v0.6.0 — trust + intelligence layer

The marketed launch — SchemaBrain grows from a 4-surface dashboard into a graph-led, 9-surface trust + intelligence layer between AI agents and your database.

Highlights

The dashboard grows from 4 surfaces into a graph-led, 9-surface experience: a signature Knowledge Graph, an Overview home, an Entities index, a Data Dictionary, an editable Policy editor, and a Drift view join the PII / Refusals / Audit trio. Audit logs are now browser-verifiable via a derived Merkle root, the marketing landing moves to a standalone site, and the product is repositioned from "SQL firewall" to the trust + intelligence layer. A zero-setup schemabrain demo command tells the whole story offline in seconds, the PII firewall now refuses grouping by a PII column as row-level disclosure, and import dbt imports relationships tests as canonical joins.

Upgrade note

This release migrates the store schema (SCHEMA_VERSION 14 → 15) to persist the graph projection; it applies automatically and crash-atomically on first open (chaining v13 → v14 → v15) — no manual step. The project is now Apache-2.0 licensed. Install the dashboard with pip install 'schemabrain[ui]'; schemabrain dashboard still binds to 127.0.0.1 only.

Install

pip install schemabrain            # core
pip install 'schemabrain[ui]'      # with the local dashboard

This release was published through the gated publish pipeline: the wheel's contents are verified pre-upload, and a post-publish job installs schemabrain[ui]==0.6.0 from PyPI into a clean environment, asserts the version, and boots the engine + dashboard before the release is trusted.

Full changelog: CHANGELOG.md → 0.6.0

v0.5.0 — dashboard, editable PII policy, hardened firewall

Highlights — the launch release: a read-only dashboard ([ui] extra), an editable PII enforcement policy, a substantially hardened SQL firewall, a zero-config SaaS demo pack, and a full Mintlify docs site. The publish pipeline is fixed so the wheel actually ships the dashboard.

Upgrade note — no store migration (SCHEMA_VERSION stays 14). Install the dashboard with pip install schemabrain[ui]; schemabrain dashboard binds to 127.0.0.1 only.

Added

• Read-only dashboard ([ui] extra) — local FastAPI sidecar + static Next.js UI via schemabrain dashboard (127.0.0.1 only): schema/entity browser, PII Ledger, Refusal UI, Audit Viewer, Boardroom Brief; entity drilldown shows metrics + canonical joins. (#125, #126, #127, #129, #130, #132)
• Editable PII policy — schemabrain policy {show, apply, tag} + a pii_policy.yaml overlay + a read-only dashboard view; the catastrophic-leak floor is always-on and can't be overridden away. (#155)
• SaaS demo pack (new bundled default) — 12 tables / 84 columns / 12 entities / 5 metrics / 8 joins covering all three catastrophic-PII legs; init applies it for $0 with no API key. Bundled packs are now a named registry (e-commerce stays as fallback). (#143, #164, #167)
• schemabrain doctor --verify — no-API-key mock-agent MCP smoke + environment preflight. (#116)
• schemabrain init host selection (Claude Desktop / Code / Cursor / Windsurf) with detection; --host manual / --print-only prints the snippet without writing. (#115, #146)
• serve query guardrails — --statement-timeout-ms (30s) and --max-rows-per-result (10000); 0 opts out. (#116, #151)
• Store ↔ YAML round-trip — entities/metrics/joins export[-all], schemabrain apply, schemabrain diff (CI exit codes), init --emit-yaml-dir, and public *_to_yaml serialisers. (#113)
• audit verify --since <spec> (hex-prefix / duration / ISO cursor) and an audit list status + cost-class footer. (#112)
• doctor probes pg_stat_statements (advisory). (#145)

Changed

• Agent steering moved into the MCP initialize instructions field (no user-pasted snippet); interactive --pii-block default aligned with --yes + docs. (#142)
• get_metric validates limit in-body (typed malformed_name envelope) and reports a truncated flag; the metric executor uses a NullPool engine. (#117, #165)

