Safeguard February 2026 Release Notes

February was a month of sharpening. We did not ship any entirely new product; we shipped better versions of the ones we already had. Lino learned what "normal" looks like for each of your services. Eagle started handing out advice instead of just verdicts. Griffin picked up Rust. The desktop app got a workflow editor that doesn't look like a YAML file. Here is everything that landed in February 2026.

What shipped in February 2026?

Shipped

• Lino behavioral baselines — Lino now computes a per-service behavioral baseline from observed runtime fingerprints and flags deviations as anomalies. The baseline includes egress destinations, process tree shape, and syscall distributions. A deviation produces a finding in the same queue as Griffin and Eagle output.
• Eagle base image advisories — Eagle now ships an advisory engine that compares your base image to healthier alternatives and suggests a swap where the tradeoff is favorable. Suggestions include the expected delta in reachable CVEs, in image size, and in build time.
• Griffin reachability for Rust (beta) — Griffin's reachability analyzer now covers Rust. It handles cargo workspaces, conditional compilation, and unsafe blocks. proc-macro-heavy crates are still best-effort.
• Desktop workflow editor — the desktop app now includes a visual workflow editor with a canvas, typed inputs and outputs between nodes, and live validation. The YAML format is still the source of truth; the editor renders it and writes it back.
• Gold: grouped PRs — Gold can now group multiple findings into a single PR when they share a remediation. A bump that clears seven transitives produces one PR, not seven.
• MCP server: attestation tools — the MCP server exposes attestation.fetch, attestation.verify, and attestation.chain for agents that need to reason about the signed chain.

Improved

• 100-level scan — the 100-level scan now reads the per-service Lino baseline if one exists and includes a "runtime health" section in the report.
• Workflows — new cancel and retry primitives let workflows react to flaky steps without human intervention. A step that fails a health check can be retried with exponential backoff, and a workflow can cancel sibling branches once one branch succeeds.
• Runner — fleet-mode control nodes now support leader election across multiple replicas. No more single-node control plane.
• IDE extensions — VS Code's extension now surfaces Eagle base image advisories inline on FROM lines. JetBrains picked up the Griffin Rust analyzer.

Deprecated

• The sg workflow validate subcommand is deprecated; the editor does live validation and the workflow engine does it on ingest. The subcommand still works and will be removed in Q3 2026.
• Node 16 support in the IDE extension is deprecated. Node 18 is the new floor.

How do Lino behavioral baselines actually work?

Answer-first: Lino collects runtime fingerprints from a service, summarizes them into a per-service baseline, and flags new runs that deviate from the baseline. The baseline is not a trained model; it is a set of summary statistics over observed fingerprints, which means it is cheap to compute and cheap to explain.

Concretely, a baseline for a service includes:

• The set of egress destinations seen in the last 14 days, with frequency.
• The shape of the process tree — depth, branching factor, typical leaf processes.
• A histogram of syscall categories with rough frequency bands.
• The set of file system paths touched, bucketed by category (log, config, code, data).

A deviation is a new element that does not fit the baseline — a new egress destination, a new leaf process, a new file system category. Deviations are scored by novelty and by the blast radius of what changed. A new egress to an unfamiliar IP in a service that historically only talks to one database is a high-signal finding. A new log path in a service that writes logs everywhere is not.

The baselines are per-service and not shared across services. Services that are too new to have a meaningful baseline are marked as "learning" and don't produce deviation findings until the baseline stabilizes.

What does an Eagle base image advisory look like?

An Eagle advisory is a suggestion with numbers attached. It says "your base image is X; consider base image Y; here is the delta." The delta has four parts:

1. Reachable CVEs — how many Griffin-reachable CVEs disappear if you swap, and how many new ones appear.
2. Image size — in megabytes.
3. Build time — in seconds, measured against a representative sample.
4. Behavioral compatibility — does the new base have the shells, interpreters, or binaries your app uses at runtime, based on Lino data.

Advisories are ranked by a composite score that favors fewer reachable CVEs above all else, then smaller size, then shorter build time. You can override the ranking in policy.

The advisory engine does not auto-apply anything. It is paired with Gold — if you accept an advisory, Gold produces the Dockerfile change and opens a PR.

How far along is Griffin's Rust reachability?

It is in beta. The analyzer handles cargo workspaces and the common conditional compilation patterns cleanly. unsafe blocks are tracked as inferred edges, same as reflection in other languages. The three known limitations:

1. Proc-macro-heavy crates — if a crate generates a large share of its public API via proc macros, Griffin may under- or over-approximate reachability. It marks these crates explicitly.
2. no_std crates — these work, but the entry-point inference is less accurate because Griffin's default entry points assume std.
3. Embedded targets — not supported in beta. Coming in Q2.

For server-side Rust — Axum, Actix, Tokio-based services — the analyzer is already giving verdicts comparable to its Node and Go equivalents in our testing.

What is new in the desktop workflow editor?

The desktop workflow editor is the visual counterpart to the YAML workflow format. It presents a workflow as a graph of typed nodes, with the same inputs and outputs the YAML format already defined. The key differences from other visual workflow tools:

• YAML is the source of truth. The editor reads and writes the YAML file. You can edit either surface and the other updates.
• Types are enforced. If a node outputs a Finding[], only nodes that accept Finding[] can receive it. Mismatched wires are shown in red.
• Live validation. The editor calls the same validator the runner uses, so a workflow that opens green in the editor will run green on the fleet.
• Embedded docs. Every node has inline docs with links to the detailed reference.

It is not a replacement for hand-writing YAML when you know what you want. It is meant for teams where the people writing workflows are not the same people writing detectors.

How Safeguard.sh Helps

February's net effect: the platform got smarter about what "normal" means and started giving advice instead of just verdicts. Lino baselines turn runtime signal into a quiet background hum that only gets loud when something actually changes. Eagle advisories surface actionable swaps instead of static scores. Griffin's Rust analyzer extends reachability to another language that runs a growing share of production workloads. The desktop workflow editor makes the automation engine approachable for teams who don't live in YAML. February was not a headline month, but it was the month the platform started to feel polished.

What's next

March is shaping up around three threads:

• Lino: cross-service baselines — anomaly detection that compares a service to its peers, not just to its past.
• Eagle: SBOM-driven advisories — advisories that consider your full SBOM, not just the base image.
• Griffin: taint tracking — a dataflow pass on top of reachability that tells you not just whether a vulnerable symbol is reachable, but whether attacker-controlled data can reach it.

Email contact@hsxtechnologies.com if you want early access.