Skip to content

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0
Open

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown

Updates the requirements on agent-manifest to permit the latest version.

Changelog

Sourced from agent-manifest's changelog.

[0.2.0] — 2026-06-30

Security

[SDK] Delegation chain root is now bound to the manifest issuer/agent identity — forged-authority chains are rejected. [SDK] Scope-narrowing enforces constraint-superset, non-increasing ttl_seconds, and non-increasing max_delegation_depth. [SDK] Verification schema-validates the manifest (fail-closed); CLI verify no longer prints bare VALID when artifact bindings were not checked.

Changed

[SPEC] SNP/TDX attestation field corrections and provider experimental markers (REPORT_DATA at 0x50); threat-model/levels documentation scoped to what TEE attestation provides.

Fixed

[SDK] PrincipalType set reconciled (no service).

Added

[SPEC] Memory Checkpoint & Delta Protocol (Section 3.2.6.2) — v0.2 incremental memory binding.

  • Append-only operation-log (merkle-log) model lets persistent memory evolve across a session and prove the evolution was governed, without re-approving the whole store.
  • Per-representation leaf canonicalization: key-value, semantic/vector (binds embedding + model id), and graph-RAG (nodes + edges).
  • A governed checkpoint advance is accepted only with a valid RFC 9162 §2.1.2 consistency proof; an unproven change still triggers v0.1 drift detection (MEMORY_DRIFT_DETECTED) — fail-closed preserved.

[SDK] MerkleTree.consistency_proof + verify_consistency (RFC 9162 §2.1.2) in agent_manifest._merkle. [SDK] agent_manifest._memory_delta: build_memory_tree, MemoryCheckpoint, verify_delta, fold_kv. [SDK] MemoryCheckpointBinding model (memory_root anchor; additive — MemoryBaselineBinding and snapshot_hash semantics unchanged).

[SDK] Export the verification API from the package root, so relying parties and gateways call agent_manifest.verify_manifest() and VerificationContext directly instead of importing the private _verify module (#176).

[SPEC] Document runtime-session binding guidance for gateways, including the signed fields that bind agent_id, artifact hashes, validity windows, delegation handling, and attestation separation (#177).

[0.1.0] — 2026-06-23

Stable launch release at Confidential Computing Summit, June 23 2026.

Fixed

[SDK] Enforce poisoning_scan.result rules in verifier — bad scan results now correctly fail closed (#167). [SDK] Align Pydantic models, examples, and signing logic to the v0.1 spec (#165). [SDK] Transparency log and signing error paths fully covered; fail-closed verifier restored (#168).

[0.1.0-alpha1] — 2026-06-04

Initial developer preview. Launching at Confidential Computing Summit, June 23 2026.

Added

... (truncated)

Commits
  • 47355f3 chore(release): agent-manifest 0.2.0 (#213)
  • a496938 fix(delegation): reconcile principal-type set with PrincipalType enum (#212)
  • 5627d3a fix(verify): bind delegation root to issuer, enforce scope-narrowing, schema-...
  • 2073576 feat(verify): attestation-chain verifier scaffold (#204 phase 1) (#210)
  • c0d1c01 fix(hw): read SNP REPORT_DATA at 0x50; correct TDX RTMR/Quote claims (#209)
  • 0e9a863 docs: scope threat-model claims to what TEE attestation actually provides (#208)
  • 85a688b fix(attestation): correct SNP REPORT_DATA vs HOST_DATA in spec/docs; mark pro...
  • 46ca562 docs: standardize OPAQUE brand capitalization (#200)
  • b8ad1f9 feat(verify): A2A delegation chain verification via structural validation and...
  • be2c5eb feat(governance): agt verify CI step and release evidence — closes #195 (#198)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [agent-manifest](https://github.com/agentrust-io/agent-manifest) to permit the latest version.
- [Release notes](https://github.com/agentrust-io/agent-manifest/releases)
- [Changelog](https://github.com/agentrust-io/agent-manifest/blob/main/CHANGELOG.md)
- [Commits](agentrust-io/agent-manifest@python-v0.1.1...python-v0.2.0)

---
updated-dependencies:
- dependency-name: agent-manifest
  dependency-version: 0.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants