PolicyEngine.classify_action_tier()now accepts an optionalcan_auto_approvekeyword argument. When provided, skips the internal sync_can_auto_approve()check. This allows async callers (likeProposalRouter) to pass the result ofcan_auto_approve_with_tree()so condition trees are evaluated during routing.ProposalRouter.route()now callscan_auto_approve_with_tree()beforeclassify_action_tier(), making condition trees onAutoApproveConditions.condition_treeeffective end-to-end through the routing path. Previously, condition trees were only accessible via directcan_auto_approve_with_tree()calls.
- Steering action tier — new
ActionTier.STEERclassification that returns corrective guidance instead of blocking or requiring approval:SteeringContextDTO withguidance,suggested_actions,max_retries, andmetadatafieldsSteeringActionHandlerpolymorphic handler builds context from policy's auto_approve/unrestricted alternativesRoutingDecision.steeringfield populated automatically byProposalRouterfor steered proposalsSteeringRequiredErrorraised byMcpGatewaywith fullSteeringContextfor MCP tool callsMcpEventName.TOOL_CALL_STEEREDevent for audit trailActionTiers.steerlist inPolicySnapshotfor configuring which actions get steered
- Pluggable evaluator framework — new
evaluators/subpackage for extensible policy evaluation:Evaluatorprotocol withname,config_schema, and asyncevaluate()methodEvaluatorResultDTO (allow,reason,metadata)EvaluatorRegistrywith manual registration and automatic entry-point discovery (agent_control_plane.evaluatorsgroup)- Built-in
RegexEvaluator(pattern matching on proposal fields with deny/allow-on-match modes) - Built-in
ListEvaluator(allowlist/blocklist evaluation with blocklist priority)
- Composite condition trees — recursive boolean condition trees for policy rule composition:
- Leaf conditions:
RiskLevelCondition,WeightCondition,ScoreCondition,ActionCondition,AssetCondition,EvaluatorCondition - Composite conditions:
AndCondition,OrCondition,NotConditionwith short-circuit evaluation ConditionNodediscriminated union type with max depth 6 enforcementConditionEvaluatorengine for evaluating condition trees against proposalsAutoApproveConditions.condition_treeoptional field for tree-based auto-approve rulesPolicyEngine.can_auto_approve_with_tree()async method for condition-tree evaluation
- Leaf conditions:
- Cancel-on-deny parallel evaluation — concurrent evaluator execution with early cancellation:
ParallelPolicyEvaluatorwith configurablemax_concurrentsemaphore (default 3)ParallelEvaluationResultwithoverall_allow, per-evaluatorresults,cancelled_count, andelapsed_ms- Fail-closed semantics: evaluator exceptions treated as deny, remaining tasks cancelled on first deny
- New test suites:
tests/test_steering.py,tests/test_evaluator_plugins.py,tests/test_condition_trees.py,tests/test_parallel_evaluator.py
The four features compose into the existing proposal lifecycle as optional steps:
1. PolicyEngine.classify() — existing (now supports STEER tier)
2. ConditionEvaluator.evaluate() — NEW (optional tree-based auto-approve)
3. ProposalRouter.route() — existing (now populates SteeringContext)
4. ParallelPolicyEvaluator.evaluate_all — NEW (optional concurrent evaluators)
5. ApprovalGate / BudgetTracker — existing
6. Execution — existing
7. EventStore.append() — existing
Inspired by patterns from agentcontrol/agent-control.
