Skip to content

cmcp-runtime 0.2.1

Choose a tag to compare

@imran-siddique imran-siddique released this 23 Jun 00:32

cmcp-runtime 0.2.1

New features & security

  • Session binding — bind Agent Manifest identity to cMCP Trust Records for end-to-end agent provenance
  • Response hash binding — cryptographic binding of upstream tool response payloads to audit entries
  • TLS pinning — upstream TLS fingerprint pinning to protect tool connections from MITM
  • RFC 7638 JWK Thumbprint — stronger TEE nonce key binding using standardized thumbprint format
  • evidence_class — tool response assurance classification in audit log entries
  • Security: TPM SHA-1 fallback downgrades to software-only attestation (no weak hash dependency)
  • Security: pre-launch hardening — secret scanning, dependency pinning, input validation
  • Tests: TLS pin mismatch and response hash tamper test coverage

Install

pip install cmcp-runtime==0.2.1

Full documentation →