v1.2.13

What's Changed

Other changes

• Polish README for GitHub discovery by @bmdhodl in #419
• Improve repo trust and OSS onboarding by @bmdhodl in #420
• Switch PyPI releases to Trusted Publishing by @bmdhodl in #422
• Point demo users to quickstart activation by @bmdhodl in #423
• Add optional Pydantic AI starter recipe by @bmdhodl in #424
• Clarify incident dashboard handoff by @bmdhodl in #426
• Add dashboard handoff guide by @bmdhodl in #427
• Fix MCP package release consistency by @bmdhodl in #429
• Fix AgentGuard release hygiene docs by @bmdhodl in #438
• feat: add sticky agent proof fixture by @bmdhodl in #432
• Add first-run CLI fallback guidance by @bmdhodl in #435
• Add MCP proof gallery coverage by @bmdhodl in #436
• Guard hosted dashboard handoff copy by @bmdhodl in #437
• Add local-first agentguard-mcp budget server by @bmdhodl in #440
• feat: add deployed-agent guard profile by @bmdhodl in #442
• feat(sdk): publish typed contracts for public SDK surface by @bmdhodl in #444
• docs(readme): add Real Incidents section with PocketOS entry by @bmdhodl in #447
• Make budget MCP entrypoint dogfoodable by @bmdhodl in #454
• docs: record first Glama MCP release by @bmdhodl in #455
• docs: improve Glama metadata quality by @bmdhodl in #456
• Add Glama badges and clean up root docs by @bmdhodl in #457
• Clean root docs and improve query_traces metadata by @bmdhodl in #458
• Add optional MCP npm release guard by @bmdhodl in #430
• docs: add release cadence by @bmdhodl in #459
• Publish AgentGuard skill distribution docs by @bmdhodl in #461
• Document managed-agent threat and cost surfaces by @bmdhodl in #465
• Improve SDK first-run proof by @bmdhodl in #467
• Refresh MCP indexing state and document blockers by @bmdhodl in #472
• [codex] Fix CI tool pins for Python 3.9 by @bmdhodl in #478
• docs: refresh ARCHITECTURE.md to match current repo layout by @bmdhodl in #481
• Clarify doctor first-run proof path by @bmdhodl in #482
• agent: fail clearly for async decorator tracer mismatch by @bmdhodl in #483
• agent: make MCP budget recording atomic by @bmdhodl in #484
• agent: share trace event sanitization with async tracer by @bmdhodl in #485
• agent: fail loudly on guard bugs and refresh pricing trust by @bmdhodl in #486
• agent: harden LangChain callback span bookkeeping by @bmdhodl in #487
• agent: remove dead MCP shim and tighten adoption tests by @bmdhodl in #488
• harden: add actionlint workflow guardrail by @bmdhodl in #489
• feat: goal-level metering API (guard.goal context manager) by @bmdhodl in #521
• docs: position AgentGuard vs Manifest (in-process guard, not LLM router) by @bmdhodl in #522
• docs(readme): cite MSFT Claude Code cost retreat as validation by @bmdhodl in #531
• docs(readme): add agent exfiltration threat model with Copilot Cowork cite by @bmdhodl in #535
• Release v1.2.11 by @bmdhodl in #545
• Gate release announcements on published releases by @bmdhodl in #546
• Harden post-publish release workflow by @bmdhodl in #547
• Prepare v1.2.12 release by @bmdhodl in #548
• Log v1.2.12 release prep handoff by @bmdhodl in #549
• Prepare v1.2.13 release by @bmdhodl in #550

Full Changelog: v1.2.10...v1.2.13

AgentGuard v1.2.10

AgentGuard v1.2.10

Patch release focused on activation proof, PyPI-facing onboarding, and release reliability.

