Skip to content

v0.4.0 — SQL firewall positioning + DX hardening

Choose a tag to compare

View all tags
@Arun-kc Arun-kc released this 25 May 10:53
· 338 commits to main since this release
v0.4.0
28a30f5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

SchemaBrain v0.4.0 — SQL firewall positioning + DX hardening

pip install schemabrain==0.4.0 · Quickstart

What's new

Positioning lock. README, package metadata, CLI --help, and MCP server handshake all anchor on the same sentence: the SQL firewall between AI agents and your production database — twelve read-only tools, validated metrics, tamper-evident audit.

Three guarantees, deepened.

  • Read-only by architecture, not configuration — twelve MCP tools, none of which can write. Structural, not a session flag the agent can flip.
  • PII refusal at retrieval — PII tags propagate through joins and metrics; blocked categories refuse before SQL touches the database. Column-granular redaction in describe_entity (was whole-entity).
  • Cryptographic audit chain — SHA256 chain over every call; audit verify detects post-hoc tampering by any process without write access.

Highlights

  • Charter v1.2 2D trust signalinference_method × validation_state replaces the flat confidence=HIGH (#95).
  • Composite-expression measuresMetricMeasure.expression parses via ast.parse with a node-type whitelist; SQL injection surface closed by construction (#91).
  • Junction-table bridgeslist_joins / inspect surface M:N joins through junction entities (#95).
  • Partition-parent FK union — Postgres partitioned tables whose FKs sit on the children (Pagila pattern) now surface those FKs on the parent (#102).
  • metrics show <name> — direct namespaced drill, no entity/join shadowing (#101).
  • Brand naming convention lockedschemabrain (lowercase) in code, CLI, PyPI, URLs; SchemaBrain (one word, title case) in prose.

DX hardening

  • Install snippet names the Cmd+Q restart that the wizard relies on.
  • Cost paragraph above the fold trimmed to a single line.
  • Quickstart leads with bring-your-own-Postgres-URL; Docker path is the opt-in.
  • README hero anchors map to the firewall property grid where each guarantee is deep-dived.

Roadmap toward 1.0

Four launch-blocker PRs (default --pii-block hardening, refusal-envelope probe-oracle fix, audit verify --since, audit tail cost+trust footer) plus the YAML-round-trip ergonomics layer ship next sprint. v2's SQL-boundary safety wedge (validate_query, execute with hard caps) is the next major milestone.

Install

pip install schemabrain==0.4.0
schemabrain init

Full changelog: see CHANGELOG.md.

Assets 2
Loading