AsyncResilientControlPlane(async_resilient.py): async mirror ofResilientControlPlane, wrappingAsyncControlPlaneFacadewith the sameResilienceMode/OperationCategorysemantics. Covers all async facade methods includingactivate_session,pause_session,resume_session,acquire_cycle,release_cycle,recover_stuck_sessions, andcheck_stuck_cycles.ControlPlaneSetup.build_async(): async builder variant that returnsAsyncResilientControlPlane. Table creation is handled automatically by the async facade on first use.- New test suite:
tests/test_async_resilient.py
ResilientControlPlane(resilient.py): wrapper aroundControlPlaneFacadewith built-in fail-open/fail-closed error handling. Three resilience modes:FAIL_OPEN— all operations return safe defaults on errorFAIL_CLOSED— all operations raise on errorMIXED(default) — state-bearing operations fail-closed, telemetry/query/budget-checks fail-open- Per-category overrides via
category_overridesparameter
ControlPlaneSetup(setup.py): one-stop configuration builder that replaces multi-step bootstrap ceremony. Handles alias profile registration, action name registration, event mapper configuration, table creation, and resilient facade wrapping in a single.build()call- New enums:
ResilienceMode(fail_open/fail_closed/mixed),OperationCategory(state_bearing/telemetry/query/budget) - Onboarding tiers:
__init__.pyexports annotated with tier comments (start here → core facades → composable engines) - ADR-0009: documents the wrapper facade anti-pattern observed in two independent consumers, and why
ResilientControlPlaneandControlPlaneSetupbelong in the library - New test suites:
tests/test_resilient.py(18 tests),tests/test_setup.py(15 tests) - New example:
examples/resilient_facade_demo.py
Replaces ~200–400 lines of wrapper code in each consumer with ~10 lines:
cp = ControlPlaneSetup(
database_url="sqlite:///./cp.db",
event_map={"job_started": EventKind.CYCLE_STARTED},
action_names=["place_order", "cancel_order"],
resilience_mode=ResilienceMode.MIXED,
).build()
# cp is a ResilientControlPlane — no try/except needed- Token governance engines for identity-scoped, time-windowed token budget enforcement and model access policy:
TokenBudgetTrackerengine (engine/token_budget_tracker.py): async engine that enforces per-identity (user/org/team) token and cost budgets across daily, weekly, and monthly windows. Checks budget limits, records usage with automatic window computation, and emitsTOKEN_USAGE_RECORDEDevents.ModelGovernorengine (engine/model_governor.py): sync engine for model tier classification (STANDARD,PREMIUM,RESTRICTED) and access policy enforcement. Supports tier-based restrictions per action tier and per-user identity overrides.
- New DTOs (
types/token_governance.py):IdentityContext— user/org/team identity for token attributionTokenUsage— per-interaction token counts and costTokenBudgetConfig— budget limits per identity and time periodTokenBudgetState— current accumulated usage against a budgetTokenBudgetCheckResult/ModelAccessResult— governance check resultsTokenUsageSummary— aggregated usage for reportingModelGovernancePolicy— model tier assignments and access rules
- New enums:
BudgetPeriod(daily/weekly/monthly/unlimited),ModelTier(standard/premium/restricted) - New
EventKindmembers:TOKEN_BUDGET_EXHAUSTED,MODEL_ACCESS_DENIED,TOKEN_USAGE_RECORDED - New ID types:
UserId,OrgId,TeamId,ModelIdNewType aliases - Storage protocols:
TokenBudgetRepository/AsyncTokenBudgetRepositoryprotocol pair for token budget persistence - Model mixins:
TokenBudgetConfigMixin,TokenUsageLedgerMixin,TokenBudgetStateMixinfor host-app ORM composition - Reference models:
TokenBudgetConfigRow,TokenUsageLedgerRow,TokenBudgetStateRowregistered inregister_models() - MCP gateway fields: optional
model_idand identity fields onToolCallContext, token tracking fields onToolCallResult(backwards-compatible) - Test infrastructure:
InMemoryTokenBudgetRepositoryfake for testing - New test suites:
tests/test_model_governor.py(15 tests),tests/test_token_budget_tracker.py(19 tests)
The new engines are optional composable steps in the proposal lifecycle, not wired into ProposalRouter internals — matching the SessionRiskAccumulator pattern:
1. PolicyEngine.classify() — existing
2. ModelGovernor.check_access() — NEW (sync, before route)
3. ProposalRouter.route() — existing
4. ApprovalGate — existing
5. TokenBudgetTracker.check_budget() — NEW (async, before execution)
6. BudgetTracker — existing (session-level)
7. Execution — existing
8. TokenBudgetTracker.record_usage() — NEW (after execution)
9. EventStore.append() — existing
SessionRiskAccumulatorengine (engine/session_risk_accumulator.py): watches action chains across a session and escalates risk when accumulated score thresholds or named action-sequence patterns are detected.- Score-based escalation: LOW=1.0, MEDIUM=3.0, HIGH=5.0 per action; configurable thresholds for MEDIUM (default 5.0) and HIGH (default 10.0) escalation.
- Pattern-based escalation: contiguous sliding-window matching of ordered action sequences (e.g.
read_crm → query_database → send_email= data-exfiltration chain). - Slots between
classify_risk_level()andclassify_action_tier()as an optional host-app step; not wired intoProposalRouterorSyncControlPlane. - Emits
SESSION_RISK_ESCALATEDtelemetry event (non-state-bearing) when escalation occurs and anEventStoreis configured.
RiskPattern/SessionRiskState/SessionRiskEscalationDTOs (types/risk.py): typed contracts for pattern definitions, per-session accumulation state, and escalation results.EventKind.SESSION_RISK_ESCALATEDadded to theEventKindenum for structured telemetry.- New example:
examples/session_risk_accumulator_demo.py— demonstrates score accumulation, pattern detection, session isolation, and event emission.
- Published release for guarded release-tag workflow and tag/version parity checks.
- Package version metadata now matches release tag (
0.9.4) for package managers and runtime version checks. - Added a guarded local release-tag workflow (
make release-tag VERSION=x.y.z) to enforce tag/version parity and prevent future metadata drift.
- Package version metadata now matches release tag (
0.9.2) for package managers and runtime version checks (importlib.metadata,agent_control_plane.__version__,agent_control_plane.get_version()).
- Added root package version helpers (
__version__,get_version()) and documented naming conventions. - Superseded by
v0.9.2for package metadata correctness (v0.9.1tag still reported version0.9.0).
- Removed
*DTOsuffixes from public type names inagent_control_plane.typesand facade signatures. - Public model exports were renamed to
*Rowto avoid collisions with suffix-free domain type names:ActionProposalRowApprovalTicketRowPolicySnapshotRow
- Query and scorecard types were renamed to suffix-free forms (for example:
Page,SessionHealth,StateChangePage,ControlPlaneScorecard).
- New first-class proposal creation APIs:
ControlPlaneFacade.create_proposal(proposal, command_id=...)AsyncControlPlaneFacade.create_proposal(proposal, command_id=...)
- Proposal repository protocol/storage support for
create_proposal(...)in sync and async SQLAlchemy backends. - New deterministic helper for proposal command IDs:
proposal_command_id(session_id, resource_id, resource_type, decision, ...)
- Experimental capability contracts in
agent_control_plane.experimental.capabilities:CapabilityProvider,CapabilitySet,CapabilityDescriptorControlPlaneCapability,StaticCapabilityProvider, mapping helpers
- Builder composition helpers now accept optional
capability_providerand exposeget_capabilities()on service bundles. - New compatibility reference:
docs/compatibility.md. - Package version helpers at root export surface:
__version__get_version()
- Documentation now includes an explicit dev/prod DB guide (SQLite vs Postgres), reliability checklist, and expanded operations runbook for deployment and incident response.
- Architecture/README now describe capability detection as a composition-time extension point (informational only, non-authoritative for governance enforcement).
- Naming docs now standardize role-based conventions (domain/contract types,
*Rowpersistence classes, noDTOsuffixes). - ADR guidance is now documented in
docs/adr/README.mdfor decision context and change rationale. - Release notes for behavior/public-contract changes should include relevant ADR links.
- Deterministic benchmark primitives for agentic experimentation:
BenchmarkScenarioSpec,BenchmarkRunSpec,BenchmarkRunResultDTO,FitnessWeightsrun_benchmark(...),run_batch(...),hash_config(...),WeightedFitnessEvaluator
- Pluggable policy interfaces for evaluator and guardrail decisions:
EvaluatorPolicy,GuardrailPolicyThresholdEvaluatorPolicy,PassThroughGuardrailPolicy
- Telemetry export helpers for events and scorecards:
export_event(...),export_scorecard(...)TracerLike,MeterLikeprotocol contracts
- Richer operational scorecards (sync + async) including:
- guardrail allow counts and policy-code histograms
- evaluation block-reason histograms
- budget denied/exhausted counters
- approval and checkpoint->rollback latency percentiles
- average cost per successful action and handoff acceptance rate
- Public exports now include benchmark DTOs/utilities, policy interfaces, and telemetry helpers.
- New agentic-governance DTOs and exports:
- checkpoints/rollback (
SessionCheckpointDTO,RollbackResultDTO) - goal/planning (
GoalDTO,PlanDTO,PlanStepDTO,PlanProgressDTO) - evaluation/guardrails (
EvaluationResultDTO,GuardrailDecisionDTO) - handoff/scorecard (
HandoffResultDTO,ControlPlaneScorecardDTO)
- checkpoints/rollback (
- New enums for agentic workflows:
GoalStatus,PlanStepStatus,EvaluationDecision,GuardrailPhase
- New sync/async facade primitives:
create_checkpoint,list_checkpoints,rollback_to_checkpointcreate_goal,create_plan,start_plan_step,complete_plan_step,get_plan_progressrecord_evaluation,apply_guardrail,request_handoff,get_operational_scorecard
- New tests validating core agentic primitive flows:
tests/test_agentic_primitives.py
- Companion gateway runnable entrypoint at
examples/companion_gateway/main.py. - Companion gateway auth policy hooks:
DenyAllAuthPolicy(default)AllowAllAuthPolicyBearerTokenAuthPolicy
- Contract tests now validate OpenAPI request bodies and common error responses (
404,409,422).