Security

• Catastrophic-leak floor (credential, payment_card, government_id) enforced at every read path including the get_metric aggregate path; operator overrides can't strip it. (#154, #156, #157, #162)
• Catastrophic column names no longer disclosed via redacted_columns or the unknown-column hint. (#174)
• PII classifier hardened — auth-secret + internationalised + concatenated/abbreviated shapes; RULE_COUNT 46 → 60. (#152, #158, #161)
• serve rejects control chars in quoted identifiers, refuses MIN/MAX over PII, fails closed on untagged columns; redaction centralised. (#150, #153, #154)
• Safe-by-default --pii-block across serve / init / build_server / WizardConfig (catastrophic-leak set; explicit '' to disable). (#110, #162)
• Pinned the Hugging Face Hub model revision (B615 / CWE-494); added a 19-file firewall-bypass regression corpus. (#147, #149)

Fixed

• get_metric refusal envelope surfaces only blocked_categories (no probe oracle); describe_entity always redacts catastrophic column descriptions. (#110)
• PII verdicts labelled by attribution (floor_blocked vs operator policy). (#160)
• Publish pipeline builds the dashboard export with uv build --wheel, so the wheel ships it and advertises [ui]. (#163)
• Deterministic dashboard PII-category ordering; closed 7 launch-blockers via firewall hardening + fastembed reliability. (#132, #147)

Documentation

• Full Mintlify site — mechanism explainers, per-client setup (Claude Desktop / Code / Cursor / Windsurf / Zed / Codex), comparisons, Works-with + security posture, threat model, First 5 Queries, dashboard guide, CLI reference. (#118, #120, #121, #122, #123, #124, #133, #135, #136, #140, #144, #145)
• Docs recast onto the SaaS demo; store-path default corrected to ./schemabrain.db; README + substrate fact-check and link repair. (#137, #138, #141, #166, #172, #173)

Internal

• Bundled-pack registry refactor; stale-comment / attribution hygiene; dependency bumps (dorny/paths-filter 3 → 4, opentelemetry-sdk). (#104, #106, #111, #119, #148, #164)

Install: pip install schemabrain[ui]==0.5.0

— Full changelog: https://github.com/Arun-kc/schemabrain/blob/main/CHANGELOG.md

v0.4.0 — SQL firewall positioning + DX hardening

SchemaBrain v0.4.0 — SQL firewall positioning + DX hardening

pip install schemabrain==0.4.0 · Quickstart

What's new

Positioning lock. README, package metadata, CLI --help, and MCP server handshake all anchor on the same sentence: the SQL firewall between AI agents and your production database — twelve read-only tools, validated metrics, tamper-evident audit.

Three guarantees, deepened.

• Read-only by architecture, not configuration — twelve MCP tools, none of which can write. Structural, not a session flag the agent can flip.
• PII refusal at retrieval — PII tags propagate through joins and metrics; blocked categories refuse before SQL touches the database. Column-granular redaction in describe_entity (was whole-entity).
• Cryptographic audit chain — SHA256 chain over every call; audit verify detects post-hoc tampering by any process without write access.

Highlights

• Charter v1.2 2D trust signal — inference_method × validation_state replaces the flat confidence=HIGH (#95).
• Composite-expression measures — MetricMeasure.expression parses via ast.parse with a node-type whitelist; SQL injection surface closed by construction (#91).
• Junction-table bridges — list_joins / inspect surface M:N joins through junction entities (#95).
• Partition-parent FK union — Postgres partitioned tables whose FKs sit on the children (Pagila pattern) now surface those FKs on the parent (#102).
• metrics show <name> — direct namespaced drill, no entity/join shadowing (#101).
• Brand naming convention locked — schemabrain (lowercase) in code, CLI, PyPI, URLs; SchemaBrain (one word, title case) in prose.

DX hardening

• Install snippet names the Cmd+Q restart that the wizard relies on.
• Cost paragraph above the fold trimmed to a single line.
• Quickstart leads with bring-your-own-Postgres-URL; Docker path is the opt-in.
• README hero anchors map to the firewall property grid where each guarantee is deep-dived.

