v0.4.1

Stable 0.4.1. Promotes 0.4.1rc2, with the cloud-to-OSS audit-chain known issue resolved.

Added

• Post-quantum / hybrid signing (FIPS 204 ML-DSA-65 + Ed25519, optional [pqc] extra). Cryptosuites mldsa65-jcs-2026 and hybrid-ed25519-mldsa65-jcs-2026; the default Ed25519 path is unchanged.

Security

• Credential verification key-binding: keys are decoded from the trust anchor (issuer.id for credentials, the server DID for presentations), closing an issuer key-substitution masquerade.
• Fail-closed REST API auth when ATTESTIX_API_KEY is unset.
• Dependency CVE floors (cryptography>=46.0.7, PyJWT[crypto]>=2.12.0).

Fixed

• Cloud-to-OSS audit-chain re-verification: the importer now preserves each row's chain tenant and persists the audit chain under it, decoupled from the storage tenant, so bundles minted under a workspace UUID import and re-verify cleanly.
• Bundle import reads the cloud vc_jsonld credential key.

585 passing tests (494 functional + 91 conformance). pip install attestix

v0.4.1rc2 - post-quantum signing

Pre-release. Adds post-quantum / hybrid (ML-DSA + Ed25519) signing via the optional [pqc] extra, on top of the 0.4.1rc1 security hardening. pip install --pre attestix. Classical path unchanged; stable 0.4.0 unaffected.

v0.4.1rc1 — security pre-release

Pre-release (use pip install --pre attestix). pip install attestix still resolves 0.4.0 stable.

Security hardening from a multi-persona audit (2026-06-16):

• A1 — VC key-binding (High): verification now decodes the Ed25519 key from the trust anchor (issuer.id / server DID) and rejects a mismatched proof.verificationMethod, closing an issuer key-substitution masquerade. Aligns with W3C VC Data Integrity controller-authorization.
• A2 — fail-closed auth (High): the REST API refuses non-public requests (503) when ATTESTIX_API_KEY is unset, unless ATTESTIX_ALLOW_NO_AUTH is explicitly set.
• A6 — CVE floors (High): requirements.txt pins cryptography>=46.0.7 / PyJWT>=2.12.0.
• B9 — import fix: bundle import reads the cloud vc_jsonld credential key.

Known issue: cloud→OSS audit-chain re-verification can fail (chain tenant vs storage tenant); tracked for a later 0.4.1 pre-release.

Full notes in CHANGELOG.md.

v0.4.0

v0.4.0 — the embeddable, multi-tenant, portable release

First stable 0.4.0. pip install attestix now resolves to 0.4.0 (was 0.3.0).

Promotes 0.4.0rc5 unchanged after a clean 10/10 cross-family Linux source-blind validation — the convergence of a 5-RC cycle (Windows + Linux) that caught and fixed 5 P0 install crashes, 4 doc/contract breaks, and 1 idempotency-replay defect before any of it reached the canonical install name.

pip install attestix      # 0.4.0
# optional extras:
pip install 'attestix[api]'        # FastAPI REST surface
pip install 'attestix[langchain]'  # LangChain callback

What's new since 0.3.0

Embeddable

• Pluggable Storage + Signer protocols — swap the in-memory defaults for Postgres + HSM/KMS without forking.
• Canonical attestix.* namespace (back-compat shims retained); [api] / [langchain] / [crewai] / [openai-agents] install extras; LangChain / OpenAI Agents / CrewAI integrations shipped in the wheel.

Multi-tenant

• tenant_id on every resource; structured, hash-chained, idempotency-aware audit events that don't leak across tenants.
• REST idempotency replays the original cached body verbatim (Idempotency-Replayed header), exactly-1-resource dedup, 24h TTL.

Portable (zero lock-in)

• Bundle EXPORT + IMPORT (attestix export / attestix import) — byte-stable JCS wire-format published at https://attestix.io/spec/bundle/v1. Cloud-workspace ⇆ self-host round-trip.
• Cross-engine offline JS verifier (npm install @vibetensor/attestix; unscoped attestix migration underway) verifies Python-issued credentials in any JS runtime.

Verifiable + compliant

• verify_chain returns a structured VerifyChainResult (broken_event_id, failure_reason).
• generate_declaration_of_conformity raises on all missing prerequisites; declarations surface credential_id.
• Browser verification portal at https://attestix.io/verify (no install, nothing uploaded).

Docs + trust

• 10 per-ICP quickstarts, /uk + /india pages, OWASP Agentic Top 10 (2026) + ISO 42001 + NIST AI RMF + SOC 2 + FRIA mappings (honest per-control coverage), /pricing, the bundle spec.
• Supply chain: Docker base images SHA-pinned, CI deps hash-pinned.

Validated

585 tests on Ubuntu + Windows × Python 3.11–3.13. Clean 10/10 cross-family persona validation on Linux, source-blind against the PyPI wheel. Signing keys 0600.

Known, scheduled for v0.4.1

• get_audit_trail surfaces only the legacy Article-12 chain (the identity.create event is emitted + counted by get_provenance; the read-API contract change is deferred).
• create_delegation refuses capability-escalation via an error-dict rather than a raise (secure — escalation is blocked).

Built by VibeTensor Private Limited (India-incorporated; Warangal, Telangana). Evidence tooling, not a guarantor of compliance — providers remain liable under EU AI Act Articles 16–22.

v0.4.0-rc.5

v0.4.0-rc.5 — idempotency replay returns the cached body (convergence on rc.4)

The Linux 10-persona validation confirmed all 4 rc.3 blockers stayed closed and all 5 rc.2 P0s held, surfacing one P1 DX/contract defect. rc.5 fixes it.

Install: pip install --pre attestix==0.4.0rc5

Fixed (P1)

REST idempotency replay now returns the original cached response body verbatim — Stripe-style. Before, a retried POST /v1/identities with the same Idempotency-Key returned a receipt envelope ({"idempotent_replay":true,"stored_response":{"resource_id":null,...}}), so a CI client reading resp.json()["agent_id"] on a retry got None. Now the retry is indistinguishable from the first success (agent_id survives, 201 replays as 201). Replay metadata moved to an Idempotency-Replayed: true header so the body shape never changes. The dedup guarantee (exactly 1 resource), the same-key/different-payload 409, and the 24h TTL are all preserved.

Deferred to v0.4.1 (documented, non-security, non-corruption)

• get_audit_trail surfaces only the legacy Article-12 provenance chain, so a brand-new REST-created identity with no logged actions reads as 0 rows (the identity.create event IS emitted to the structured collection; get_provenance counts it). Surfacing audit.json::events through get_audit_trail changes that read API's contract — a v0.4.1 change, not a late-RC wiring fix.
• create_delegation refuses capability-escalation via an error-dict rather than a raise (secure — escalation IS blocked; both REST + MCP layers depend on the dict shape, so converting is a v0.4.1 consistency pass).

Tests

585 passed, 3 skipped. New tests/integration/test_idempotency_rest_replay.py asserts verbatim-body replay, the header, N-replays-1-resource, and 409-on-different-payload.

Final release candidate. A clean Linux 10-persona re-validation is the gate before promoting to stable 0.4.0.

v0.4.0-rc.4

v0.4.0-rc.4 — fixes 4 blockers from the Linux 10-persona validation

rc.3 fixed the rc.2 install crashes; running the quickstarts further on Linux (WSL Ubuntu, source-blind) exposed 4 doc/contract breaks that the crashes had masked. rc.4 closes them.

Install: pip install --pre attestix==0.4.0rc4

Fixed

1. generate_declaration_of_conformity raises on ALL prerequisites — rc.3 raised only on missing Annex V content fields; it still returned {"error":...} silently when there was no compliance profile or no completed conformity assessment. Now raises MissingCompliancePrerequisiteError (subclass of InvalidComplianceProfileError, so REST→422 + MCP structured-error handlers map it automatically) with a message naming the exact missing prerequisite.
2. grc-consultant quickstart KeyError — the declaration now surfaces credential_id (the EUAIActComplianceCredential VC id it was discarding; added post-signing so the signed Annex V declaration is byte-unchanged). Also corrected the doc's create_verifiable_presentation kwargs to the real agent_id/credential_ids/audience_did.
3. REST path 404s — quickstart docs said POST /identities; the real routes mount under /v1. Corrected enterprise-architect + mlops-engineer quickstarts to /v1/identities, /v1/provenance/audit-trail/{agent_id}, etc.
4. Stale pins — bumped attestix==0.4.0rc2 → rc4 across the quickstart docs.

Tests

580 passed, 3 skipped (Ubuntu + Windows × py3.11-3.13). next build green, 81 pages.

Still a release candidate. A clean Linux 10-persona re-validation is the gate before stable 0.4.0.

v0.4.0-rc.3

v0.4.0-rc.3 — ship-with-fixes prerelease

Honest follow-up to rc.2. The isolated 10-persona RC validation (each persona's quickstart run against the published wheel, source-blind) caught 5 P0 release blockers — three crashed the documented quickstart on a fresh pip install --pre, two silently produced broken output on a compliance-critical path. rc.3 fixes all 5 + the top 4 P1s.

