Skip to content

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41

Merged
imran-siddique merged 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0
Jul 7, 2026
Merged

chore(deps): update agent-manifest requirement from >=0.1.1 to >=0.2.0#41
imran-siddique merged 1 commit into
mainfrom
dependabot/pip/agent-manifest-gte-0.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on agent-manifest to permit the latest version.

Changelog

Sourced from agent-manifest's changelog.

[0.2.0] — 2026-06-30

Security

[SDK] Delegation chain root is now bound to the manifest issuer/agent identity — forged-authority chains are rejected. [SDK] Scope-narrowing enforces constraint-superset, non-increasing ttl_seconds, and non-increasing max_delegation_depth. [SDK] Verification schema-validates the manifest (fail-closed); CLI verify no longer prints bare VALID when artifact bindings were not checked.

Changed

[SPEC] SNP/TDX attestation field corrections and provider experimental markers (REPORT_DATA at 0x50); threat-model/levels documentation scoped to what TEE attestation provides.

Fixed

[SDK] PrincipalType set reconciled (no service).

Added

[SPEC] Memory Checkpoint & Delta Protocol (Section 3.2.6.2) — v0.2 incremental memory binding.

  • Append-only operation-log (merkle-log) model lets persistent memory evolve across a session and prove the evolution was governed, without re-approving the whole store.
  • Per-representation leaf canonicalization: key-value, semantic/vector (binds embedding + model id), and graph-RAG (nodes + edges).
  • A governed checkpoint advance is accepted only with a valid RFC 9162 §2.1.2 consistency proof; an unproven change still triggers v0.1 drift detection (MEMORY_DRIFT_DETECTED) — fail-closed preserved.

[SDK] MerkleTree.consistency_proof + verify_consistency (RFC 9162 §2.1.2) in agent_manifest._merkle. [SDK] agent_manifest._memory_delta: build_memory_tree, MemoryCheckpoint, verify_delta, fold_kv. [SDK] MemoryCheckpointBinding model (memory_root anchor; additive — MemoryBaselineBinding and snapshot_hash semantics unchanged).

[SDK] Export the verification API from the package root, so relying parties and gateways call agent_manifest.verify_manifest() and VerificationContext directly instead of importing the private _verify module (#176).

[SPEC] Document runtime-session binding guidance for gateways, including the signed fields that bind agent_id, artifact hashes, validity windows, delegation handling, and attestation separation (#177).

[0.1.0] — 2026-06-23

Stable launch release at Confidential Computing Summit, June 23 2026.

Fixed

[SDK] Enforce poisoning_scan.result rules in verifier — bad scan results now correctly fail closed (#167). [SDK] Align Pydantic models, examples, and signing logic to the v0.1 spec (#165). [SDK] Transparency log and signing error paths fully covered; fail-closed verifier restored (#168).

[0.1.0-alpha1] — 2026-06-04

Initial developer preview. Launching at Confidential Computing Summit, June 23 2026.

Added

... (truncated)

Commits
  • 47355f3 chore(release): agent-manifest 0.2.0 (#213)
  • a496938 fix(delegation): reconcile principal-type set with PrincipalType enum (#212)
  • 5627d3a fix(verify): bind delegation root to issuer, enforce scope-narrowing, schema-...
  • 2073576 feat(verify): attestation-chain verifier scaffold (#204 phase 1) (#210)
  • c0d1c01 fix(hw): read SNP REPORT_DATA at 0x50; correct TDX RTMR/Quote claims (#209)
  • 0e9a863 docs: scope threat-model claims to what TEE attestation actually provides (#208)
  • 85a688b fix(attestation): correct SNP REPORT_DATA vs HOST_DATA in spec/docs; mark pro...
  • 46ca562 docs: standardize OPAQUE brand capitalization (#200)
  • b8ad1f9 feat(verify): A2A delegation chain verification via structural validation and...
  • be2c5eb feat(governance): agt verify CI step and release evidence — closes #195 (#198)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 4, 2026
Updates the requirements on [agent-manifest](https://github.com/agentrust-io/agent-manifest) to permit the latest version.
- [Release notes](https://github.com/agentrust-io/agent-manifest/releases)
- [Changelog](https://github.com/agentrust-io/agent-manifest/blob/main/CHANGELOG.md)
- [Commits](agentrust-io/agent-manifest@python-v0.1.1...python-v0.2.0)

---
updated-dependencies:
- dependency-name: agent-manifest
  dependency-version: 0.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/agent-manifest-gte-0.2.0 branch from 8cca27e to 4534877 Compare July 5, 2026 21:58
@imran-siddique

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@imran-siddique imran-siddique left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding on this one: agent-manifest is pre-1.0, so a >=0.1.1 -> >=0.2.0 minor bump can carry breaking changes under semver conventions. Please confirm manifest parsing/schema compatibility before merge. CI is green but doesn't exercise this path fully.

@imran-siddique imran-siddique merged commit ca39609 into main Jul 7, 2026
4 of 6 checks passed
@imran-siddique imran-siddique deleted the dependabot/pip/agent-manifest-gte-0.2.0 branch July 7, 2026 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant