Releases: Arakiss/nahuali
Release list
Nahuali v0.8.0-beta.3
Nahuali v0.8.0-beta.3 is a prerelease of the local trust layer for agent memory.
Every recall can carry its evidence and a deterministic verdict, and the ledger
can prove whether its recorded history was rewritten.
Why upgrade
This beta keeps the published product, its benchmark evidence, and the exact
source tag aligned. It also prevents old and new embedded engine versions from
opening the same local store without a clear recovery path.
Changes
Fixed
- prevent release verification from contending with active stores (777d617)
Breaking changes and migration
This beta introduces no new memory-envelope migration. Existing version 1 and
version 2 records remain readable. After upgrading, restart every long-lived
nahuali-mcp host before using the CLI against the same local store.
Install
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh | sh
nahuali demo
nahuali exploreTo pin this release, set NAHUALI_VERSION=v0.8.0-beta.3 before running the installer.
Verify the release
bash scripts/check-release-assets.sh --tag v0.8.0-beta.3 --require-sbom
bash scripts/verify-release.sh --tag v0.8.0-beta.3The release contains four platform archives, mandatory SHA-256 checksums,
Sigstore bundles, GitHub artifact attestations, and one CycloneDX SBOM.
Beta limits
- No stable 1.0 API guarantee yet.
- No hosted service, accounts, teams, billing, managed sync, or managed uptime.
- Nahuali evaluates evidence and memory health. It does not claim that recalled
information is objectively true.
Full changelog
See CHANGELOG.md
for the product history. Crate changelogs are technical appendices only.
Nahuali v0.8.0-beta.2
Nahuali v0.8.0-beta.2 is a prerelease of the local trust layer for agent memory.
Every recall can carry its evidence and a deterministic verdict, and the ledger
can prove whether its recorded history was rewritten.
Why upgrade
This beta keeps the published product, its benchmark evidence, and the exact
source tag aligned. It also prevents old and new embedded engine versions from
opening the same local store without a clear recovery path.
Changes
New
- make governed recall visible end to end (56fdb14)
- make the TUI mascot crisp and reliably visible (94caaef)
Fixed
- keep the mascot asset within release limits (ab16d31)
- render curated notes from generated changelogs (84d8d8f)
Breaking changes and migration
This beta introduces no new memory-envelope migration. Existing version 1 and
version 2 records remain readable. After upgrading, restart every long-lived
nahuali-mcp host before using the CLI against the same local store.
Install
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh | sh
nahuali demo
nahuali exploreTo pin this release, set NAHUALI_VERSION=v0.8.0-beta.2 before running the installer.
Verify the release
bash scripts/check-release-assets.sh --tag v0.8.0-beta.2 --require-sbom
bash scripts/verify-release.sh --tag v0.8.0-beta.2The release contains four platform archives, mandatory SHA-256 checksums,
Sigstore bundles, GitHub artifact attestations, and one CycloneDX SBOM.
Beta limits
- No stable 1.0 API guarantee yet.
- No hosted service, accounts, teams, billing, managed sync, or managed uptime.
- Nahuali evaluates evidence and memory health. It does not claim that recalled
information is objectively true.
Full changelog
See CHANGELOG.md
for the product history. Crate changelogs are technical appendices only.
Nahuali v0.8.0-beta.1
Nahuali v0.8.0-beta.1 is a prerelease of the local trust layer for agent memory.
Every recall can carry its evidence and a deterministic verdict, and the ledger
can prove whether its recorded history was rewritten.
Why upgrade
This beta keeps the published product, its benchmark evidence, and the exact
source tag aligned. It also prevents old and new embedded engine versions from
opening the same local store without a clear recovery path.
Changes
Fixed
- bind benchmark evidence to product releases (0968b1b)
- make required CI independent of trigger type (acc3836)
- prevent mixed-engine store upgrades (d742e66)
- separate release proposals from public evidence (8e38aa2)
Breaking changes and migration
This beta introduces no new memory-envelope migration. Existing version 1 and
version 2 records remain readable. After upgrading, restart every long-lived
nahuali-mcp host before using the CLI against the same local store.
