Skip to content

v0.25.0

Choose a tag to compare

View all tags
@anthony-chaudhary anthony-chaudhary released this 12 Jun 09:39
· 406 commits to master since this release
v0.25.0
7c18c0f

version: 0.25.0
date: 2026-06-12
headline: "Minor — dos verdicts plug into Microsoft AGT's policy-backend seat with one registration line."
themes: ["drivers"]
highlights:

  • "New driver: dos.drivers.agt_backend seats dos verdicts beside OPA/Cedar in AGT"
  • "Two seats: verify (effect-claim oracle) and arbitrate (footprint admission)"
  • "Abstain maps to AGT's skip channel; binds always return error=None"
  • "Ship evidence (commit digest, graded rung) rides AGT's audit fields"
  • "Verified against the published agent_os_kernel wheel, not just the clone"

TL;DR — A host running Microsoft's Agent Governance Toolkit (AGT) can now
register dos as an external policy backend — evaluator.add_backend(DosBackend(workspace="."))
— and get dos adjudication (the ship oracle or the lease arbiter) inside AGT's
own evaluation pipeline. Adoption surface for AGT shops; no kernel change.

drivers — the AGT ExternalPolicyBackend adapter (docs/302)

  • What changed — new layer-4 driver dos.drivers.agt_backend implementing
    AGT's runtime-checkable backend protocol (name + evaluate(context)).
    • Why: AGT gives third-party policy engines a first-class seat (their
      ADR-0015); the dependency arrow means the adapter lives here, like AGT's
      own OPA/Cedar backends live there. Tracking issue
      #53.
    • How: src/dos/drivers/agt_backend.py:DosBackendseat="verify"
      (default; dos_plan/dos_phase context keys → ship-oracle verdict) or
      seat="arbitrate" (dos_tree/path → admission verdict).
  • The verdict mapping preserves both philosophies — REFUSE/unverified →
    binding deny; affirmative → binding allow; ABSTAIN or a failed dos
    evaluation → AGT's error/skip channel (fail-to-abstain, never a fabricated
    verdict). A shipped claim's commit digest rides proof_artefact
    (git:<sha>) with the graded evidence rung in verification_pointers.
  • No new dependency — nothing from agent_os imports at module load; the
    decision object is duck-typed with a structural twin when the host package
    is absent (require_agt=True is the loud opt-in). Decisions are constructed
    against the fields the installed host version actually declares, so the
    published agent_os_kernel 3.7.0 (pre-evidence-fields) still binds
    correctly — verified by tests/test_agt_backend.py against the real wheel.
  • Upstream contract gap filed, not worked around — AGT's evaluator skips
    any error-set decision, so its own backends' fail-closed denies can fall
    through to a default allow; reported as
    microsoft/agent-governance-toolkit#2992.

Also in this tag

  • examples/serverless_rl/dos reward as a weave.Scorer / ART reward
    function (the serverless-RL drop), with tests.
  • docs/FAQ.md — the worktree-isolation entry + the two restored tail
    entries; llms-full.txt rebuilt.
  • dos_citation_resolve exposed as an MCP tool (the citation_resolve witness).
  • docs/303 — the --hooks auto runtime-detection plan (design, unshipped).
Assets 2
Loading