Skip to content

v0.4.0

Choose a tag to compare

@ascender1729 ascender1729 released this 30 May 09:01
40904b3

v0.4.0 — the embeddable, multi-tenant, portable release

First stable 0.4.0. pip install attestix now resolves to 0.4.0 (was 0.3.0).

Promotes 0.4.0rc5 unchanged after a clean 10/10 cross-family Linux source-blind validation — the convergence of a 5-RC cycle (Windows + Linux) that caught and fixed 5 P0 install crashes, 4 doc/contract breaks, and 1 idempotency-replay defect before any of it reached the canonical install name.

pip install attestix      # 0.4.0
# optional extras:
pip install 'attestix[api]'        # FastAPI REST surface
pip install 'attestix[langchain]'  # LangChain callback

What's new since 0.3.0

Embeddable

  • Pluggable Storage + Signer protocols — swap the in-memory defaults for Postgres + HSM/KMS without forking.
  • Canonical attestix.* namespace (back-compat shims retained); [api] / [langchain] / [crewai] / [openai-agents] install extras; LangChain / OpenAI Agents / CrewAI integrations shipped in the wheel.

Multi-tenant

  • tenant_id on every resource; structured, hash-chained, idempotency-aware audit events that don't leak across tenants.
  • REST idempotency replays the original cached body verbatim (Idempotency-Replayed header), exactly-1-resource dedup, 24h TTL.

Portable (zero lock-in)

  • Bundle EXPORT + IMPORT (attestix export / attestix import) — byte-stable JCS wire-format published at https://attestix.io/spec/bundle/v1. Cloud-workspace ⇆ self-host round-trip.
  • Cross-engine offline JS verifier (npm install @vibetensor/attestix; unscoped attestix migration underway) verifies Python-issued credentials in any JS runtime.

Verifiable + compliant

  • verify_chain returns a structured VerifyChainResult (broken_event_id, failure_reason).
  • generate_declaration_of_conformity raises on all missing prerequisites; declarations surface credential_id.
  • Browser verification portal at https://attestix.io/verify (no install, nothing uploaded).

Docs + trust

  • 10 per-ICP quickstarts, /uk + /india pages, OWASP Agentic Top 10 (2026) + ISO 42001 + NIST AI RMF + SOC 2 + FRIA mappings (honest per-control coverage), /pricing, the bundle spec.
  • Supply chain: Docker base images SHA-pinned, CI deps hash-pinned.

Validated

585 tests on Ubuntu + Windows × Python 3.11–3.13. Clean 10/10 cross-family persona validation on Linux, source-blind against the PyPI wheel. Signing keys 0600.

Known, scheduled for v0.4.1

  • get_audit_trail surfaces only the legacy Article-12 chain (the identity.create event is emitted + counted by get_provenance; the read-API contract change is deferred).
  • create_delegation refuses capability-escalation via an error-dict rather than a raise (secure — escalation is blocked).

Built by VibeTensor Private Limited (India-incorporated; Warangal, Telangana). Evidence tooling, not a guarantor of compliance — providers remain liable under EU AI Act Articles 16–22.