Install
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh | sh
nahuali demo
nahuali exploreTo pin this release, set NAHUALI_VERSION=v0.8.0-beta.1 before running the installer.
Verify the release
bash scripts/check-release-assets.sh --tag v0.8.0-beta.1 --require-sbom
bash scripts/verify-release.sh --tag v0.8.0-beta.1The release contains four platform archives, mandatory SHA-256 checksums,
Sigstore bundles, GitHub artifact attestations, and one CycloneDX SBOM.
Beta limits
- No stable 1.0 API guarantee yet.
- No hosted service, accounts, teams, billing, managed sync, or managed uptime.
- Nahuali evaluates evidence and memory health. It does not claim that recalled
information is objectively true.
Full changelog
See CHANGELOG.md
for the product history. Crate changelogs are technical appendices only.
Nahuali v0.8.0-beta.0
Nahuali v0.8.0-beta.0 is a prerelease of the local trust layer for agent memory.
Every recall can carry its evidence and a deterministic verdict, and the ledger
can prove whether its recorded history was rewritten.
Why upgrade
This release makes the product's original promise usable without external
services: memory can be recorded, inspected, recalled with evidence, and given a
deterministic trust verdict from one local installation.
New
- Embedded local storage for the default CLI, MCP, and HTTP workflows. Docker is
no longer required to try or operate the core memory path. - A trust-first
nahuali exploreterminal interface for browsing memory,
evidence, store health, and ledger integrity. nahuali demo,nahuali init, evidence-required recall, self-inspection,
review queues, trust reports, governed repair, snapshots, and migration tools.- Official MCP Registry metadata and a multi-architecture MCP container image.
Changed
- Tamper-evident SHA-256 chaining and Ed25519 tip attestation are enabled in
normal builds. An unchained legacy build now requires an explicit opt-out. - Strict validation rejects unchained or partially chained ledgers unless the
caller deliberately selects the legacy-permissive path. - Self-inspection distinguishes unsupported, stale, contradictory, and malformed
memory more precisely and reports deduplicated affected-record counts. - All shipped components now share one product version and one public release
tag. The earlier1.0.0-beta.0and1.1.0-beta.0publications were premature
automation errors and are superseded by this pre-1.0 release.
Breaking changes and migration
- Strict validation now fails closed for unchained ledgers. Use
--allow-unchainedonly while migrating a legacy store. - New records use envelope version 2 and SHA-256 checksums. Existing version 1
records remain readable and valid; they are not rewritten. - The former
--require-chainedopt-in was replaced by the explicit
--allow-unchainedcompatibility flag.
Fixed
- Database names that would previously be normalized into a different name are
rejected with a useful error. - Configuration precedence is deterministic: command-line flag, environment,
then built-in default. - Same-observation multi-value facts are no longer misreported as contradictions.
- Embedded storage uses SurrealDB 3.1.5, which fixes the upstream cold-start
session race that could intermittently abort a fresh local database.
Security and integrity
- New ledger records use SHA-256 checksums and bind the preceding record hash.
- Install archives require SHA-256 verification and include Sigstore bundles and
GitHub artifact attestations. - Signed tip verification detects a fully recomputed ledger suffix that a hash
chain alone cannot distinguish from a legitimate rewrite.
Beta limits
- No stable 1.0 API guarantee yet.
- No hosted service, accounts, teams, billing, managed sync, or managed uptime.
- Nahuali evaluates evidence and memory health. It does not claim that recalled
information is objectively true.
Install
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh | sh
nahuali demo
nahuali exploreTo pin this release, set NAHUALI_VERSION=v0.8.0-beta.0 before running the installer.
Verify the release
bash scripts/check-release-assets.sh --tag v0.8.0-beta.0 --require-sbom
bash scripts/verify-release.sh --tag v0.8.0-beta.0The release contains four platform archives, mandatory SHA-256 checksums,
Sigstore bundles, GitHub artifact attestations, and one CycloneDX SBOM.