Roadmap toward 1.0

Four launch-blocker PRs (default --pii-block hardening, refusal-envelope probe-oracle fix, audit verify --since, audit tail cost+trust footer) plus the YAML-round-trip ergonomics layer ship next sprint. v2's SQL-boundary safety wedge (validate_query, execute with hard caps) is the next major milestone.

Install

pip install schemabrain==0.4.0
schemabrain init

Full changelog: see CHANGELOG.md.

Schema Brain 0.3.0

What's Changed

• docs: refresh post v0.2.0a1 — 5 tools, max_hops 6, query-log mining by @Arun-kc in #27
• feat: entity foundation (2 MCP tools, YAML loader, dbt write guard) by @Arun-kc in #28
• feat: LLM-suggest pipeline for entity definitions by @Arun-kc in #29
• feat: dbt manifest import write-path by @Arun-kc in #30
• feat: canonical join graph + resolve_join MCP tool by @Arun-kc in #31
• feat: metric model + get_metric MCP tool + dbt metric import by @Arun-kc in #32
• feat(setup): schemabrain init + doctor — one-command MCP host wiring + health check by @Arun-kc in #33
• feat(observability): event bus + schemabrain tail — watch what the agent does in real time by @Arun-kc in #34
• feat: audit substrate — mcp_audit table + chain hash + audit CLI by @Arun-kc in #35
• feat: PII classifier + propagation + pii_blocked refusal path by @Arun-kc in #36
• feat: init wizard — five-stage activation surface by @Arun-kc in #37
• feat: init wizard visual polish (header + spinner + closing block + failure panel) by @Arun-kc in #38
• docs + Docker: threat model, SLO contract, scalability frontier, runtime image, audit/dry-run polish by @Arun-kc in #39
• fix: real-DB hardening (profiler %-escape + Anthropic 429 backoff) by @Arun-kc in #40
• fix(mcp): support SQL-standard quoted qualified names (closes #41) by @Arun-kc in #42
• Post-stress hardening: 4 small fixes against generic-DB robustness by @Arun-kc in #43
• feat: schemabrain check drift detection + docker-compose demo stack by @Arun-kc in #48
• feat: schemabrain inspect — store-only schema + semantic-layer browser by @Arun-kc in #49
• feat: schemabrain metrics suggest by @Arun-kc in #50
• feat: optional OTel emission + 0.3.0 release prep + ADR archive expansion by @Arun-kc in #51
• Launch polish: README hero + examples bundle + wizard context-aware closing block by @Arun-kc in #52
• Fix xml-column profiler crash + clarify self-join error message (pre-0.3.0-tag) by @Arun-kc in #55
• Fix PII classifier S1-S4 bugs surfaced by 2026-05-18 production-DB smoke by @Arun-kc in #56
• feat(mcp): ship find_relevant_entities as 10th MCP tool by @Arun-kc in #57
• docs(readme): demo polish — Act 2 inspect hinge + tail excerpt + dry-run snippet + OTel snippet + full mcp-tools.md by @Arun-kc in #58
• docs: pre-tag accuracy pass (README + mcp-tools + demo.tape) by @Arun-kc in #59
• feat(wizard): add metrics suggestion stage to schemabrain init (PR A of semantic-layer expansion) by @Arun-kc in #60
• feat(wizard): add canonical-join suggestion stage to schemabrain init (PR B of semantic-layer expansion) by @Arun-kc in #61
• feat(wizard): add dbt-import branch to schemabrain init (PR C — closes the arc) by @Arun-kc in #62
• feat(wizard): pre-LLM confirmation pause (entities + metrics) by @Arun-kc in #63
• docs: sync README + setup.md + demo.tape with 7-stage wizard arc (PRs #60-#63) by @Arun-kc in #64
• refactor(cli): Rich-only prettification of inspect, init, and tail by @Arun-kc in #65
• fix(cli, wizard): three smoke findings from post-PR-#65 manual pass by @Arun-kc in #66
• fix(enrichment): bump Sonnet max-output-tokens 300→4096 + per-tier env-var override by @Arun-kc in #67
• fix(cli+mcp): close 9 findings from 2026-05-19 new-user smoke by @Arun-kc in #68
• feat(env): 4 new SCHEMABRAIN_* config-flexibility env vars + shared parser by @Arun-kc in #69
• feat(cli): polish 5 surfaces for v1 demo alignment by @Arun-kc in #70
• feat(cli): shared shell vocabulary _ui.py — PR #1 of design-system migration by @Arun-kc in #71
• feat(cli): status_glyph primitive + severity_glyph → drift_glyph rename — PR #2 of design-system migration by @Arun-kc in #72
• feat(cli): re-render init wizard onto design's hero surface — PR #3 of design-system migration by @Arun-kc in #73
• feat(cli): re-render doctor onto design's numbered-checklist surface (PR #4 of arc) by @Arun-kc in #74
• feat(cli): re-render two error surfaces onto design's panel vocabulary (PR #5 of arc) by @Arun-kc in #75
• feat(cli): re-render init --help onto design's grouped surface (PR #6 of arc) by @Arun-kc in #76
• feat(cli): polish inspect + index --dry-run onto design's brand-line + panel vocabulary (PR #7, final shape) by @Arun-kc in #77
• fix: 6 user-visible bugs from smoke 2026-05-19 (wizard spinner, inspect dedup, serve UX, tail surface) by @Arun-kc in #78
• feat: day-one UX overhaul — 8 manual steps → ~5 keypresses by @Arun-kc in #79
• feat(setup): post-PR-#79 polish bundle — D2 auto-docker, F3 inline overwrite + D3 diff preview, D4 .env persist, F5 LLM error shape by @Arun-kc in #80
• chore(release): v0.3.0 publish readiness by @Arun-kc in #81