- Companion gateway now returns standardized error envelopes (
ErrorResponse) for HTTP and validation errors. - OpenAPI contract now declares
401and422responses for gateway endpoints.
- Package version metadata now matches the latest release tag (
0.5.3) for package managers andimportlib.metadata.
ControlPlaneFacadenow supports sync approval write operations:create_ticketapprove_ticketdeny_ticket
- README now includes a canonical state-feed projection consumer loop using
get_state_change_feed(...). - Sync facade tests now cover:
- approval write flow behavior and command-id idempotency
- end-to-end state-feed projection convergence against canonical reads
- alias helper usage in a boundary payload workflow
- Added canonical HTTP API contract at
docs/openapi/control-plane-v1.ymlfor companion gateway services and dashboards. - Added companion gateway starter at
examples/companion_gatewaywith:- REST endpoints mapped to facade/query operations
- minimal embedded dashboard endpoint (
/dashboard)
- Added OpenAPI contract response tests for the companion gateway against
docs/openapi/control-plane-v1.yml.
- README now points to the OpenAPI contract and clarifies the companion-service pattern for API/UI deployment.
- CI now validates OpenAPI specs via
make openapi-check.
- Public alias utility helpers in
agent_control_plane.types:apply_inbound_aliases(data, profile)apply_outbound_aliases(data, profile)
- Package root exports now include alias utility helpers for non-DTO mapping workflows.
RiskLimits.validate_extension()now fails fast when no extension schema is registered, matchingextension_as()semantics.
- Resolved mypy failures in alias key normalization and profiled dump typing.
- Resolved MCP gateway action typing mismatch for
ActionValuevs enum.valueaccess.
- New query/feed types in
agent_control_plane.types.query:PageDTOStateChangeDTOStateChangePageDTOSessionHealthDTOCommandResultDTO
- New control-plane command ledger model:
CommandLedgerMixinCommandLedgerreference model (command_ledgertable)
- New storage protocol surfaces:
- Proposal reads:
get_proposal,list_proposals - Ticket reads:
get_ticket(sync),list_tickets - Event feed reads:
list_state_bearing_events - Command idempotency repository:
get_command,record_command
- Proposal reads:
- New SQLAlchemy repository implementations:
AsyncSqlAlchemyCommandRepoSyncSqlAlchemyCommandRepo
- New facade read APIs (async and sync):
get_proposal,list_proposalsget_ticket,list_ticketsget_state_change_feedget_health_snapshot
- Async command-id idempotency support for key mutations:
open_sessioncreate_ticketapprove_ticketdeny_ticket
AsyncSqlAlchemyUnitOfWorkandSyncSqlAlchemyUnitOfWorknow exposecommand_repo.- Public exports updated in package root,
storage,models, andtypesmodules for new query/feed/idempotency symbols. - Async facade test suite expanded to cover:
- proposal/ticket read APIs
- state-change feed behavior
- health snapshot
- command-id idempotency on repeated calls
- Added
AsyncControlPlaneFacade.get_ticket(ticket_id)to fetch a single approval ticket by ID regardless of status. - Added async approval repository
get_ticket(ticket_id)support in protocols and SQLAlchemy async storage. - Added async facade tests covering:
- existing ticket lookup by ID
- missing ticket lookup returning
None - lookups across
PENDING,APPROVED,DENIED, andEXPIREDstatuses
- Expanded
AsyncControlPlaneFacadeoperations so async hosts can avoid direct repository/UoW usage for common flows:- Session lifecycle:
list_sessions,activate_session,pause_session,resume_session,set_active_cycle - Concurrency helpers:
acquire_cycle,release_cycle - Approvals:
create_ticket,approve_ticket,deny_ticket,get_pending_tickets,expire_timed_out_tickets - Policy creation:
create_policy - Recovery helpers:
recover_stuck_sessions,check_stuck_cycles
- Session lifecycle:
- Typed ID aliases in
agent_control_plane.types.ids:AgentIdResourceIdIdempotencyKey
- Key public/storage signatures now accept typed ID aliases for stronger compile-time contracts.
