v3.1.0-alpha.2

What's Changed

• Release v3.1.0-alpha.2: version bumps, CHANGELOG cut, release notes by @kpifinity in #102

Full Changelog: v3.1.0-alpha.1...v3.1.0-alpha.2

v3.1.0-alpha.1

What's Changed

• Correct tool version reporting + post-v3.0.3 doc/example hygiene by @kpifinity in #96
• Implement four L3 sovereignty conformance harnesses by @kpifinity in #97
• Phase0/credibility sweep by @kpifinity in #100

Full Changelog: v3.0.3...v3.1.0-alpha.1

v3.0.3

What's Changed

• Fix kg-extractor hang and unbreak the root pytest run by @kpifinity in #85
• Harden transcript signing key file permissions by @kpifinity in #86
• Upgrade vulnerable dependencies; drop EOL Python 3.9 by @kpifinity in #87
• Upgrade dev/CI tooling to clear pip-audit advisories by @kpifinity in #91
• Fix broken docs nav, de-drift changelog, remove cruft by @kpifinity in #93
• Release v3.0.3 by @kpifinity in #94

Full Changelog: v3.0.2...v3.0.3

v3.0.2 - Auto-apply v3 ledger migration

SKI Framework v3.0.2 — Auto-apply v3 ledger migration on startup

Released: 2026-06-02

The last patch in the v3.0.0 ledger-schema saga. v3.0.1 fixed the
schema bootstrap for fresh deployments. v3.0.2 fixes it for
existing deployments: the runtime now probes the ledger on startup
and applies the v3 migration in place if it detects v2.1 columns. No
operator intervention required — pull the new image, restart, the
schema heals itself.

The bug v3.0.1 didn't catch

PR 15 (v3.0.1) rewrote schema.sql to the v3 baseline and added the
0002_transcript_columns.sql migration as a defence-in-depth mount in
/docker-entrypoint-initdb.d/. That helped any fresh
docker compose up against an empty Postgres volume.

What it didn't help: operators upgrading on top of an existing
Postgres volume. Postgres' init scripts only run once, when the data
directory is empty. An operator who:

1. Brought up v3.0.0 (which init'd the v2.1 schema), then
2. Pulled v3.0.1 and restarted,

...still hit the same column "envelope_json" of relation "ledger_entries" does not exist error at evaluation time — because
Postgres remembers the volume as "already initialised" and skips every
init script, including the v3 baseline and the mounted migration.

What's in v3.0.2

• ski_model.ledger_migrations.ensure_v3_ledger_schema — new
  module called from server.py lifespan after the ledger client
  connects. Probes ledger_entries for the six v3 audit-trail
  columns (envelope_json, envelope_hash, transcript_json,
  transcript_signature, signing_key_id, verifier_status). If
  any are missing, applies 0002_transcript_columns in place.
  Idempotent: a no-op on a schema already at v3.
• SKI_AUTOMIGRATE environment variable (default true).
  Hardened deployments where schema changes require an explicit DBA
  gate can set SKI_AUTOMIGRATE=false. The runtime then logs the
  exact psql command and refuses to start if v3 columns are
  missing — fail-fast instead of failing at first evaluation.
• Embedded migration SQL. The migration SQL is embedded in
  ledger_migrations.py (the ski-model container doesn't ship the
  src/ledger/ files). A durability conformance test
  (test_ledger_migrations_runner.py) pins the embedded string
  against the canonical migrations/0002_transcript_columns.sql so
  the two cannot silently drift.

Upgrading

From v3.0.1 (or v3.0.0, or v0.2.x)

docker compose pull
docker compose up -d

That's it. The first startup against your existing volume will probe
the schema, apply the migration if needed, and log:

INFO  Ledger schema missing v3 columns [...] — applying 0002_transcript_columns in place.
INFO  Applied 0002_transcript_columns. Ledger schema is now at v3.

If you've already manually applied 0002_transcript_columns.sql
against your database (per the v3.0.1 upgrade procedure), the
auto-apply is a no-op:

INFO  Ledger schema is at v3; no migration required.

Opt-out for hardened deployments

If your compliance posture forbids the runtime mutating the schema:

docker compose pull
SKI_AUTOMIGRATE=false docker compose up -d

If v3 columns are missing, the server will exit at startup with a
clear error pointing at docs/MIGRATIONS.md and the exact psql
command to run. Apply the migration manually with your DBA-blessed
procedure, then restart.

What's unchanged

• v3 runtime behaviour, public API, verdict envelope shape.
• Conformance Provenance and Durability suites pass.
• Tools (kg-extractor, kg-validator, ski-model-deploy,
  audit-ledger) are version-bumped to 3.0.2 for alignment but
  carry no behavioural changes.

Credit

Same tester who caught the v3.0.0 ledger gap. They upgraded to v3.0.1
against an existing volume and reported the symptom + correct
diagnosis (Postgres initdb only runs once) within an hour. v3.0.2
exists because of clean repros like that.

Full ship log

See CHANGELOG.md for the complete
list of changes.

What's Changed

• PR 16 (v3.0.2): startup migration runner for v3 ledger by @kpifinity in #78
• Release v3.0.2 by @kpifinity in #79

Full Changelog: v3.0.1...v3.0.2

v3.0.1 - Ledger schema v3 baseline

SKI Framework v3.0.1 — Ledger schema v3 baseline (patch)

Released: 2026-06-02

A patch release that fixes a fresh-deployment ledger schema gap
discovered hours after v3.0.0 shipped. The runtime, conformance, and
public API are unchanged. Recommended upgrade for anyone who deployed
v3.0.0 with docker compose up against a clean volume.

The bug

/api/evaluate returned a 500 with:

column "envelope_json" of relation "ledger_entries" does not exist

The v3 runtime expects six audit-trail columns on ledger_entries
(envelope_json, envelope_hash, transcript_json,
transcript_signature, signing_key_id, verifier_status). The
migration that adds them (0002_transcript_columns.sql) was in the
tree but never executed on fresh deployments:
docker-compose.yml mounted only the v2.1 schema.sql into
/docker-entrypoint-initdb.d/, and Postgres' initdb sequence only
processes files mounted there at first init.

v0.2.x → v3.0 upgrades that applied the migration manually were
unaffected; only fresh docker compose up deployments against a clean
volume hit the bug.

The fix

• reference-implementation/src/ledger/schema.sql is now the
  v3 baseline. The CREATE TABLE declares the six v3 audit-trail
  columns inline, with the four-status CHECK constraint on
  verifier_status and the relaxed track CHECK. v3 indexes are
  baked in.
• reference-implementation/src/ledger/migrations/0002_transcript_columns.sql
  is now fully idempotent — the verifier-status CHECK is dropped
  before being re-added, so the migration is safe to re-run against
  a fresh v3 schema.
• reference-implementation/docker-compose.yml also mounts the
  migration as 03-transcript-columns.sql. With the v3 baseline in
  schema.sql this is a no-op on fresh installs, but it defends
  against future schema drift.
• conformance/durability/test_ledger_schema_v3_columns.py is a
  new regression test (5 assertions) that pins all of the above.
  Future PRs cannot regress past this state without the durability
  conformance run going red.

Upgrading from v3.0.0

Option A — fresh start (acceptable if you can discard the volume)

docker compose down -v
docker compose up

The clean init now runs the v3 baseline schema.sql and the
idempotent 0002 migration. No further action needed.

Option B — patch in place

If you need to preserve existing ledger rows, apply the migration by
hand against the running database:

psql "$LEDGER_DSN" \
  -f reference-implementation/src/ledger/migrations/0002_transcript_columns.sql

The migration is idempotent (every ALTER is guarded with
IF [NOT] EXISTS and the constraint adds are drop-then-add). Safe to
re-run.

Verify with audit-ledger verify afterwards — historical rows have
the new columns as NULL, which the verifier accepts.

What's unchanged

• v3 runtime behaviour, public API, verdict envelope shape.
• Spec v3.0; CC BY 4.0 specification documents.
• All conformance tests from v3.0.0 still pass and are joined by the
  new test_ledger_schema_v3_columns.py.
• Tools (kg-extractor, kg-validator, ski-model-deploy,
  audit-ledger) are version-bumped to 3.0.1 for alignment but
  carry no behavioural changes from 3.0.0.