Activation Proof Path

• Tightened the README and getting-started path around doctor, demo, and quickstart so first-time SDK users can reach local guard proof faster.
• Added a coding-agent review-loop proof artifact that shows budget and retry guards stopping a simulated review/refinement loop without API keys or network calls.
• Added sync coverage for the public sample incident and generated PyPI README so release-facing activation assets do not silently drift.

Release And Distribution Hygiene

• Added an opt-in activation metrics design doc that defines allowed activation questions and local-first consent boundaries without adding telemetry.
• Hardened release discussion category handling so missing GitHub Discussion categories do not block the package release path.
• Updated the package build timestamp seed to the ZIP-safe reproducible epoch so local and CI release builds do not fail on pre-1980 metadata.
• Clarified hosted ingest language in incident reporting so HttpSink is described as event mirroring for retained alerts and follow-up, not a remote kill switch by itself.

Install or upgrade:

pip install --upgrade agentguard47

PyPI: https://pypi.org/project/agentguard47/1.2.10/
Compare: v1.2.9...v1.2.10

v1.2.9

Dashboard Contract Alignment

• Decision-trace helpers now emit non-empty dashboard-parseable binding_state values for proposed, edited, overridden, and approved events by default.
• Added hosted-ingest contract coverage for decision-trace warnings so SDK events stay queryable by the dashboard after ingest.
• Tightened README and guide copy around the local runtime-control proof path, hosted dashboard handoff, and remote-kill polling boundary.

Validation proof is captured in proof/release-1.2.9/.

v1.2.8

1.2.8

Agent Security Stack Positioning

• Added a competitive-positioning doc that places AgentGuard in the runtime behavior and budget layer of the emerging agent security stack.
• Updated README competitive-doc links to point to both the gateway comparison and broader stack-layer framing.

Per-Token Budget Proof

• Added examples/per_token_budget_spike.py to prove BudgetGuard catches one oversized token-priced turn locally.
• Updated README, getting-started docs, and examples docs around token-metered budget enforcement.

Budget-Aware Escalation Guard

• Added BudgetAwareEscalation, EscalationSignal, and EscalationRequired for portable advisor-style escalation without provider dependencies.
• Added token-count, confidence, tool-call-depth, and custom-rule triggers, plus local example and guide coverage.

Managed-Agent Session Correlation

• Added optional session_id support to Tracer, AsyncTracer, and agentguard.init(...).
• Added local managed-session guide and runnable example proving shared session correlation across distinct traces.

Coding-Agent Skill Packs

• Added agentguard skillpack to generate repo-local .agentguard.json defaults plus instructions for Codex, Claude Code, GitHub Copilot, and Cursor.
• Updated coding-agent onboarding docs around the generated local-first flow.

Supply Chain And Release Prep

• Replaced unhashed workflow pip install steps with a checked-in hash-locked CI toolchain requirements file.
• Pinned root and MCP Docker base images to the current node:22-alpine digest.
• Prepared the GitHub side of PyPI Trusted Publishing while keeping token auth until the PyPI publisher is configured.

PyPI: https://pypi.org/project/agentguard47/1.2.8/

v1.2.6

Hosted Ingest Compatibility

• HttpSink now drops local-only kind="meta" watermark records before posting to the hosted ingest API, preventing first-batch 400s from validators that only accept trace spans and point events.
• HttpSink now mirrors supported trace kinds into both kind and type on outbound payloads so the SDK remains compatible across hosted validators while preserving local SDK semantics.

v1.2.5

1.2.5

Distribution and Registry Hygiene

• Added official MCP Registry metadata plus package-local Docker and Smithery config for @agentguard47/mcp-server.
• Added sdk/tests/test_mcp_registry_metadata.py to keep MCP registry metadata, packaging files, and environment-variable contracts aligned.
• Refreshed README, SDK README, PyPI README, and package metadata around coding-agent safety and local-first onboarding.

Public Repo Hygiene

• Removed stale tracked context/ files that carried business-sensitive planning data not meant for the public SDK repo.
• Retired the obsolete inbox/INBOX_PROTOCOL.md workflow in favor of the current memory/ plus inbox/log.md contract.

v1.2.4

Coding-Agent Onboarding

• Added repo-local .agentguard.json support so humans and coding agents can share static SDK defaults without dashboard coupling.
• Added the built-in coding-agent profile with tighter loop and retry defaults for repo automation and coding workflows.
• Added executable starter files under examples/starters/ and aligned agentguard doctor / agentguard quickstart around .agentguard/traces.jsonl.
• Added the docs/guides/coding-agents.md onboarding guide plus doc updates across the README, SDK README, examples, architecture doc, roadmap, and generated PyPI README.

SDK Hardening

• JsonlFileSink now creates parent directories automatically so repo-local trace paths like .agentguard/traces.jsonl work out of the box.
• Repo-config parsing now rejects boolean values in numeric fields to keep local defaults deterministic and auditable.
• init() now still honors repo-level profile defaults when service, budget, or trace path are passed explicitly but guard-profile values are left implicit.
• Invalid AGENTGUARD_BUDGET_USD values now fall back to a valid repo-local budget_usd instead of silently dropping budget enforcement.

v1.2.3

AgentGuard 1.2.3

Install or upgrade:

pip install --upgrade agentguard47

What changed

• release hardening for the next SDK cut: docs, roadmap, changelog, and release criteria are now aligned
• fixed the current CodeQL findings in examples/cost_guardrail.py and sdk/tests/e2e_v110.py
• pinned GitHub Actions by commit SHA across CI, publish, CodeQL, Scorecard, and maintenance workflows
• refreshed stale docs and examples that still referenced v1.2.1 or the removed agentguard view command

Cleanup tracked separately

• #278 refresh vulnerable mcp-server dependencies
• #279 resolve remaining repo-level Scorecard governance findings

v1.2.1 — CostTracker Improvements

What's New in v1.2.1

CostTracker Improvements

• Per-span cost events: CostTracker now includes running total in span end events (cost_usd field)
• Model pricing accuracy: Updated model pricing for latest OpenAI, Anthropic, and Google models
• Warning on unknown models: estimate_cost() logs a warning when encountering unrecognized model names

Bug Fixes

• Fixed span end events not including accumulated cost data
• Improved CostTracker thread safety

Full Changelog

Full Changelog: v1.2.0...v1.2.1

---

Installation

pip install agentguard47==1.2.1

Quick Start

from agentguard import Tracer, BudgetGuard

guard = BudgetGuard(max_budget_usd=5.00)
tracer = Tracer(service="my-agent", guards=[guard])

with tracer.span("agent-run"):
    # Your agent code here
    pass  # BudgetExceeded raised if cost > $5

v1.0.0 — Production GA

AgentGuard v1.0.0 — Production GA

Runtime guardrails for AI agents. Stop loops, enforce budgets, trace everything — zero dependencies.

pip install agentguard47

Highlights

• 5 guards: LoopGuard, FuzzyLoopGuard, BudgetGuard, TimeoutGuard, RateLimitGuard
• 4 integrations: LangChain, LangGraph, CrewAI, OpenTelemetry
• Auto-instrumentation: patch_openai() / patch_anthropic() for automatic tracing
• Full async API: AsyncTracer, async decorators, async monkey-patches
• Cost tracking: Built-in pricing for OpenAI, Anthropic, Google, Mistral, Meta
• Evaluation: Assert properties of traces in tests or CI
• Production-ready: Gzip compression, retry with backoff, sampling, SSRF protection
• CLI: agentguard report, view, summarize, eval

Quality

• 317 tests, 86% coverage
• Python 3.9-3.12
• Zero dependencies (pure Python stdlib)
• Development Status: Production/Stable

Links

• PyPI: https://pypi.org/project/agentguard47/1.0.0/
• Docs: https://github.com/bmdhodl/agent47#readme
• Changelog: https://github.com/bmdhodl/agent47/blob/main/CHANGELOG.md