agent-safe-spl 0.3.0

What's changed

The 0.3.0 functional changes are limited to sdk/js; the version bump on sdk/python and sdk/rust keeps the SDKs version-locked.

Fixed (sdk/js)

• now symbol resolution. resolveSymbol previously read ctx.vars?.now, but verify and verifyToken set ctx.now. Any policy using (before now <expires>) silently resolved the symbol's name as the literal string "now" and string-compared against the right-hand side. Now reads from ctx.now first, falls back to ctx.vars?.now for backward compatibility, and throws under ctx.strict.

Added (sdk/js)

• vars symbol binding. (get vars "key") now resolves to the same value as the bare-symbol form key, mirroring how req is exposed. Bare-symbol var lookup continues to work unchanged.

Tests

• Two regression tests cover both behaviours (one for (before now ...) driven through verify with only ctx.now set; one asserting (get vars "key") matches the bare-symbol form).

v0.2.1

Changes

• Add CLAUDE.md architecture documentation
• Add .kin metadata for Kindex integration
• Add Pact adoption files (pact.yaml, task.md, sops.md)
• Add Constrain artifacts (constraints.yaml, component_map.yaml, trust_policy.yaml, schema_hints.yaml, prompt.md)
• Full portfolio standardization

v0.2.0 — PoP Binding, HKDF, Security Hardening

Added

• PoP (Proof-of-Possession) binding — tokens can bind to an agent's Ed25519 key via pop_key; verifier requires presentation signature
• HKDF-SHA-256 key derivation (RFC 5869) — derive per-service unlinkable keypairs from a master key
• SECURITY.md — vulnerability disclosure policy with GitHub private reporting
• OpenSSF Best Practices badge — passing level certification
• CodeQL SAST — static analysis across all 5 compiled languages
• Dependabot — automated dependency updates for all 6 SDKs + GitHub Actions
• OpenSSF Scorecard — weekly automated security scoring

Changed

• Fail-closed crypto defaults — all crypto callbacks default to false
• Full-envelope signing — signature now covers sealed, expires, merkle_root, and hash_chain_commitment
• Strict symbol resolution — unresolved symbols raise errors in strict mode
• Type-aware equality — = operator distinguishes types
• Max policy size — parsers enforce 64 KB limit
• Rust: replaced rand with getrandom — avoids rand_core version conflicts
• CI hardening — all GitHub Actions SHA-pinned, dependency audit steps

Security

• 249 tests across 6 SDKs (up from 234)
• Cross-SDK HKDF parity verified — all SDKs produce identical keys for same inputs

v0.1.0 — Initial Release

Agent-Safe SPL v0.1.0

Embed authorization in the token. 150 lines. Zero deps. Microseconds.

Highlights

• SPL v0.1 specification — total, deterministic S-expression policy language
• 6 SDK implementations: TypeScript, Go, Python, Rust, Java, C#
• Token minting API with Ed25519 signing
• Real crypto: Ed25519 signatures, SHA-256 Merkle proofs, hash-chain offline budgets
• Token sealing to prevent further attenuation
• 234 tests across all SDKs with shared crypto test vectors
• ~2μs eval, ~15μs parse+eval on Apple M1

Install

npm install agent-safe-spl        # TypeScript
pip install agent-safe-spl        # Python
cargo add agent-safe-spl          # Rust
go get github.com/jmcentire/agent-safe/sdk/go

Links

• Landing page
• SPEC.md