What's Changed
- MIN-414 update OpenAPI docs access by @peycheff-com in #378
- chore(release): prepare v0.5.14 fanout fix by @peycheff-com in #379
- feat(kernel): certification evidence gate, verifier telemetry, demo mcp, receipt comparison (MIN-719/568/609/570) by @peycheff-com in #380
- MIN-739 Block stale Go SDK publication drift by @peycheff-com in #382
- fix(demo): emit a canonical sealed EvidencePack so verify passes out of the box (MIN-738) by @peycheff-com in #383
- feat(kernel): anchor receipt issuance in transparency log, fail-closed (MIN-720) by @peycheff-com in #381
- fix(proof-path): scope conform L1/L2 as engine smoke, not a release gate (MIN-740) by @peycheff-com in #384
- fix(kernel): persist receipt transparency anchor fields (MIN-720 follow-up) by @peycheff-com in #386
- chore(release): prepare v0.5.15 by @peycheff-com in #387
- feat(receipts): external decision-receipt compatibility foundation + Receipt Spec v1.0 by @peycheff-com in #388
- feat(cli): helm-ai-kernel verify decision-receipt + runnable example by @peycheff-com in #389
- feat(receipts): import external receipt → HELM EvidencePack (verify → re-anchor) by @peycheff-com in #390
- fix(release): track sdk/go/v{version} subdirectory tag as a version surface by @peycheff-com in #391
- chore: ignore stray root binary + define RLM input evidence boundary by @peycheff-com in #392
- feat: verify advisory agent provenance packs by @peycheff-com in #393
- Add harness-study workstation conformance fixtures by @peycheff-com in #396
- feat(evidence): import + offline-verify foreign agent-action receipts (plans 001+002) by @mindburnlabs in #395
- Add MAMA workstation receipt fixture by @mindburnlabs in #400
- Add Claude/Codex setup front door by @mindburnlabs in #394
- docs: use signup wording for local proof by @mindburnlabs in #401
- docs: sharpen README front door by @mindburnlabs in #404
- Add formal proof worker v0 by @mindburnlabs in #403
- Add optional OpenEnv safety fixtures by @mindburnlabs in #405
- docs: cut README first screen by @mindburnlabs in #406
- Prepare v0.5.16 release by @mindburnlabs in #407
- docs: simplify README front door by @mindburnlabs in #408
- docs: add HELM fit comparison table by @mindburnlabs in #409
- chore: prepare v0.5.17 release by @mindburnlabs in #410
- docs: clarify kernel boundary limits by @mindburnlabs in #412
- feat(evidence/adapters): import Signet + AGT agent receipts into EvidencePacks (plan 003) by @mindburnlabs in #398
- Enterprise-scale hardening and v0.5.18 release prep by @mindburnlabs in #420
- chore(deps-dev): bump vite from 8.0.14 to 8.0.16 in /sdk/ts by @dependabot[bot] in #399
- docs: add Codebase Memory MCP integration by @mindburnlabs in #402
- chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /core/pkg/compliance/zkprovider/gdpr17 by @dependabot[bot] in #421
- Fix Homebrew formula release generation by @peycheff-com in #422
- [EVIDENCE1] Business-readable EvidencePack by @peycheff-com in #424
- [SPEND4] Implement provider catalog, terms profiles, BYOK, managed accounts, and route policies by @peycheff-com in #425
- [SPEND3] Ship OpenAI-compatible governed inference gateway and RouteQuote engine by @peycheff-com in #423
- campaign-x-net: update golang.org/x/net to v0.56.0 by @peycheff-com in #430
- docs: close kernel community issue backlog by @peycheff-com in #431
- fix: harden install.sh and correct Homebrew install docs by @SergeyAP in #432
- Remove Kernel UI bundle and Console launch paths by @mindburnlabs in #442
- MIN-720: embed transparency proofs in pack export by @mindburnlabs in #437
- MIN-791 drop OpenClaw proxy readiness guard by @mindburnlabs in #438
- MIN-790 support reused Kubernetes smoke clusters by @mindburnlabs in #439
- docs(launchpad): add launch conformance oracle by @mindburnlabs in #440
- Require grounded GUI proof refs by @mindburnlabs in #444
- Use docs root for GitHub links by @mindburnlabs in #446
- Docs: make HELM Kernel public docs production-safe by @peycheff-com in #448
- Add privacy-preserving risk envelope contract by @mindburnlabs in #449
- Publish risk scan docs route by @mindburnlabs in #452
- Tighten public docs proof boundaries by @peycheff-com in #453
- Add quantum crypto inventory guard by @mindburnlabs in #450
- docs: simplify public kernel entrypoints by @peycheff-com in #454
- Harden sandbox execution guardrails by @peycheff-com in #445
- Make HELM docs developer-first by @peycheff-com in #447
- docs: restore version drift guard anchors by @mindburnlabs in #456
- chore(deps): bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.22.0 in /sdk/java by @dependabot[bot] in #443
- Center public docs on approval contract by @peycheff-com in #457
- docs: keep publication policy machine output public-safe by @peycheff-com in #458
- docs: tighten public SOTA docs surface by @peycheff-com in #459
- Align account plan id SDK types by @mindburnlabs in #433
- docs: publish OpenClaw and Hermes integration coverage by @peycheff-com in #461
