Skip to content

v0.5.1 AgentGuard

Choose a tag to compare

View all tags
@Caua-ferraz Caua-ferraz released this 11 May 22:15
· 20 commits to master since this release
v0.5.1
9667b76

AgentGuard 0.5.1 — Release Notes

Released: 2026-05-11
Headline: Adapter hotfix + maintenance release. The Python SDK's CrewAI and LangChain adapters now subclass their frameworks' BaseTool directly (the v0.5.0 composition wrappers stopped being accepted by CrewAI 1.x + pydantic 2.12 and langgraph 1.0 + langchain_core 1.x). Python 3.9 leaves the support matrix; 3.10+ required. All binaries bumped from v0.5.0 to v0.5.1 for a unified release.

The self-hosted Apache-2.0 build remains fully featured. The hosted, multi-tenant version (AgentGuard Cloud) lives at https://agentguard.lictorate.com.

Why this release exists

CrewAI 1.x (with pydantic 2.12) and langgraph 1.0 (with langchain_core 1.x) both stopped honouring the BaseTool.register() virtual-subclass registrations that v0.5.0's composition-wrapper adapters relied on. At framework boundaries isinstance(thing, BaseTool) / isinstance(thing, Runnable) checks would now reject our wrappers, producing pydantic_core.ValidationError when passing a GuardedCrewTool to Agent(tools=[...]) or surprising the user when langgraph.prebuilt.create_react_agent(llm, tools=[GuardedTool(...)]) refused to register the tool.

v0.5.1 ships hybrid subclass+override adapters: the wrappers now subclass their framework's BaseTool directly so the isinstance checks pass natively, while every gated dispatch entry point (_run, run, invoke, ainvoke, _arun, arun, __call__, to_structured_tool …) is explicitly overridden so policy enforcement stays load-bearing. The _ALLOWED_PASSTHROUGH __getattr__ allowlist from v0.5.0 is gone — the defense moves from "no parent attributes are exposed" to "every dispatch path is on this class, not inherited", and the canary integration tests (tests/integration/test_at_real_crewai.py, tests/integration/test_at_real_langchain.py) trip when upstream adds a new dispatch path that bypasses our overrides.

ToolCall-shaped inputs ({"name", "args", "id", "type": "tool_call"}) are also unwrapped to the underlying args dict before the gate runs, so the v0.5.0 Tool.from_function(func=lambda x: gt.invoke(x)) workaround is no longer required.

Other changes

CI

  • python-test job now installs [dev,langchain,crewai,mcp]. The previous lean [dev] install caused ~50 adapter unit tests to fail at collection time with ModuleNotFoundError: No module named 'langchain_core' / 'crewai'. browser-use is intentionally excluded (Playwright + ~200 MB Chromium; covered by the dedicated integration-tests matrix).
  • Python 3.9 dropped from the CI matrix. Active matrix is 3.10 / 3.11 / 3.12.

New CLI affordances

  • Best-effort update notice on startup. The agentguard binary asynchronously queries the GitHub Releases API and prints a single stderr line if a newer published version is detected: 
    Notice: agentguard v0.5.1 is deprecated, version v0.5.2 available — https://github.com/Caua-ferraz/AgentGuard/releases/latest
    Bounded to 800 ms — past the deadline the goroutine continues silently and a late print (if any) is harmless. Disabled on dev builds (commit=dev) and via AGENTGUARD_NO_UPDATE_CHECK=1. Does not affect the request path, audit log, or any subcommand semantics.
  • make test-all / scripts/test-all.sh. Single entry point that runs Go + policy YAML + Python SDK + TypeScript SDK suites with a PASS / FAIL / SKIP summary. Missing toolchains (no python, no npm) report SKIP instead of failing, so Go-only contributors are not penalised. Does not stop on first failure — every suite runs so you see the full picture in one go.

Documentation

  • README, docs/SETUP.md, docs/QUICKSTART_LLM_PROXY.md, and the four examples/*-config.md files now state Python 3.10+ (was 3.9+).
  • docs/CONTRIBUTING.md documents make test-all and the new test-all script.

Python SDK

  • Python ≥ 3.10 required. pyproject.toml is now requires-python = ">=3.10". Users still on 3.9 should pin to v0.5.0 or upgrade their interpreter — 3.9 reached upstream end-of-life in October 2025, and the mcp PyPI extra requires >=3.10 regardless.

CLI

  • The agentguard, agentguard-mcp-gateway, and agentguard-llm-proxy binaries all report 0.5.1 from their version subcommand and --version flags.
  • New AGENTGUARD_NO_UPDATE_CHECK environment variable disables the startup update notice. Set to anything except empty/0.

No policy schema, audit-log format, or wire-protocol changes. v0.5.0 audit logs replay cleanly. v0.5.0 policies load unchanged.

Get started

# Install all three binaries at the new tag
go install github.com/Caua-ferraz/AgentGuard/cmd/agentguard@v0.5.1
go install github.com/Caua-ferraz/AgentGuard/cmd/agentguard-mcp-gateway@v0.5.1
go install github.com/Caua-ferraz/AgentGuard/cmd/agentguard-llm-proxy@v0.5.1

# Or upgrade the Python SDK only
pip install --upgrade "agentguardproxy==0.5.1"

Bug reports: GitHub Issues. Security: cauaferraz@lictorate.com (do not file public issues for vulnerabilities — see SECURITY.md).

Assets 2
Loading