Releases: capfencelabs/capfence
Releases · capfencelabs/capfence
Release list
CapFence 0.9.0
Added
- Lightweight framework adapters for CrewAI, AutoGen, LlamaIndex, and PydanticAI.
- Import smoke and behavior tests for the expanded adapter surface.
capfence[crypto]extra for Ed25519 audit signatures viacryptography.- Local Makefile targets for test, lint, typecheck, build, docs, release-check, and cleanup.
- Repository hardening build plan under
docs-dev/.
Changed
- Signed audit log verification now checks stored signatures when present and fails closed if the audit public key is missing or a signature is invalid.
- LangChain wrapper metadata now explicitly records the
langchainframework marker. - CLI version output now reads from package
__version__. - AutoGen example now uses the shipped CapFence wrapper.
- Package and website docs now align with current CLI commands, adapter support, and audit-signing behavior.
Fixed
- Invalid signature encodings now fail verification cleanly instead of raising.
- Public docs no longer advertise removed internal commands as current CLI features.
v0.8.4
What's Changed
- Codex/build plan implementation by @AnshumanKumar14 in #7
Full Changelog: v0.8.3...v0.8.4
v0.8.3
What's Changed
- docs: use hashed lockfiles in setup by @AnshumanKumar14 in #4
- Codex/refine docs positioning by @AnshumanKumar14 in #6
Full Changelog: v0.8.2...v0.8.3
v0.8.2
v0.8.1 - Capfence
Full Changelog: v0.7.0...v0.8.1
0.7.0
Release v0.6.2
0.6.1 New exampples for different framework integration
Full Changelog: v0.6.0...v0.6.1
Version 0.5.0 beta
v0.5.0 Release v0.5.0: production-ready positioning, flow tracer, async gate…
Release v0.4.0: — hash chain, Ed25519, OWASP, MCP, LangGraph, OpenAI Agents, EU AI Act, Plaid, telemetry
Features:
- Hash-chained tamper-evident audit log (core/chain.py)
- Optional Ed25519 signing of audit entries (core/keys.py)
- Hardened Regex+AST scorer (core/scorer.py)
- OWASP Agentic Top 10 coverage matrix (assessment/owasp.py)
- MCP gateway server and in-process adapter (mcp/)
- LangGraph ShadowAuditToolNode (framework/langgraph.py)
- OpenAI Agents SDK wrapper (framework/openai_agents.py)
- EU AI Act Annex IV evidence pack generator (assessment/eu_ai_act.py)
- Plaid taxonomy pack (taxonomies/financial_plaid.json)
- Opt-in telemetry client (telemetry/client.py)
CLI additions:
- shadowaudit verify — audit log integrity check
- shadowaudit owasp — OWASP coverage report
- shadowaudit eu-ai-act — EU AI Act evidence pack
Examples:
- 9 new runnable examples covering all v0.4.0 features
- examples/run_all_examples.py test runner
Tests:
- 205 tests (1 skipped), full coverage of new modules
Quality & Security fixes:
- Constant-time signature verification (hmac.compare_digest)
- Atomic key file writes with restricted permissions
- Taxonomy cache poisoning fix (deep copy before mutation)
- Regex pattern LRU caching in scorer
- MCP Content-Length bounds checking (MAX_MESSAGE_SIZE)
- Shared AST cache in two-pass scanner
- Asyncio.Lock in telemetry client start/stop
- Path traversal validation in EU AI Act output
Documentation:
- Updated README with all shipped features and example index
- docs/TESTING_GUIDE.md — comprehensive user testing guide
- docs/CODE_REVIEW_WEEK13.md — full security/performance/quality review
Decoupling:
- Cloud-tier code removed from OSS repo (shadowaudit-cloud/ ready for private repo)
- TelemetryClient stays in OSS (opt-in, hashed metadata only)
Demo:
- shadowaudit-demo/ realistic fintech agent for end-to-end testing