Skip to content

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0
Open

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on agent-manifest to permit the latest version.

Changelog

Sourced from agent-manifest's changelog.

[0.2.0] — 2026-06-30

Security

[SDK] Delegation chain root is now bound to the manifest issuer/agent identity — forged-authority chains are rejected. [SDK] Scope-narrowing enforces constraint-superset, non-increasing ttl_seconds, and non-increasing max_delegation_depth. [SDK] Verification schema-validates the manifest (fail-closed); CLI verify no longer prints bare VALID when artifact bindings were not checked.

Changed

[SPEC] SNP/TDX attestation field corrections and provider experimental markers (REPORT_DATA at 0x50); threat-model/levels documentation scoped to what TEE attestation provides.

Fixed

[SDK] PrincipalType set reconciled (no service).

Added

[SPEC] Memory Checkpoint & Delta Protocol (Section 3.2.6.2) — v0.2 incremental memory binding.

  • Append-only operation-log (merkle-log) model lets persistent memory evolve across a session and prove the evolution was governed, without re-approving the whole store.
  • Per-representation leaf canonicalization: key-value, semantic/vector (binds embedding + model id), and graph-RAG (nodes + edges).
  • A governed checkpoint advance is accepted only with a valid RFC 9162 §2.1.2 consistency proof; an unproven change still triggers v0.1 drift detection (MEMORY_DRIFT_DETECTED) — fail-closed preserved.

[SDK] MerkleTree.consistency_proof + verify_consistency (RFC 9162 §2.1.2) in agent_manifest._merkle. [SDK] agent_manifest._memory_delta: build_memory_tree, MemoryCheckpoint, verify_delta, fold_kv. [SDK] MemoryCheckpointBinding model (memory_root anchor; additive — MemoryBaselineBinding and snapshot_hash semantics unchanged).

[SDK] Export the verification API from the package root, so relying parties and gateways call agent_manifest.verify_manifest() and VerificationContext directly instead of importing the private _verify module (#176).

[SPEC] Document runtime-session binding guidance for gateways, including the signed fields that bind agent_id, artifact hashes, validity windows, delegation handling, and attestation separation (#177).

[0.1.0] — 2026-06-23

Stable launch release at Confidential Computing Summit, June 23 2026.

Fixed

[SDK] Enforce poisoning_scan.result rules in verifier — bad scan results now correctly fail closed (#167). [SDK] Align Pydantic models, examples, and signing logic to the v0.1 spec (#165). [SDK] Transparency log and signing error paths fully covered; fail-closed verifier restored (#168).

[0.1.0-alpha1] — 2026-06-04

Initial developer preview. Launching at Confidential Computing Summit, June 23 2026.

Added

... (truncated)

Commits
  • 47355f3 chore(release): agent-manifest 0.2.0 (#213)
  • a496938 fix(delegation): reconcile principal-type set with PrincipalType enum (#212)
  • 5627d3a fix(verify): bind delegation root to issuer, enforce scope-narrowing, schema-...
  • 2073576 feat(verify): attestation-chain verifier scaffold (#204 phase 1) (#210)
  • c0d1c01 fix(hw): read SNP REPORT_DATA at 0x50; correct TDX RTMR/Quote claims (#209)
  • 0e9a863 docs: scope threat-model claims to what TEE attestation actually provides (#208)
  • 85a688b fix(attestation): correct SNP REPORT_DATA vs HOST_DATA in spec/docs; mark pro...
  • 46ca562 docs: standardize OPAQUE brand capitalization (#200)
  • b8ad1f9 feat(verify): A2A delegation chain verification via structural validation and...
  • be2c5eb feat(governance): agt verify CI step and release evidence — closes #195 (#198)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 4, 2026
Updates the requirements on [agent-manifest](https://github.com/agentrust-io/agent-manifest) to permit the latest version.
- [Release notes](https://github.com/agentrust-io/agent-manifest/releases)
- [Changelog](https://github.com/agentrust-io/agent-manifest/blob/main/CHANGELOG.md)
- [Commits](agentrust-io/agent-manifest@python-v0.1.1...python-v0.2.0)

---
updated-dependencies:
- dependency-name: agent-manifest
  dependency-version: 0.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/agent-manifest-gte-0.2.0 branch from 8cca27e to 4534877 Compare July 5, 2026 21:58
@imran-siddique

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@imran-siddique imran-siddique left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding on this one: agent-manifest is pre-1.0, so a >=0.1.1 -> >=0.2.0 minor bump can carry breaking changes under semver conventions. Please confirm manifest parsing/schema compatibility before merge. CI is green but doesn't exercise this path fully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant