Skip to content

v2.9.0 — Thread Safety, Strict-Mode Safety, ARC-Kit, GovernanceStream

Latest
Latest

Choose a tag to compare

View all tags
@dislovelhl dislovelhl released this 23 Apr 08:16
· 196 commits to main since this release
v2.9.0
a3e1a5d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[2.9.0] - 2026-04-22

Added

  • ARC-Kit bridge (acgs_lite.arckit): parse architecture diagrams, generate and export constitution bundles, emit CLI commands, and map to compliance frameworks — full pipeline from project structure to governed rules.
  • Governance memory (constitution.governance_memory): unified retrieval layer over rules and precedents; MCP validate_action tool now returns matched rules and precedents in the response.
  • Policy linter (constitution.policy_linter): static quality analysis of YAML constitution files with structured findings and a CI-friendly exit code.
  • GovernanceStream, PolicyStorage, and DI-scoped service interfaces for framework integration (AFFiNE-style architecture patterns).
  • Batch audit writes: AuditLog.record_atomic_many() writes multiple entries atomically to durable backends, reducing round-trips for bulk governance events.
  • 21 previously internal governance symbols exported from the public API.

Upgrading from 2.8.1

No API changes. All existing code runs without modification. Two behavior changes worth noting:

  • audit_metadata is now written on non-strict fast paths — callers that pass audit_metadata to validate() in non-strict mode previously had the metadata silently discarded on the Rust fast path. It is now written. If you rely on the fast-path throughput benefit, remove audit_metadata from non-strict calls or accept the ~10% throughput reduction.
  • check_checkpoint() is now serialized — concurrent calls to the same TrajectoryMonitor instance are now queued. If you have highly concurrent checkpoint calls per monitor, benchmark the new behavior under load.

GovernanceEngine, AuditLog, and all stable-tier components are unaffected. See the Component Stability table in the README for the stability tier of each subsystem.

Changed

  • PyPI development-status classifier changed from 5 - Production/Stable to 4 - Beta. This reflects the new subsystems added in 2.9.0 (ARC-Kit, GovernanceStream, lifecycle API, MCP server) which are still stabilizing. Core rule validation, constitution loading, MACI enforcement, and audit logging remain Stable — see the Component Stability table in README. Package description also rewritten for accuracy.
  • README: added "Safety Defaults" section and "Component Stability" table.
  • Rust fast path enabled for strict=False validation mode (+374% allow-ops throughput).

Fixed

  • Telegram webhook (integrations.telegram_webhook): handler changed from async def to def so FastAPI runs it in a thread pool and the event loop is not blocked by the synchronous validate() call.
  • MCP server strict-mode safety (integrations.mcp_server): engine.strict is now restored inside a try/finally block at all three call sites so an exception during validate() cannot leave strict mode permanently disabled.

PyPI: pip install acgs-lite==2.9.0 (publishing in progress)

Assets 4
Loading