- MCP and engine call sites were updated to convert boundary strings into typed ID aliases.
KillSwitchnow returns typedKillSwitchResultobjects (replacing untyped dictionaries).KillResultDTO.session_idis nowUUID | Noneinstead of string.RequestFrame.actionnow uses typedActionNamevalues with fail-closed parsing.SessionState.abort_reasonnow usesAbortReason | None.asset_scopein session/policy DTOs now usesAssetScope | None.
- New enum:
AssetScope. - New typed DTO:
KillSwitchResult.
ControlPlaneFacade.close_session()now defaults tofinal_event_kind=Noneto avoid accidental double-emits.ControlPlaneFacade.emit(...)now accepts the same attribution/state-bearing options as low-level sync emit paths.EventFramenow includesstate_bearing.- SQLAlchemy async/sync event repositories now persist and hydrate
state_bearingas a first-class field.
AsyncControlPlaneFacadefor async-native integration paths.ScopedModelRegistryandregistry_scope(...)for instance-scoped registry isolation.- Facade constructor injection for engine/session factory/UoW factory/registry in sync and async entrypoints.
- Lightweight builders:
build_session_event_budget(...)build_kill_switch_stack(...)
- New security and operations documentation:
docs/security_model.mddocs/operations_runbook.mddocs/integration_identity.md
- README positioning now explicitly differentiates embedded/self-hosted usage from hosted control-plane platforms.
- README now includes an identity/zero-trust integration section and links to operator/security docs.
- Architecture docs now include:
- embedded deployment posture
- identity boundary guidance
- control objectives
- explicit non-goals
SessionLifecycleResultDTO for sync lifecycle operations.SyncControlPlane.complete_session()andSyncControlPlane.abort_session()now returnSessionLifecycleResult.ControlPlaneFacade.close_session()andControlPlaneFacade.abort_session()now returnSessionLifecycleResult.
emit_app_event(...)andControlPlaneFacade.emit_app(...)now accept optional overrides for:state_bearingagent_idcorrelation_ididempotency_key
- README now highlights importing
UnknownAppEventPolicyfromagent_control_plane.types.
- New embedded MCP gateway module:
agent_control_plane.mcp. McpGatewayfor governed MCP tool-call execution.- Typed MCP gateway interfaces:
ToolCallContextToolCallResultToolExecutorToolPolicyMapMcpGatewayConfigMcpEventMapper
- Typed MCP event enum:
McpEventName. - Typed MCP governance errors:
McpGovernanceErrorPolicyDeniedErrorApprovalRequiredErrorBudgetDeniedErrorKillSwitchActiveErrorToolExecutionError
- MCP gateway example:
examples/mcp_tool_gateway.py. - MCP gateway tests:
tests/test_mcp_gateway.py.
SyncControlPlanenow exposes:session_scope()for extension flows that need a raw session context.get_session(session_id)for typed session-state reads.
ControlPlaneFacadenow exposesget_session(session_id).- README expanded with MCP tool-call gateway integration guidance.
- Comparable RiskLevel: Refactored
RiskLevelto be a comparable enum with numeric ranking. This enables safer, more readable threshold checks (e.g.,risk_level <= max_risk_tier). - Simplified Policy Engine: Removed fragile list-index based risk comparisons in favor of direct enum comparison operators.
- New unit tests for risk level comparison logic in
tests/test_enums.py.
- First-class sync event APIs on
SyncControlPlane:emit_event(...)replay_events(...)emit_app_event(...)
- Typed app-event mapping surface:
AppEventMapperprotocolDictEventMapperregistry mapperMappedEventDTOUnknownAppEventErrorUnknownAppEventPolicy
- New
ControlPlaneFacadehigh-level sync API for host application integration. - New tests for sync event APIs, mapper behavior, and facade lifecycle flow.
- Sync APIs now support direct app-event-to-control-event mapping without thread-loop adapters.
- Public API exports updated for sync facade and app-event mapping primitives.
- README sync integration docs expanded with event/facade guidance.
- New finite-domain enums for stronger API typing:
RoutingResolutionStepAssetMatchAgentScope
KillResultDTOfor typed sync kill-switch responses.