Full Changelog: v0.2.0a1...v0.3.0

Schema Brain 0.2.0a1

Second alpha preview. Live on PyPI: `pip install schemabrain==0.2.0a1`.

This release rolls up six months of work between the original 0.1.0a1 cut and now. APIs may still change before v1 — pin the exact version if you need stability.

Highlights

• Charter v1.1 envelope on every MCP tool response: `status` enum with reserved `refused` literal, three new error kinds (`pii_blocked`, `policy_blocked`, `allowlist_violation`), optional `suggested_rewrite` and `widening_hint` recovery fields. The wire `charter_version` field bumps from `"1.0"` to `"1.1"`; clients pinning `"1.0"` continue to deserialise cleanly.
• Pre-v1 security hardening: `--url-env VARNAME` flag keeps DB passwords out of `ps` / shell history / journald; `SECURITY.md` published with disclosure SLA; Dependabot configured; `pip-audit`, `bandit`, and `semgrep` run on every PR; Postgres source-side enforcement of `default_transaction_read_only=on` so the read-only contract holds at the database level rather than by convention.
• `mine-queries` cleanup: Schema Brain's own profiler statements (positional-alias counts queries and `::text AS v` value samplers) are filtered out of `example_queries` so `get_example_queries` returns only real user workload. sqlglot WARNING-level chatter no longer leaks to stderr.
• `suggest_joins` default `max_hops` raised 4 → 6. Covers M:N junction chains common in normalised OLTP schemas; the bundled e-commerce fixture's `users → categories` pair (5 hops) is now reachable without an override.
• `IndexResult.summary()` fix: cache-hit re-indexes no longer print `LLM: 0 descriptions ($X)` from the cumulative ledger total.
• PEP 561 `py.typed` marker shipped. Type checkers in downstream projects now pick up Schema Brain's annotations.
• CLI ergonomics: `schemabrain --version`, `schemabrain fixture-path `, `--dry-run` on `index`, persistent cost ledger with `--max-cost` default of $1, guided errors throughout.

What's not in this release

Same scope boundary as 0.1.0a1: this is schema-intelligence with five MCP tools. The semantic-substrate (entities, metrics, canonical joins) lands at v1; the SQL-boundary safety primitives (`validate_query`, `execute`, PII-tagged refusal, sub-query refusal with recovery) land at v2.

Full changelog

See CHANGELOG.md `[0.2.0a1]`.