Full changelog
See CHANGELOG.md
for the product history. Crate changelogs are technical appendices only.
Upgrade note
Restart your MCP host after upgrading so a long-lived nahuali-mcp process and the CLI do not open the embedded store with different engine versions.
[WITHDRAWN] Nahuali v1.1.0-beta.0
[!WARNING]
Withdrawn: this version number was published by an incorrect release configuration while Nahuali remains pre-1.0. Use v0.8.0-beta.0 instead. The tag and assets are preserved for provenance.
Nahuali v1.1.0-beta.0 is a prerelease of local agent memory that exposes the evidence and deterministic trust verdict behind each recall. This release removes the database-server requirement from the default path and publishes a reproducible trust benchmark for the product's main claim.
Highlights
- Persistent memory now uses embedded SurrealKV by default. A clean install can record, restart, recall, and self-inspect without Docker, an account, an API key, a model, or a separate database server.
nahuali demoshows evidence-backedCERTIFY, unsupportedWARN, contradiction-drivenBLOCK, non-mutating self-inspection, hash-chain tampering detection, and rejection of a fully re-chained history through an operator-held Ed25519 checkpoint.- The vendor-neutral Agent Memory Trust Benchmark reports provenance, abstention, contradiction, staleness, non-mutating inspection, chain tampering, and checkpoint tampering as separate capabilities. Nahuali 1.1 passes all seven cases with no unsupported capabilities.
- The stdio MCP server, local HTTP API, CLI, and regression runner share the same trust and tamper-evidence defaults.
- Remote SurrealDB remains available through
NAHUALI_DB_URLfor deployments that need several processes to share one store.
Install
Install the matching signed archive for macOS or Linux:
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh \
| NAHUALI_VERSION=nahuali-cli-v1.1.0-beta.0 sh
export PATH="$HOME/.nahuali/bin:$PATH"
nahuali demoThe installer always verifies SHA-256. Set NAHUALI_REQUIRE_SIGSTORE=1 to require Sigstore verification as well.
Verify the release
From a checkout of the repository:
bash scripts/check-release-assets.sh --repo Arakiss/nahuali --tag nahuali-cli-v1.1.0-beta.0
bash scripts/verify-release.sh --repo Arakiss/nahuali --tag nahuali-cli-v1.1.0-beta.0 --require-sbom --require-provenanceThe verifier checks checksums, Sigstore bundles, GitHub build provenance, executable versions, the CycloneDX SBOM, and an isolated install smoke test.
The reproducible benchmark result is published at benchmarks/agent-memory-trust/results/nahuali-1.1.0-beta.0.json.
Component versions in this release
nahuali-cli1.1.0-beta.0nahuali-core1.1.0-beta.0nahuali-mcp1.1.0-beta.0nahuali-api1.1.0-beta.0nahuali-regression1.1.0-beta.0
Beta limits
There is no hosted service in this release. Nahuali is local-first software that you run and operate yourself. The embedded store has one process owner; use remote SurrealDB when independent processes must share memory. The local HTTP API is unauthenticated and must not be exposed to an untrusted network. Evidence and signed history establish traceability and tamper detection, not the objective truth of remembered content. APIs and storage behavior may still change before 1.0.
The engine remains source-available under FSL-1.1-MIT. See LICENSE for the exact terms.
Changelog
See the component changelogs for the complete versioned history: nahuali-cli, nahuali-core, nahuali-mcp, nahuali-api, and nahuali-regression.
[WITHDRAWN] Nahuali v1.0.0-beta.0
[!WARNING]
Withdrawn: this version number was published by an incorrect release configuration while Nahuali remains pre-1.0. Use v0.8.0-beta.0 instead. The tag and assets are preserved for provenance.
Nahuali v1.0.0-beta.0 is a prerelease of self-inspecting memory for AI agents. It makes the evidence, provenance, health, and trust decision behind each recall visible, while keeping the event history tamper-evident and operator-governed.
