Releases: agentrust-io/cmcp
Releases · agentrust-io/cmcp
Release list
v0.3.0
Security hardening release. Software-only (non-hardware-backed) claims now return partially_verified instead of verified (fail-closed); a real verification failure is never downgraded. An external-execution receipt whose linked_call_id does not match the entry is no longer reported signature-valid.
cmcp-runtime 0.2.1
cmcp-runtime 0.2.1
New features & security
- Session binding — bind Agent Manifest identity to cMCP Trust Records for end-to-end agent provenance
- Response hash binding — cryptographic binding of upstream tool response payloads to audit entries
- TLS pinning — upstream TLS fingerprint pinning to protect tool connections from MITM
- RFC 7638 JWK Thumbprint — stronger TEE nonce key binding using standardized thumbprint format
- evidence_class — tool response assurance classification in audit log entries
- Security: TPM SHA-1 fallback downgrades to software-only attestation (no weak hash dependency)
- Security: pre-launch hardening — secret scanning, dependency pinning, input validation
- Tests: TLS pin mismatch and response hash tamper test coverage
Install
pip install cmcp-runtime==0.2.1cmcp-runtime 0.2.0
First release containing the complete runtime pipeline.
Highlights
- Bearer-token auth wired into the live server (AUTH-001)
- Upstream MCP forwarding: AGT pre-call interception, JSON-RPC forward to the attested catalog server, response size guard, injection/credential/PII response scanning
- Durable SQLite audit store (WAL, synchronous) with TEE-anchored hash chains and orphaned-session detection
- POST /sessions/{id}/close issues the signed TRACE Trust Record and rotates the session
- Cedar @annotation metadata returned as structured advice on denies (HITL payloads)
- cmcp verify: one-command verification of claims and signed audit bundles, tamper-evident
- Fail-closed hardware verifiers (TPM, SEV-SNP, TDX, Opaque): no evidence, no verification
- Dev-mode records carry platform software-only, never tpm2 (requires agentrust-trace >= 0.1.1)
- Silent mode contract: operational logs quiet, audit evidence always recorded
Install: pip install cmcp-runtime
v0.1.0
Initial release as cmcp-runtime (was cmcp-gateway)