Skip to content

v0.7.0 — The Black Box for AI Agents

Choose a tag to compare

View all tags
@aevum-labs aevum-labs released this 26 May 15:44
· 319 commits to main since this release
v0.7.0
7c2e4f7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Aevum v0.7.0 — The Black Box for AI Agents

Summary

v0.7.0 implements the complete "black box for AI agents" architecture:
a forensic recorder (FDR/VDR-equivalent), an operational analytics layer
(QAR/FOQA-equivalent), and an automation handoff recorder (DSSAD-equivalent).

This release also delivers full ML-DSA-65 post-quantum signing, six adapter
integrations (LangGraph, CrewAI, OpenAI Agents, Google ADK, Microsoft Agent
Framework, SPIFFE/SVID), a Scalar API explorer, A2A ASGI audit middleware,
MCP Docker Gateway, OPA full-barrier fallback, and ISO 42001 evidence
mapping.

What's new

See CHANGELOG.md — [0.7.0] for the complete list of
changes. Highlights by session:

  • Sessions 1A–1B — Black box receipt format layer (AevumReceipt +
    COSE_Sign1 signing path) and SCITT profile headers (AmbientContextReceipt,
    ADR-009 cross-chain reference architecture).
  • Session 2 — Three-tier SQLite WAL receipt store (hot/warm/cold tiers).
  • Sessions 3A–3B — OTel semconv migration (gen_ai.provider.name
    dual-emit); QAR/FOQA analytics layer (ExceedanceDetector,
    GatekeeperFilter, FOQABridge).
  • Sessions 5–6 — Scalar API explorer (API + Vite/React UI) in demo.
  • Sessions 7–9 — Google ADK, Microsoft Agent Framework, and SPIFFE
    adapter integrations; MCP Docker Gateway shim; A2A ASGI audit middleware.
  • Session 10 — OPA full-barrier fallback and Rego parity policies.
  • Session 11 — Integration guides, compliance corrections, ISO 42001
    evidence map.
  • Sessions 12A–12B — zizmor GitHub Actions security scanner; ops
    monitoring workflows (smoke test, benchmark regression, license compliance).
  • Session 13 — ML-DSA-65 dual-signing hardening documentation; EAR
    §742.15 supplemental filed 2026-05-24.
  • Session 14 — Pre-release cleanup: SPDX headers (121 files), SHA
    pinning, version bump, liboqs-python>=0.14.0.

Known open items

V07-VAULT — VaultTransitSigner live integration test

The VaultTransitSigner implementation is complete (httpx calls, real
sign/verify — confirmed in the gate report and Session 13). The live
integration test against a real Vault dev server was deferred because it
requires a local machine with Vault installed. This will be completed in
v0.7.1.

Wording note: Do not describe VaultTransitSigner as "not yet
implemented" — the implementation is present and functional.

Other open items

See KNOWN_UNKNOWNS.md in the repository root for the complete list,
including the v0.7.0 Open Items carry-forward section.

Upgrading from v0.6.0

pip install --upgrade \
  aevum-core \
  aevum-publish \
  aevum-otel \
  aevum-cli \
  aevum-mcp \
  aevum-agent \
  aevum-server \
  aevum-store-oxigraph \
  aevum-store-postgres \
  aevum-conformance \
  aevum-spiffe

Breaking changes

None. All five public function signatures (ingest, query, review,
commit, replay) and all OutputEnvelope mandatory fields are unchanged.

Dependency changes

  • liboqs-python lower bound raised from >=0.10.0 to >=0.14.0. If you
    use DualSigner (ML-DSA-65), upgrade liboqs-python and the native
    liboqs.so library. See docs/deployment/liboqs.md.

Infrastructure note

Assets 3
Loading