cmcp-runtime 0.2.0
First release containing the complete runtime pipeline.
Highlights
- Bearer-token auth wired into the live server (AUTH-001)
- Upstream MCP forwarding: AGT pre-call interception, JSON-RPC forward to the attested catalog server, response size guard, injection/credential/PII response scanning
- Durable SQLite audit store (WAL, synchronous) with TEE-anchored hash chains and orphaned-session detection
- POST /sessions/{id}/close issues the signed TRACE Trust Record and rotates the session
- Cedar @annotation metadata returned as structured advice on denies (HITL payloads)
- cmcp verify: one-command verification of claims and signed audit bundles, tamper-evident
- Fail-closed hardware verifiers (TPM, SEV-SNP, TDX, Opaque): no evidence, no verification
- Dev-mode records carry platform software-only, never tpm2 (requires agentrust-trace >= 0.1.1)
- Silent mode contract: operational logs quiet, audit evidence always recorded
Install: pip install cmcp-runtime