Skip to content

Releases: agentrust-io/cmcp

v0.3.0

Choose a tag to compare

@imran-siddique imran-siddique released this 30 Jun 20:10
f37b54a

Security hardening release. Software-only (non-hardware-backed) claims now return partially_verified instead of verified (fail-closed); a real verification failure is never downgraded. An external-execution receipt whose linked_call_id does not match the entry is no longer reported signature-valid.

cmcp-runtime 0.2.1

Choose a tag to compare

@imran-siddique imran-siddique released this 23 Jun 00:32

cmcp-runtime 0.2.1

New features & security

  • Session binding — bind Agent Manifest identity to cMCP Trust Records for end-to-end agent provenance
  • Response hash binding — cryptographic binding of upstream tool response payloads to audit entries
  • TLS pinning — upstream TLS fingerprint pinning to protect tool connections from MITM
  • RFC 7638 JWK Thumbprint — stronger TEE nonce key binding using standardized thumbprint format
  • evidence_class — tool response assurance classification in audit log entries
  • Security: TPM SHA-1 fallback downgrades to software-only attestation (no weak hash dependency)
  • Security: pre-launch hardening — secret scanning, dependency pinning, input validation
  • Tests: TLS pin mismatch and response hash tamper test coverage

Install

pip install cmcp-runtime==0.2.1

Full documentation →

cmcp-runtime 0.2.0

Choose a tag to compare

@imran-siddique imran-siddique released this 12 Jun 17:13
572ba84

First release containing the complete runtime pipeline.

Highlights

  • Bearer-token auth wired into the live server (AUTH-001)
  • Upstream MCP forwarding: AGT pre-call interception, JSON-RPC forward to the attested catalog server, response size guard, injection/credential/PII response scanning
  • Durable SQLite audit store (WAL, synchronous) with TEE-anchored hash chains and orphaned-session detection
  • POST /sessions/{id}/close issues the signed TRACE Trust Record and rotates the session
  • Cedar @annotation metadata returned as structured advice on denies (HITL payloads)
  • cmcp verify: one-command verification of claims and signed audit bundles, tamper-evident
  • Fail-closed hardware verifiers (TPM, SEV-SNP, TDX, Opaque): no evidence, no verification
  • Dev-mode records carry platform software-only, never tpm2 (requires agentrust-trace >= 0.1.1)
  • Silent mode contract: operational logs quiet, audit evidence always recorded

Install: pip install cmcp-runtime

v0.1.0

Choose a tag to compare

@imran-siddique imran-siddique released this 09 Jun 18:35
1baf0f9

Initial release as cmcp-runtime (was cmcp-gateway)