Install: pip install --pre attestix==0.4.0rc3

P0 fixes

1. attestix.integrations.* now in the wheel — rc.2 shipped no integrations directory, so from attestix.integrations.langchain import AttestixCallback raised ModuleNotFoundError. rc.3 ships LangChain / OpenAI Agents / CrewAI adapters (lazy framework imports). Guarded by tests/release/test_wheel_includes_integrations.py so it can never regress.
2. [api] extra (fastapi + uvicorn) — uvicorn attestix.api.main:app crashed on a missing fastapi. Now pip install --pre 'attestix[api]', with a targeted ImportError hint when the extra is absent.
3. is_configured docs fixed — web3 quickstart called chain.is_configured() (a property) → TypeError. Docs corrected to property access.
4. generate_declaration_of_conformity raises on missing fields — was returning {"error": ...} silently with declaration_id: None. Now raises InvalidComplianceProfileError(missing_fields=[...]).
5. Audit count fixed — record_* methods now emit audit events; the audit chain is no longer empty after the documented GRC workflow. get_provenance aggregates legacy + new chains.

P1 fixes

[langchain]/[crewai]/[openai-agents] extras documented · agent['did'] populated top-level · .signing_key.json chmod 600 (best-effort) · author email → info@vibetensor.com.

Tests

531 → 579+. New tests/release/ + tests/perf/ regression guards.

Still a release candidate. A Linux re-run of the 10-persona validation against rc.3 is the gate before promoting to stable 0.4.0.

v0.4.0-rc.2

Packaging-correctness + honesty pass on rc.1.

• Proper attestix.* namespace — the wheel no longer drops flat top-level packages (services/, auth/, ...) into site-packages. Canonical imports: from attestix.services... import .... Pre-rc.2 paths kept as DeprecationWarning shims, scheduled for removal in v0.5.0.
• Honesty pass — "production-ready" replaced with honest "release candidate / single-maintainer" framing across README + website. Test numbers (481 + 91 conformance) are real and kept.
• 481 passing tests, zero regressions vs rc.1. Wheel-install smoke verified.

Install (pre-release): pip install --pre attestix==0.4.0rc2

v0.4.0-rc.1

First v0.4.0 release candidate — the extensibility layer that lets the engine be wrapped (e.g. by a hosted control plane) without forking, while self-host behavior is unchanged.

• Pluggable storage (Repository) + signer (Signer); defaults reproduce v0.3.0 byte-for-byte
• Optional tenant context (tenant_id, defaults to "default"; legacy records read as "default")
• Structured hash-chained audit events across all 9 services (side-channel; outputs/format unchanged)
• Idempotency keys via an opt-in middleware (strict no-op without an Idempotency-Key header)

Additive and backward-compatible; no breaking public API. Test suite 358 → 481 passing; RFC conformance benchmarks unaffected. Closes #66–#70.

Install (pre-release): pip install --pre attestix==0.4.0rc1

v0.3.0 - real framework integrations, security hardening, CI/CD

Minor version bump (0.2.5 -> 0.3.0) bundling seven previously merged but unreleased pull requests.

Security

• CRITICAL: delegation chain auth bypass fix (PR #45). Parent tokens and capability attenuation are now strictly verified on every delegation verify. Any long-lived delegation tokens issued prior to this release should be reviewed and re-issued.
• SSRF hardening on agent discovery, DID resolution, credential fetch (PR #47).
• Timing-safe comparisons for signature and token equality checks (PR #47).
• Seven REST API router exception paths no longer leak internals to clients (PR #47).

Added

• Real LangChain integration using BaseCallbackHandler (PR #42).
• Real OpenAI Agents SDK integration via MCPServerStdio (PR #48).
• Real CrewAI integration via MCPServerAdapter (PR #51).

Fixed

• Article 43 Annex III conformity assessment differentiates categories that require a notified body versus permitted self-assessment (PR #46).
• EAS schema UID derivation now matches the exact on-chain EAS encoding (PR #50).
• Attested event decoding prefers web3.py ABI decoding with a hardened topic-signature fallback (PR #50).

Infrastructure

• GitHub Actions CI/CD: pytest matrix (py 3.10, 3.11, 3.12, 3.13), ruff, mypy, bandit, pip-audit, plus a PyPI publish workflow on release creation (PR #49).
• Default pytest addopts include -p no:logfire to work around an opentelemetry-sdk / logfire ABI mismatch pulled in transitively by CrewAI.

Release verification

• python -m pytest tests/ - 358 passed, 1 skipped
• twine check dist/* - wheel and sdist PASSED
• PyPI: https://pypi.org/project/attestix/0.3.0/
• MCP Registry: io.github.VibeTensor/attestix

Install: pip install --upgrade attestix