Skip to content

v3.7.1 — Sealed Promotion Gate

Choose a tag to compare

View all tags
@kpernyer kpernyer released this 21 Apr 18:16
· 108 commits to main since this release
v3.7.1
27271d0

What's Changed Since v3.0.3

This release covers seven minor releases of architectural work: the promotion gate is now fully sealed, the convergence loop is cleaner, and the codebase is significantly leaner.

Breaking Changes

  • ContextView removed — use Context (the trait) and ContextState (the concrete type). All downstream consumers updated.
  • ConvergeResult now requires integrityEngine::run returns an IntegrityProof (merkle root, Lamport clock, fact count) alongside the converged context.
  • Provider capability contracts movedChatBackend, ModelSelector, ChatRequest/Response now live in converge-provider-api. Downstream crates depend on the lightweight API crate, not the full engine.

Promotion Gate — Now Fully Sealed

The "agents suggest, engine decides" invariant is now enforced at compile time with no escape hatch:

  • AgentEffect is proposal-onlywith_fact() has been removed
  • Fact has no public constructor — only the PromotionGate inside converge-core can promote
  • ValidatedProposal and ValidationReport have private fields — no forgery via struct literals
  • Proposal<Validated> cannot be deserialized or constructed outside the gate
  • 26 compile-fail tests prove the gate is sealed across all public crate boundaries

New Capabilities

Formation pattern — multiple heterogeneous suggestors (domain logic, policy gates, optimizers, knowledge) converge in a single Engine::run. See examples/formation-mixed.

Optimization as first-class agentsSolverSuggestor<P: Pack> wraps all 11 optimization domain packs as Suggestor implementations. No separate pipeline.

Policy as first-class agentsPolicyGateSuggestor, DelegationVerifySuggestor, and FlowGateSuggestor bring Cedar policy evaluation into the convergence loop.

Run integrity — every ConvergeResult carries a tamper-evident IntegrityProof: SHA-256 content hashes, Lamport logical clock, and a Merkle root over all promoted facts.

New providersKongBackend (Konnect Key Auth, retry, tool calling), OpenRouterBackend (100+ models, cost metadata), ResilientChatBackend (retry + format fallback).

Quality

  • 700+ new tests — property tests, negative tests, soak tests, compile-fail contracts
  • Stability testing framework — Criterion benchmarks, chaos tests, soak tests, automated weekly regression detection
  • Dead code removed — 3,469 lines of orphaned modules deleted
  • Zero clippy warnings — workspace-wide clean pass

Workspace

  • Deployment and infra moved to the runway repo — converge workspace is now kernel + providers only
  • converge-tool / converge-axiom extracted to separate repo

Known Limitations

  • bipartite_matching() in converge-optimization contains a todo!() — will panic if called
  • rsa 0.9.x has a medium-severity advisory (Marvin attack, no upstream fix — transitive via jsonwebtoken)

Full Changelog: v3.0.3...v3.7.1

Assets 2
Loading