Skip to content

Releases: capfencelabs/capfence

CapFence 0.9.0

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 27 May 11:15

Added

  • Lightweight framework adapters for CrewAI, AutoGen, LlamaIndex, and PydanticAI.
  • Import smoke and behavior tests for the expanded adapter surface.
  • capfence[crypto] extra for Ed25519 audit signatures via cryptography.
  • Local Makefile targets for test, lint, typecheck, build, docs, release-check, and cleanup.
  • Repository hardening build plan under docs-dev/.

Changed

  • Signed audit log verification now checks stored signatures when present and fails closed if the audit public key is missing or a signature is invalid.
  • LangChain wrapper metadata now explicitly records the langchain framework marker.
  • CLI version output now reads from package __version__.
  • AutoGen example now uses the shipped CapFence wrapper.
  • Package and website docs now align with current CLI commands, adapter support, and audit-signing behavior.

Fixed

  • Invalid signature encodings now fail verification cleanly instead of raising.
  • Public docs no longer advertise removed internal commands as current CLI features.

v0.8.4

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 27 May 02:43

What's Changed

Full Changelog: v0.8.3...v0.8.4

v0.8.3

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 24 May 00:32

What's Changed

Full Changelog: v0.8.2...v0.8.3

v0.8.2

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 19 May 06:20

Full Changelog: v0.8.1...v0.8.2

v0.8.1 - Capfence

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 18 May 07:04

Full Changelog: v0.7.0...v0.8.1

0.7.0

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 15 May 20:55

Full Changelog: v0.6.2...v0.7.0

Release v0.6.2

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 14 May 21:02
Release 0.6.2

0.6.1 New exampples for different framework integration

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 12 May 18:54

Full Changelog: v0.6.0...v0.6.1

Version 0.5.0 beta

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 11 May 15:25
v0.5.0

Release v0.5.0: production-ready positioning, flow tracer, async gate…

Release v0.4.0: — hash chain, Ed25519, OWASP, MCP, LangGraph, OpenAI Agents, EU AI Act, Plaid, telemetry

Choose a tag to compare

@AnshumanKumar14 AnshumanKumar14 released this 08 May 22:11

Features:

  • Hash-chained tamper-evident audit log (core/chain.py)
  • Optional Ed25519 signing of audit entries (core/keys.py)
  • Hardened Regex+AST scorer (core/scorer.py)
  • OWASP Agentic Top 10 coverage matrix (assessment/owasp.py)
  • MCP gateway server and in-process adapter (mcp/)
  • LangGraph ShadowAuditToolNode (framework/langgraph.py)
  • OpenAI Agents SDK wrapper (framework/openai_agents.py)
  • EU AI Act Annex IV evidence pack generator (assessment/eu_ai_act.py)
  • Plaid taxonomy pack (taxonomies/financial_plaid.json)
  • Opt-in telemetry client (telemetry/client.py)

CLI additions:

  • shadowaudit verify — audit log integrity check
  • shadowaudit owasp — OWASP coverage report
  • shadowaudit eu-ai-act — EU AI Act evidence pack

Examples:

  • 9 new runnable examples covering all v0.4.0 features
  • examples/run_all_examples.py test runner

Tests:

  • 205 tests (1 skipped), full coverage of new modules

Quality & Security fixes:

  • Constant-time signature verification (hmac.compare_digest)
  • Atomic key file writes with restricted permissions
  • Taxonomy cache poisoning fix (deep copy before mutation)
  • Regex pattern LRU caching in scorer
  • MCP Content-Length bounds checking (MAX_MESSAGE_SIZE)
  • Shared AST cache in two-pass scanner
  • Asyncio.Lock in telemetry client start/stop
  • Path traversal validation in EU AI Act output

Documentation:

  • Updated README with all shipped features and example index
  • docs/TESTING_GUIDE.md — comprehensive user testing guide
  • docs/CODE_REVIEW_WEEK13.md — full security/performance/quality review

Decoupling:

  • Cloud-tier code removed from OSS repo (shadowaudit-cloud/ ready for private repo)
  • TelemetryClient stays in OSS (opt-in, hashed metadata only)

Demo:

  • shadowaudit-demo/ realistic fintech agent for end-to-end testing