Credit

Caught and reported by the tester running v3.0.0 end-to-end with
KG_REQUIRE_SIGNATURE=false against the unsigned demo KG. Clean repro

• correct root-cause trace + the working manual workaround in a single
  report. Thank you.

Full ship log

See CHANGELOG.md for the complete
list of changes.

What's Changed

• PR 15: ledger schema v3 baseline (fix-forward for v3.0.0) by @kpifinity in #76
• Release v3.0.1 by @kpifinity in #77

Full Changelog: v3.0.0...v3.0.1

What's Changed

• PR 15: ledger schema v3 baseline (fix-forward for v3.0.0) by @kpifinity in #76
• Release v3.0.1 by @kpifinity in #77

Full Changelog: v3.0.0...v3.0.1

v3.0.0 - Neuro-Symbolic Pivot

SKI Framework v3.0.0 — Neuro-Symbolic Pivot

Released: 2026-06-01

The first version of the SKI Framework we market. RFC 0002 (Accepted)
is implemented end-to-end. Every architectural commitment in the v2
line — strict mypy on the deterministic core, replay determinism, the
canary, the conformance suite — is rebuilt around a different shape of
defensibility: verifiable provenance of a neuro-symbolic decision
instead of bit-identical replay of a rule engine.

What's in the box

A KG-grounded sovereign LLM is the primary reasoner. On every
verdict, the local LLM (Ollama by default; V3LLMBackend protocol for
pluggability) reads the obligations applicable to the tenant's
jurisdiction and the measurement's effective date, runs structured
generation with temperature=0 and a fixed seed, and emits a verdict,
reasoning, KG citations, and a structured set of formalizable
assertions.

The Symbolic Verifier mechanically cross-checks every formalizable
assertion. For each assertion, the verifier evaluates the underlying
predicate against the same telemetry and emits AGREED,
LLM_CONTRADICTION, NEURO_SYMBOLIC_DIVERGENCE, or UNVERIFIABLE.
Five stateless predicates plus three stateful (window_count,
window_sum, window_avg) are supported.

The Risk-Tier Governor is strict. Risk tier per obligation is
declared in the KG (spec §5.4). The caller cannot self-declare a tier.
The strictest tier across the applicable obligations wins; default is
tier-2.

Signed LLM transcripts. Every evaluation produces an
LLMTranscript signed with the runtime's own ed25519 key
(auto-provisioned at $SKI_TRANSCRIPT_KEY_PATH). Auditors can
independently replay any verdict via the signature plus the ledger's
transcript_json and envelope_json columns. Backend-agnostic by
construction — no provider wire format reaches the ledger.

Jurisdiction-scoped KG snapshots. KnowledgeGraph.scope_to returns
only the obligations applicable to a tenant's jurisdiction (and
effective at the measurement's timestamp). Real-sized KGs no longer
blow the LLM context window, and the snapshot's scope block travels
in the signed transcript so an auditor can confirm what was sent.

Agreement monitor. Replaces the v2 determinism canary. A rolling
window of the last N verifier statuses; agreement_rate = AGREED / total. Pages on a sustained drop below the configured threshold
(default 0.95).

Conformance reorganised around verifiable provenance. Three levels:

• Provenance — every verdict envelope is complete, the Symbolic
  Verifier ran, citations exist, the agreement monitor is mounted, and
  the verdict taxonomy is exactly the five canonical values.
• Durability — the KG is signed; the Risk-Tier Governor is strict;
  the audit ledger is append-only at the DB layer; the hash chain
  recomputes entry hashes (not just chain linkage); replay reproduces
  historical verdicts.
• Sovereignty — operable air-gapped, tamper-evident, end-to-end
  signed. (Scaffolded; harness is the v3.1 milestone.)

Tools

kg-extractor and kg-validator ship at 3.0.0 and emit / consume
the v3 typed-graph shape directly. The extractor's
ConfidenceLevel → ExtractionQuality rename reflects that this is the
extractor's authoring-time signal, separate from the runtime's
prohibited confidence score.

Breaking changes from the v2 line

• MeasurementRecord.risk_tier is removed. The KG-side governor wins.
  v2-shape payloads parse without error (Pydantic silently drops the
  unknown field); a regression test pins the behavior.
• ski_model/canary.py and ski_model/backends.py are gone. The
  agreement monitor replaces the canary; the ski_model.v3.backends
  package replaces the v2 inference-backend abstraction.
• kg-validator no longer accepts the flat-rule-list (v2) shape. The
  CLI exposes a single validate subcommand. review,
  detect-conflicts, detect-duplicates, and HTML report are
  retired.
• confidence on extracted rules is renamed extraction_quality.
• Conformance markers level1 / level2 / level3 are renamed
  provenance / durability / sovereignty. Pytest invocations
  selecting by marker need to update.

What's NOT in v3.0.0

• Sovereignty conformance harness. The six tests are scaffolded
  with spec citations and pytest.skip(). The harness (network
  sandbox, --network=none container, destructive-DB tamper rig,
  subprocess startup, transcript inspection) is the v3.1 milestone.
• Full-fidelity LLM-emitted typed obligations. kg-extractor
  produces v3 KGs today via a deterministic wrap of its flat-rule
  output (emit_v3_kg); a follow-up will have the LLM emit the typed
  obligation directly.
• Horizontal scaling. Per-shard scaling, shard router, ledger
  partitioning, and the Kubernetes operator land in v3.2.

Migrating from v0.2.x

No schema migration is required. v0.2 ledgers upgrade in place — v3
adds nullable columns for the signed transcript, model provenance
hashes, KG citations, and verifier status; existing rows continue to
verify under audit-ledger verify.

API changes:

• Stop sending risk_tier on /api/evaluate requests (the field is
  silently dropped but logging warns once per shape).
• Switch CI invocations from pytest -m level1 to
  pytest -m provenance (and level2 → durability).
• If you call kg-validator validate programmatically, drop the
  --schema flag — v3 is the only path.
• If you build on kg_extractor.ComplianceRule, rename confidence →
  extraction_quality.

Acknowledgements

The release closes the v3 pivot proposed in
RFC 0002. Thanks to
everyone who reviewed the architectural direction during the RFC's
feedback window and to the upstream Ollama, Pydantic, and FastAPI
maintainers whose work this builds on.

Full ship log

See CHANGELOG.md for the complete
list of changes. Source-of-truth references:

• Specification: docs/specification-v3.md
• RFC: docs/RFCs/0002-v3-neuro-symbolic-pivot.md
• Conformance methodology: docs/CONFORMANCE.md

What's Changed

• [docs] MkDocs Material site, architecture diagrams, glossary, governance, threat model by @kpifinity in #48
• [chore] Code modernization: pyproject.toml, Pydantic v2, mypy strict, pre-commit by @kpifinity in #49
• [chore] Security & compliance hardening: cosign signing, SLSA L3, OSSF Scorecard, gitleaks, dependency review by @kpifinity in #50
• polish(pr4): contributor experience by @kpifinity in #51
• fix(ci): scope scorecard write permissions to the job by @kpifinity in #52
• fix(ci): pin trivy-action to v0.36.0 by commit SHA by @kpifinity in #53
• fix(lint): clean ruff and mypy on the deterministic core by @kpifinity in #54
• fix(security): restore bandit nosec annotation on dev health probe by @kpifinity in #55
• rfc(0002): SKI v3.0 — neuro-symbolic pivot (draft) by @kpifinity in #56
• fix(docs+ci): mkdocs build error on RFC 0002 + RUF100 in deployer.py by @kpifinity in #57
• docs(positioning): rewrite README, CITATION, docs/index for v3 framing by @kpifinity in #58
• spec(v3.0): draft normative specification by @kpifinity in #59
• feat(kg-validator): add v3 schema support behind --schema v3 by @kpifinity in #60
• feat(v3): add verdict envelope contract per spec v3.0 §4 by @kpifinity in #61
• feat(v3): cutover runtime to v3 architecture (PR 10b of 3) by @kpifinity in #62
• feat(v3): SymbolicVerifier + risk-tier policies (PR 10c of 3) by @kpifinity in #63
• feat(v3): conformance Level 1 for v3 envelope (PR 10d) by @kpifinity in #64
• fix(conformance): ruff format + I001 sort on level1 v3 tests by @kpifinity in #65
• feat(v3): signed LLM transcripts + audit-grade ledger (PR 11) by @kpifinity in #66
• feat(v3): Ollama-v3 backend + factory + real provenance hashes (PR 11.5) by @kpifinity in #67
• feat(v3): stateful predicates in SymbolicVerifier (PR 11.6) by @kpifinity in #68
• feat(v3): jurisdiction-scoped KG snapshots (PR 11.7) by @kpifinity in #69
• feat(v3): neuro-symbolic agreement monitor; delete v2 canary + backends (PR 12) by @kpifinity in #70
• PR 13: Risk-tier governor (strict, per-rule) by @kpifinity in #71
• PR 14: Verifiable-provenance conformance reorg by @kpifinity in #72
• PR 10e: Strip v2 paths from kg-validator and kg-extractor by @kpifinity in #73
• PR 10f: Docs sweep — mark RFC 0002 implemented, v3.0 release-ready by @kpifinity in #74
• Release v3.0.0 by @kpifinity in #75

Full Changelog: https://github.com/kpifinity/ski-framework/compare/v0.2.1...

v2.1-final

What's Changed

• [docs] MkDocs Material site, architecture diagrams, glossary, governance, threat model by @kpifinity in #48
• [chore] Code modernization: pyproject.toml, Pydantic v2, mypy strict, pre-commit by @kpifinity in #49
• [chore] Security & compliance hardening: cosign signing, SLSA L3, OSSF Scorecard, gitleaks, dependency review by @kpifinity in #50
• polish(pr4): contributor experience by @kpifinity in #51
• fix(ci): scope scorecard write permissions to the job by @kpifinity in #52
• fix(ci): pin trivy-action to v0.36.0 by commit SHA by @kpifinity in #53
• fix(lint): clean ruff and mypy on the deterministic core by @kpifinity in #54
• fix(security): restore bandit nosec annotation on dev health probe by @kpifinity in #55
• rfc(0002): SKI v3.0 — neuro-symbolic pivot (draft) by @kpifinity in #56
• fix(docs+ci): mkdocs build error on RFC 0002 + RUF100 in deployer.py by @kpifinity in #57
• docs(positioning): rewrite README, CITATION, docs/index for v3 framing by @kpifinity in #58
• spec(v3.0): draft normative specification by @kpifinity in #59
• feat(kg-validator): add v3 schema support behind --schema v3 by @kpifinity in #60
• feat(v3): add verdict envelope contract per spec v3.0 §4 by @kpifinity in #61

Full Changelog: v0.2.1...v2.1-final

v0.2.1 - Bug-fix release

Pure bug-fix release. No spec, schema, or API changes; safe to upgrade from 0.2.0 by pulling main.

Fixed

• Symbolic Evaluator package now exports Verdict (otherwise the v0.2 stateful tests failed at collection time).
• kg-validator now detects contradictory limits driven by the relation field — e.g. two rules under must_not_exceed with thresholds 100 ppm and 50 ppm are now flagged as CONTRADICTORY.

See CHANGELOG.md for full details.

What's Changed

• [fix] kg-validator: detect contradictory limits via relation field (v0.2.1) by @kpifinity in #47

Full Changelog: v0.2.0...v0.2.1

v0.2.0

What's Changed

• [feat] v0.2.0 - Stateful evaluation, NULL_STALE, and deterministic r… by @kpifinity in #46

Full Changelog: v0.1.0-alpha...v0.2.0

v0.1.0-alpha

What's Changed

• [feat] v0.1.0-alpha — align repository with SKI Framework v2.1 by @kpifinity in #1

New Contributors

• @kpifinity made their first contribution in #1

Full Changelog: https://github.com/kpifinity/ski-framework/commits/v0.1.0-alpha