HEEL v1.1.0 — Apache-2.0, DCO, and a 45-scenario research library (+1…

…2pp held-out recall, 119 scenarios)

HEEL v1.0.0 — agent-native abuse-simulation tool

First production release. MCP-first; pure-stdlib (zero runtime deps); pip-installable.

Capability: MCP server (no scope-mutation tool by construction) + REST + CLI; out-of-band HMAC-signed
immutable authorization scopes (confused-deputy model); two agent classes + affordance chaining;
declarative + semantic scenario library across all 10 abuse categories; swappable LLM control loop
with a deterministic offline default; tamper-evident hash-chained containment log.

Honest evaluation: self-consistency ~1.0 (wiring) -> blind ~0.25 (independent encodings) -> held-out
TEST localization 0.38 / attribution 0.31 @ precision 0.97 on 199 independently-LLM-authored
weaknesses (frozen, content-hashed dev/test split). Four adversarial red-team passes; verdict SHIP.

53 tests on py3.11-3.13; CI green; control-room UI (static-exportable). MIT. See CHANGELOG.md.