- Router decisions now use typed
RoutingResolutionStepinstead of raw string step names. - Asset classifier contract now returns
AssetMatchinstead of string values. - Event paths now use typed
EventKindthrough:EventStore- storage protocols
- async/sync SQLAlchemy repositories
EventFrame
- Session/proposal repository interfaces now use enum types for status/mode fields:
SessionStatusfor session filteringProposalStatusfor proposal status updatesExecutionModein session creation paths (SessionManager,SyncControlPlane)
- Sync API
kill()/kill_all()now returnKillResultDTO(typed scope and counters).
- Removed remaining string comparisons in examples and policy/router tests where enum comparisons are now authoritative.
- Agent Registry: Central engine for managing registered agent identities, versions, and tags.
- Capability Governance: Formalized agent capabilities (e.g., "I can isolate pods") mapped to allowed actions.
- Governed Delegation: New
DelegationGuardfor secure task hand-off between agents with full audit trail. - Polymorphic Routing: Refactored
PolicyEngineto useActionPolicyHandlerpattern for cleaner, extensible routing logic. - Audit Viewer: New
examples/audit_viewer.pyutility for replaying and formatting session event timelines. - Identity-Validated Routing:
ProposalRouternow optionally validates that proposing agents are registered and authorized for specific actions. - Advanced Stress-Test Examples:
examples/zombie_agent.py: Validates crash recovery.examples/ghosted_agent.py: Validates timeout escalation.examples/panic_agent.py: Validates global kill switch behavior.examples/compliance_agent.py: Validates regex-based asset scoping.examples/rate_limited_agent.py: Validates concurrency and budget limits.examples/multi_agent_delegation.py: Validates identity-linked delegation flows.
- Enum Migration: Comprehensive refactor to use typed enums (
ActionName,RiskLevel,EventKind,ExecutionMode) across all engines, DTOs, and repositories. - Improved Type Safety: Resolved all
mypystrict type-checking issues across the entiresrc/directory. - Kill Switch Metadata:
KillSwitchnow returnsKillSwitchScopeenum values in metadata dictionaries for better consistency. - Timeout Refactor:
TimeoutEscalationlogic consolidated intoApprovalGate.expire_timed_out_tickets().
- SQL Timeout Reliability: Replaced Python-side UTC comparisons with SQL
func.now()for robust multi-timezone ticket expiration. - Crash Recovery Constructor: Added missing
event_repoargument toCrashRecoveryinitialization. - Session Policy Consistency: Fixed
SessionManager.create_policy()to returnUUIDdirectly, resolving SQLAlchemy persistence crashes. - Policy Prioritization: Improved
PolicyEngineto correctly prioritize explicitalways_approve/auto_approvelists over generic risk levels. - Case-Insensitivity: Policy list matching is now case-insensitive for better usability.
- Initial public release of a production-oriented agent governance control plane.
- Core engines:
PolicyEngineProposalRouterApprovalGateBudgetTrackerConcurrencyGuardKillSwitchSessionManagerEventStore
- Recovery handlers:
CrashRecoveryTimeoutEscalation
- Repository-driven storage architecture:
SessionRepository,EventRepository,ApprovalRepository,ProposalRepositoryAsyncUnitOfWork,SyncUnitOfWork
- SQLAlchemy backends:
AsyncSqlAlchemyUnitOfWork+ async reposSyncSqlAlchemyUnitOfWork+ sync repos
- First-class sync API:
SyncControlPlane
- Model and typing surface:
- Reference ORM exports in
agent_control_plane.models - Typed DTOs/enums for proposals, sessions, approvals, policies, and frames
ModelRegistry+ SQLAlchemy mixins for host model composition
- Reference ORM exports in
- Examples:
examples/quickstart.pyexamples/quickstart_sync.pyexamples/security_agent.py
SessionManager.create_policy()returns aUUID.PolicyEngine.classify_action_tier()respects explicitalways_approveandauto_approvelists.- Policy/action flow now uses typed enums (
ActionName) internally with exact matching. - Unknown actions are fail-closed (
ActionName.UNKNOWN) and classified as blocked. - Public package exports include storage protocols/backends, reference models, and sync API.
- Documentation updated to reflect async/sync UnitOfWork integration patterns.
- SQLite JSON serialization behavior in quickstart policy persistence (
model_dump(mode="json")). - Approval scope persistence consistency (
scope_resource_idssupport in model mixins). - Event buffering preserves routing metadata (
routing_decision,routing_reason). - Event sequence allocation error reporting improved for missing counters.
- Crash recovery exception handling narrowed to expected runtime/value failures.
- Removed
examples/sync_adapter.pythread-loop bridge from the release surface.