v0.1.0 - Verifiable Provenance and Evidence for Sandboxed Agents

AgentProvenance v0.1.0 is an early infrastructure release for sandboxed agent execution provenance.

It focuses on correlating application-side agent context with bring-your-own runtime telemetry, then turning execution facts into a queryable, replayable, and auditable evidence graph. Evidence can be content-addressed, hash-verified, and signed for tamper-evidence.

What works

• Zero-SDK command recording with agentprov record -- <command>.
• Application context and runtime telemetry correlation through run/session/attempt/tool_call/process/container/cgroup/pid/time-window identity.
• Timeline, observe, graph explain, graph verify, diff, blame, replay manifest, and evidence manifest commands.
• Falco-compatible telemetry ingest path for BYO system telemetry.
• Unified signals model for security, quality, cost, and behavior evidence.
• Policy/risk/response linkage for metadata/private CIDR/secret-path style findings.
• Forensics bundle export with sha256 and DSSE/in-toto-style signing support.
• Daemon API foundations, including bearer-token auth and signal/query paths.
• Python evaluator helper for external signal/reward/evaluator pipelines.

Boundaries

• This is not a production sandbox runtime, Kubernetes/Ray replacement, generic telemetry collector, LLM trace dashboard, or version-control system.
• System telemetry is BYO in this release. Native eBPF/Falco/Tetragon sensor integration and Linux validation are planned for v0.2+.
• Risk response is evidence/control-plane oriented; deeper runtime enforcement and Feishu/DingTalk adapters are later milestones.

Validation

Release checks passed locally:

go test ./...
python3 -m unittest discover -s python/tests
git diff --check
scripts/accept_unified_signals_attestation.sh