS support, pilot Ministral 3 8B/14B presets, and a CUDA-capable attested runtime path for GPU hosts.

2 min read
InvarLock Team

Release: InvarLock 0.7.0 - GPT-OSS pilots, CUDA runtime lanes, and tighter fail-closed plumbing

Highlights

  • InvarLock now includes first-class GPT-OSS causal support plus pilot Ministral 3 8B/14B text-only presets and calibration configs in the public repo surface.
  • Secure-default attested execution now has a CUDA-capable runtime-image path for GPU hosts, with the docs spelling out the split smoke matrix and Podman or Docker engine selection more clearly.
  • Runtime, reporting, proof-pack, and test owners were decomposed further while fail-closed handling tightened around quantization, config delegation, report generation, and live-demo provenance paths.

0.7.0 is a capability and operator-flow release. GPT-OSS is now a named first-class family in the catalog, while Ministral 3 8B and 14B arrive as pilot text-only lanes rather than vague "should work" territory. On the site, the synced docs keep the boundary explicit: these are repo-included presets and configs, not an expanded published assurance basis.

The other visible shift is execution ergonomics for people who actually run the stack. The docs now separate fast, negative-path, and GPT-2-sized smoke lanes, add smoke-sized calibration configs, and document how to force docker versus podman when both engines are installed. For GPU hosts using the secure-default container path, 0.7.0 also introduces the CUDA-capable attested runtime image route instead of leaving accelerator support as repo-only lore.

Underneath that, this release keeps narrowing the places where ambiguous behavior can hide. The CLI docs now describe config delegation as a package-internal runner instead of a hidden public command, and the upstream changelog pairs that cleanup with fixes for quant_rtn, report generation, local-versus-attested tiny-smoke provenance, and several developer-path regressions. If you maintain local smoke wrappers, container-engine defaults, or family-specific presets outside the repo, 0.7.0 is the release to re-check against the current docs and support inventory.

For more details, see CHANGELOG.md.

More from the blog

Continue through recent releases and implementation notes.

Research Note

What InvarLock Actually Claims

A narrow claim can be stronger than a broad one. InvarLock is about auditable regression risk from weight edits, not general model safety.

Release

Gemma 4 pilot lanes with a clearer assurance contract

InvarLock 0.6.0 adds a shipped Gemma 4 E2B text lane, phase-1 multimodal evaluation, and a unified `--assurance attested|trusted-local` workflow.

Release

Attested smoke lanes with package-native proof-pack signing

InvarLock 0.5.1 adds a push-gated tiny attested smoke lane, a scheduled GPT-2 canary lane, and package-native Ed25519 proof-pack signatures.