Skip to content

v0.5.0

Latest
Latest

Choose a tag to compare

View all tags
@tronmongoose tronmongoose released this 10 May 19:49
· 9 commits to main since this release
v0.5.0
a6d4420

What's new in 0.5.0

Five generic patterns extracted from bjornswarm (Carryall's customer-zero deployment) and shipped upstream as deployment-agnostic primitives. The boundary held throughout: mechanism ports up, policy stays down — Carryall ships the framework, deployments supply rules, paths, identities, and rule contents.

Highlights

  • skill_loaderSKILL.md tools: allowlist. Pydantic-validated frontmatter parser with fail-closed semantics. No wildcards, no prefix matching, missing or empty list denies everything. New SkillManifest type and enforce_tool_access() helper. (docs/skill_authoring.md)

  • harness_audit — config-surface scanner. HarnessAuditor walks a config root, runs registered Rules, emits Findings to JSONL. Two universal built-ins: no-dangerous-mode-skip (critical), skills-declare-tools (medium). Rule exceptions are isolated — a rule that raises becomes a severity=high finding rather than crashing the scan. (docs/harness_audit.md)

  • rule_packs — numbered hard-rule enforcement. RulePack.load(yaml) loads deployment rules; @enforces(pack, point) decorator wraps pipeline entry points; RuleViolation carries rule_id / rule_number / description / enforcement_point so violations trace back to a deployment's canonical rule list. Predicate convention aligned with authority_runtime.constraints (return None to pass, a string to fail). (docs/rules.md)

  • router — sensitivity-aware tiered routing primitive. Router(classifier, registry, logger) composes a SensitivityClassifier (ABC) with a ModelRegistry and a pluggable UsageLogger. force_tier= overrides classification with forced=True audit trail. ModelRegistry.assert_origins_allowed(set) raises at boot if any tier's origin falls outside policy. Privacy posture: JsonlUsageLogger writes only query_len, never the body. (docs/router.md)

  • load_soul() / SkillSoul — opt-in SOUL.md sibling parser. SKILL.md is the operational contract; SOUL.md is voice, posture, refusals. load_skill() auto-attaches a sibling SOUL.md if present (load_soul=False to skip). The convention is under evaluation in bjornswarm (eval sl-qvby, window closes 2026-06-02) — Carryall ships the parser so deployments running the eval don't fork bespoke tooling, but the convention itself is documented as descriptive, not prescriptive. (docs/soul.md)

Also in this release

  • OllamaCompiler — local Ollama-backed policy compiler. Same Pydantic-validated scope/context narrowing as OpenAICompiler / AnthropicCompiler; gemma4:26b default; /api/chat with format: json and num_predict=2000 for Gemma's internal CoT.
  • mcp_server now defaults compile_policy to ollama, and any available_scopes containing "finance" is force-routed to ollama regardless of caller-supplied provider — sensitive data must stay local. Missing API keys for frontier providers raise PermissionDenied (was ValueError) so failures are fail-closed at the auth layer.

Compatibility

Fully backward compatible. The five port packages are additive; existing imports keep working. OllamaCompiler is exposed alongside FakeCompiler / OpenAICompiler / AnthropicCompiler from authority_runtime.

Tests

490 passing (478 → 490 across the five ports).

See CHANGELOG.md for the full per-port detail.

Assets 2
Loading