Highlights
nahuali demonow proves the product promise from one event ledger: evidence-backed recall earnsCERTIFY, unsupported memory is downgraded toWARN, contradictions produceBLOCK, and self-inspection proposes review without rewriting memory.- The same demo signs the ledger, detects an in-place edit, and rejects a fully re-chained history when its signed receipt no longer matches.
- New public projection APIs let applications replay a validated ledger and run the same authority-aware recall and self-inspection used by the engine.
- Attestation and fail-closed chain validation are enabled by default. New event envelopes use version 2 with SHA-256 checksums.
- The first-run documentation now distinguishes evidence-backed trust from external truth and explains exactly what each verdict means.
Install
Install the matching binary for macOS or Linux with the repository installer:
curl -fsSL https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh | NAHUALI_VERSION=nahuali-cli-v1.0.0-beta.0 shSet NAHUALI_REQUIRE_SIGSTORE=1 to require Sigstore verification during installation. The release also includes checksums and Sigstore bundles beside every platform archive.
Verify the release
From a checkout of the repository, verify the public asset set and GitHub artifact attestations:
bash scripts/check-release-assets.sh --repo Arakiss/nahuali --tag nahuali-cli-v1.0.0-beta.0
bash scripts/verify-release.sh --repo Arakiss/nahuali --tag nahuali-cli-v1.0.0-beta.0 --require-sbom --require-provenanceThe verifier checks archive checksums, Sigstore bundles, GitHub build provenance, executable versions, and the release SBOM.
Component versions in this release
nahuali-cli1.0.0-beta.0nahuali-core1.0.0-beta.0nahuali-mcp1.0.0-beta.0nahuali-api1.0.0-beta.0nahuali-regression1.0.0-beta.0
Beta limits
There is no hosted service in this release. Nahuali is local-first software that you run and operate yourself. Semantic search still requires Qdrant when enabled, the primary store requires SurrealDB, and trust verdicts describe the quality and governance of recorded evidence rather than certifying that a real-world statement is objectively true. Treat the beta as production-shaped but not yet covered by a stable-API guarantee.
Changelog
See the component changelogs for the full history: nahuali-cli, nahuali-core, nahuali-mcp, nahuali-api, and nahuali-regression.
Nahuali v0.6.1-beta.0
Nahuali v0.6.1-beta.0 is a prerelease of the CLI distribution for Nahuali: local-first memory for AI agents that shows its evidence and can prove its event history was not silently rewritten.
This release targets the public beta channel. It is suitable for testing the local CLI, MCP stdio server, local API binary, and the governance checks that ship with the repository.
Highlights
- Evidence-backed recall: recall results carry support, health signals, and an authority decision so callers can see why a memory is trusted, advisory, stale, or blocked.
- Tamper-evident history: the CLI, MCP server, and local API builds write hash-chained records by default; optional attestation support verifies signed chain tips.
- Inspection commands:
trust-report, ledger audit, temporal recall filters, self-inspection, and review workflows are available from the local toolchain. - Reproducible governance checks: regression fixtures cover provenance coverage, ledger integrity, recall boundaries, and release-install behavior.
- Signed binary channel: release archives are built for macOS and Linux on x86_64 and arm64, with SHA-256 checksums and Sigstore bundles for each archive.