- Wire quantum crypto posture guard into quality gates by @peycheff-com in #460
- Prepare helm-ai-kernel v0.5.19 release by @peycheff-com in #462
- docs: simplify kernel CLI first run by @peycheff-com in #464
- Document public quantum receipt posture by @peycheff-com in #466
- Release helm-ai-kernel v0.5.20 by @mindburnlabs in #469
- Use PyPI trusted publishing by @mindburnlabs in #471
- docs: add public web PQC boundary by @mindburnlabs in #470
- Add docs truth workflow by @peycheff-com in #472
- Pass only docs truth read token by @peycheff-com in #473
- fix(release): restore PyPI token publishing by @peycheff-com in #474
- fix(release): avoid version-prefix drift false positives by @peycheff-com in #475
- fix(release): allow Python publish from release tag by @mindburnlabs in #476
- Use public docs truth reusable workflow by @mindburnlabs in #477
- Prepare helm-ai-kernel v0.6.0 source release by @mindburnlabs in #478
- Expose receipt signature posture metadata by @mindburnlabs in #479
- Make v0.6.0 VEX generation deterministic by @mindburnlabs in #481
- Publish proof loop docs in manifest by @mindburnlabs in #482
- Fix PyPI trusted publishing for release workflows by @mindburnlabs in #483
- docs: refresh quantum posture boundary by @peycheff-com in #484
- docs: clarify tenant KMS quantum posture by @peycheff-com in #485
- docs: use neutral tenant KMS heading by @peycheff-com in #486
- fix(release): allow PyPI token publishing by @peycheff-com in #487
- Document HELM proof loop and AI security categories by @mindburnlabs in #480
- security: verify hybrid approval receipts by @mindburnlabs in #488
- Fix Homebrew release publishing through tap PR by @mindburnlabs in #490
- docs: clarify quantum security posture by @mindburnlabs in #491
- chore: restore valid kernel codeowners by @peycheff-com in #493
- Fix GHCR manifest status check for releases by @peycheff-com in #492
- docs: make policy bundle signing profile-aware by @peycheff-com in #494
- Document console hybrid receipt display posture by @mindburnlabs in #495
- ci: fix TLA Specs — update rolling tla2tools.jar digest, fail download loudly by @Hirama in #503
- Document live console receipt events by @peycheff-com in #505
- Document console hybrid smoke posture by @peycheff-com in #506
- Scope release wording to HELM Kernel and Enterprise by @peycheff-com in #507
- fix(kernel): guard InMemoryEffectBoundary with a mutex (HELM-54) by @Hirama in #500
- fix(prg): make RequirementSet.Hash a real content digest (HELM-55) by @Hirama in #501
- fix(guardian): preserve snapshot policy hash under embedded PDP (HELM-49) by @Hirama in #496
- fix(guardian): scan all text fields in threat gate (HELM-51) by @Hirama in #497
- fix(guardian): require trusted context for tainted-egress override (HELM-52) by @Hirama in #498
- fix(guardian): burn delegation nonce only after scope checks (HELM-53) by @Hirama in #499
- fix(guardian): consume budget after policy, fail closed (HELM-50) by @Hirama in #502
- cleanup(kernel): HELM-56 partial — IDs, PRG operator parity, clock warn by @Hirama in #508
- docs: add HELM AI Kernel OSS 1.0 release train plan by @peycheff-com in #509
- ci: fetch base ref for quantum inventory guard by @peycheff-com in #510
- Release helm-ai-kernel v0.7.0 EvidencePack beta by @mindburnlabs in #512
- ci: allow npm publish from release tags by @peycheff-com in #513
- ci: make npm dist-tag explicit by @peycheff-com in #515
- test: cover npm dist-tag validation by @mindburnlabs in #518
- ci: require release provenance assets by @peycheff-com in #519
- ci: verify release SLSA subjects by @peycheff-com in #520
- Release helm-ai-kernel v0.7.1 by @eipp in #525
- chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.52.0 in /core/pkg/compliance/zkprovider/gdpr17 by @dependabot[bot] in #522
- ci: mirror tla2tools jar for TLA specs by @mindburnlabs in #526
- Governed MCP execution bridge (R3): ALLOW/DENY/ESCALATE, not deny-only by @mindburnlabs in #534
- chore(deps): bump Go toolchain 1.25.10 → 1.25.12 (HELM-133) by @SergeyAP in #535
- feat: add scoped emergency-stop fence by @mindburnlabs in #540
- Fail closed on ambiguous sandbox network posture by @eipp in #532
- Fail closed replay determinism gate by @eipp in #533
- fix(security): update cryptography build dependency by @mindburnlabs in #538
- fix(security): update jackson databind dependency by @mindburnlabs in #539
- fix(api): align boundary status OpenAPI with runtime by @mindburnlabs in #536
- fix(release): bring mcp-bundle.json under the version-surfaces contract (HELM-162) by @mindburnlabs in #544
- docs: OSS trust package — TRADEMARK.md, NOTICE, DCO gate, free-forever pledge (HELM-161) by @mindburnlabs in #543
- release: finalize v0.7.2 changelog and OpenVEX by @SergeyAP in #550
- docs(changelog): complete v0.7.2 notes for shipped enforcement + deps by @SergeyAP in #559
New Contributors
Full Changelog: v0.5.13...v0.7.2