v1.5.0 - SDK Packages, Media Signing & Official C2PA/CAI Integration

v1.5.0 - SDK Packages, Media Signing & Official C2PA/CAI Integration

This release introduces official SDK packages for Python and TypeScript, C2PA-compliant media signing, and official C2PA/CAI branding as Vouch Protocol prepares for contribution to the LF AI & Data Foundation.

🆕 New Packages

Package	Registry	Version	Description
vouch-bridge	PyPI	1.1.0	Local signing daemon with media signing
vouch-sdk	PyPI	1.0.0	Python SDK (VouchClient, AsyncVouchClient)
@vouch-protocol/sdk	npm	1.0.0	TypeScript SDK for browser & Node.js

✨ Features

Media Signing (vouch-bridge v1.1.0)

• New POST /sign-media endpoint with multipart file upload
• C2PA manifest embedding for images, video, audio, and PDF
• MediaConsentUI for rich media previews before signing
• Dependencies: python-multipart>=0.0.6, c2pa-python>=0.5.0

Python SDK (vouch-sdk v1.0.0)

from vouch_sdk import VouchClient

with VouchClient() as client:
    client.connect()
    signature = client.sign("Hello, World!")

TypeScript SDK (@vouch-protocol/sdk v1.0.0)

import { VouchClient } from '@vouch-protocol/sdk';

const client = new VouchClient();
await client.connect();
const signature = await client.sign({ message: 'Hello, World!' });

Audio Module Enhancements

• VouchCovenant for executable usage policies
• AudioSealWatermarker (Meta's neural watermarking)
• SpreadSpectrumWatermarker (Vouch Sonic steganography)
• AudioVerifier for C2PA + watermark detection

CLI Agent Management

• vouch agent create <name> - Create delegated identity
• vouch agent list/show/revoke/export
• vouch sign --agent <name> --covenant <policy>

📱 Mobile Architecture

New Vouch Verifier mobile app specification:

• Vouch Sonic Engine: Rust core with FFT/watermark detection
• Identity Vault: Secure Enclave (iOS) / Keystore (Android)
• Remote Bridge: QR pairing + WebSocket + Biometric signing
• React Native + Expo + UniFFI architecture

📜 Prior Art Disclosures

6 new defensive publications:

• PAD-009: Localhost Identity Bridge
• PAD-010: Semantic Consent Signing
• PAD-011: Hierarchical Discovery Protocol
• PAD-012: Vouch Covenant (Executable Usage Policies)
• PAD-013: Vouch AirGap (Psychoacoustic Identity Verification)
• PAD-014: Vouch Sonic (Robust Audio Provenance)

🏛️ Governance & Licensing

• License unified to Apache 2.0 (removed AGPL for enterprise adoption)
• Added MAINTAINERS.md and RELEASES.md
• Created LF AI & Data Foundation proposal (docs/lfai-proposal.adoc)
• Official C2PA Contributor and CAI Member logos integrated

🌐 Infrastructure

• Monorepo restructuring with packages/ directory
• vch.sh shortlink domain migration
• GitHub Actions for multi-browser extension builds (Chrome, Edge, Safari)
• New professional website with official branding

🐛 Bug Fixes

• Fixed broken import: SignedAudioFrame → SignedAudioResult
• Fixed all 12 examples with correct API usage
• Chrome extension v1.0.5: DNS fixes, duplicate declaration fix, display name in signatures

📦 Installation

# Python SDK
pip install vouch-sdk

# TypeScript SDK
npm install @vouch-protocol/sdk

# Bridge (for local signing)
pip install vouch-bridge

---

Full Changelog: v1.4.0...v1.5.0