Install
Download and inspect the installer, then run it:
curl -fsSLO https://raw.githubusercontent.com/Arakiss/nahuali/main/scripts/install.sh
sh install.sh
nahuali demo
nahuali initTo pin this exact beta:
NAHUALI_VERSION=nahuali-cli-v0.6.1-beta.0 sh install.shEach platform archive contains:
bin/nahuali
bin/nahuali-mcp
bin/nahuali-api
MANIFEST.txt
Verify the release
From a checkout of this repository:
bash scripts/check-release-assets.sh --tag nahuali-cli-v0.6.1-beta.0
bash scripts/verify-release.sh --tag nahuali-cli-v0.6.1-beta.0Expected release assets:
nahuali-v0.6.1-beta.0-aarch64-apple-darwin.tar.gznahuali-v0.6.1-beta.0-x86_64-apple-darwin.tar.gznahuali-v0.6.1-beta.0-aarch64-unknown-linux-gnu.tar.gznahuali-v0.6.1-beta.0-x86_64-unknown-linux-gnu.tar.gz- one
.sha256file and one.sigstore.jsonbundle for each archive
Component versions in this release
nahuali-cli:0.6.1-beta.0nahuali-core:0.7.0-beta.0nahuali-mcp:0.6.0-beta.0nahuali-api:0.6.0-beta.0nahuali-regression:0.3.0-beta.0
Beta limits
Nahuali is still prerelease software. There is no hosted service, no accounts or teams, no billing, no managed sync, and no stable 1.0 API guarantee yet. The supported public path is local-first usage through the repository, installer, and release archives.
Changelog
See the crate changelogs in this tag for the detailed Release Please entries:
crates/nahuali-cli/CHANGELOG.mdcrates/nahuali-core/CHANGELOG.mdcrates/nahuali-mcp/CHANGELOG.mdcrates/nahuali-api/CHANGELOG.mdcrates/nahuali-regression/CHANGELOG.md
Nahuali v0.6.0-beta.0
Nahuali v0.5.0-beta.0
0.5.0-beta.0 (2026-06-14)
Features
- expose Merkle inclusion proofs from audit (e79c390)
- require chained records in strict validation (42dc62b)
Bug fixes
- stabilize CLI JSON output contract (b9f5c64)
Nahuali v0.4.0-beta.0
0.4.0-beta.0 (2026-06-13)
Features
- cli: accept 'episode' as a visible alias for 'remember' (a9dbecd)
- cli: add --verbose to surface connection and timing on stderr (962c72d)
- cli: add
nahuali explore— the interactive governance cockpit (bf68553) - cli: add
nahuali initto wire the agent harness (1669f56) - cli: add reconcile to rebuild derived tiers from the ledger (e14cfc4)
- cli: add the ledger audit command (5f842e5)
- cli: add the semantic-sync command (828e391)
- cli: add the trust-report command (e5bf81b)
- cli: add the zero-dependency
nahuali demofirst-look (07c8ee0) - cli: anchor the ledger audit on a signed attestation (cb5bd92)
- cli: enable tamper-evidence by default (39f0544)
- cli: expose the temporal recall filter via --as-of-ms and --max-age-days (7f7c7c5)
- cli: fail calmly when the store is unreachable and auto-start the stack (0464fae)
- cli: federate recall over a read-only archive store with --archive (ec18635)
- cli: forward local-embeddings so recall can use a local model (1f2590c)
- cli: forward the tamper-evidence feature so the audit chain is reachable (8ebbe87)
- cli: make the briefing render scannable instead of a wall of text (d927de8)
- cli: render reports in the shared nahuali-ui clay-on-coffee palette (cc93620)
- cli: render the trust report as a self-contained HTML dossier (9592048)
- cli: richer human write confirmations — say what happened, not an id (3b88629)
- cli: surface the configured archive in the briefing (6770f5e)
- cli: verify attestations against a trusted keyring via --keyring (80278b4)
- core: add a point-in-time and exclude-stale temporal recall filter (88c5ab6)
- core: sign and verify the tamper-evident ledger tip with Ed25519 (f04b6f3)
- core: surface the ledger Merkle root in audit and trust-report integrity (a4dd5ec)
- ui: add a governance signals bar and richer detail to explore (92fd1f1)
- ui: surface ledger integrity in the explore cockpit header (fa8c14c)
Bug fixes
- cli: emit the archive section in recall --json and briefing --json (c5a8de5)
- cli: list the attest commands in the grouped help (55f1536)
- cli: make the demo fallback truthful about its own build (980d951)
- cli: render the trust verdict labels in English (9844dcb)
- cli: replace leftover Spanish trust labels in human output (fa64689)
Refactor
- cli: share the scannable episode rendering across reports (f3f8375)