Releases: admina-org/admina
Release list
v0.10.1
[0.10.1] — 2026-06-17
Security patch release. Updates two dependencies flagged by upstream
advisories. No API or behaviour changes.
Security
- cryptography updated to 49.0.0 (from 47.0.0), resolving the
high-severity advisory affecting< 48.0.1. The dependency constraint
ceiling is widened from<48to<50. - pyo3 — the Rust binding behind the optional
admina-coreaccelerator
— updated 0.24 → 0.29, resolving the high + medium RUSTSEC advisory
affecting< 0.29.0. The binding is migrated to the pyo3 0.29attach
API (Python::with_gil→Python::attach,PyObject→Py<PyAny>).
No functional change: the Rust engines remain at parity with the Python
implementations, verified by the full suite withadmina-coreinstalled.
v0.10.0
[0.10.0] — 2026-06-16
Model-adapter and governance-unification release. Five new provider
adapters, configurable retry/backoff on the governed primitives, a uniform
engine-selection switch across proxy/SDK/integrations, and a set of auth,
forensic, and correctness hardening fixes.
Added
- Five new model adapters, each a built-in plugin that lazy-imports its
provider SDK so the dependency is only required when the adapter is used:- Anthropic —
admina-framework[anthropic]. - Mistral —
admina-framework[mistral]; wrapsmistralaichat
completions (ADMINA_MISTRAL_API_KEY/ADMINA_MISTRAL_MODEL). - AWS Bedrock —
admina-framework[bedrock]; wraps theboto3
Converse API using the standard AWS credential chain
(ADMINA_BEDROCK_REGION/ADMINA_BEDROCK_MODEL). - Google Gemini —
admina-framework[gemini]; wrapsgoogle-genai
generate-content (ADMINA_GEMINI_API_KEY/ADMINA_GEMINI_MODEL). - vLLM — an OpenAI-compatible adapter pointed at a local vLLM server
(http://localhost:8000/v1by default;ADMINA_VLLM_BASE_URL/
ADMINA_VLLM_MODEL, model required).
- Anthropic —
- Per-provider packaging extras
[anthropic],[mistral],[bedrock],
[gemini],[openai],[ollama], plus the[adapters]roll-up (all
providers) and the[all]roll-up ([proxy,nlp,telemetry,adapters]). - Configurable retry/backoff on the governed primitives.
RetryPolicy
and a vendoredrun_with_retryexecutor (no new dependency) let
GovernedModel,GovernedAgent, andGovernedDataretry transient
upstream/connector failures, opt-in viaretry=RetryPolicy(...)(default
is unchanged: a single attempt). Tunable withADMINA_RETRY_*env knobs;
callers and adapters can mark errors withRetryableUpstreamError/
TerminalUpstreamError.GovernedDatanever retries past a residency
refusal (raised before the region is contacted). ADMINA_ENGINE=auto|python|rustselects the governance-engine backend
uniformly across proxy, SDK, and integrations (an unrecognized value
raises). Engines (firewall, PII, loop breaker) are now acquired through a
singleadmina.enginespackage.- Typed firewall config:
agent_security.firewall.custom_patternsand
agent_security.firewall.disabled_categories. Theadmina.yamlplugins:
list and a newplugin_config:block are wired into plugin discovery and
instantiation; a plugin whose__init__accepts aconfigparameter
receives its block. - Forensic chain verification is now reachable, reporting hash-chain
integrity viaadmina doctorandGET /api/v1/forensic/verify
(verification was previously never invoked by any wired path).
Changed
- Behavior change —
GovernedModel.ask()now runs full governance by
default. It runs the injection firewall on the prompt and any pluggable
guards (was PII-only) and can returnaction="BLOCK"with empty text;
GovernedResponsegains anactionfield (default"ALLOW"). Opt out per
stage withGovernedModel(firewall_enabled=False, governance_guards=..., loop_detection=...). Loop detection runs only when asession_idis
supplied per call. - SDK and LangChain/CrewAI callbacks now acquire engines via
admina.engines. They gain Rust acceleration for the firewall and loop
breaker underADMINA_ENGINE=autowhenadmina-coreis installed, and they
now honoradmina.yamlfirewall overrides (custom_patterns/
disabled_categories) — both previously proxy-only. PII redaction stays on
the Python engine by default for full recall (the Rust scanner does not
cover EU national IDs or NER person/org names); Rust PII is opt-in via
ADMINA_ENGINE=rust. - One canonical governance pipeline.
POST /mcp,POST /api/v1/validate,
and the SDK governed primitives now all run the same pipeline in the same
order (loop → firewall → PII → guards).GovernedAgentkeeps a stable
per-instance session so loop detection works across calls.
Security
- Closed a fail-open default. A proxy started with no
ADMINA_API_KEYno
longer authenticates every request as admin: the keyless built-in API-key
provider is now fail-closed and is not loaded. With no key and no auth
providers, protected requests are rejected unless
ALLOW_UNAUTHENTICATED=trueis explicitly set, and the proxy logs a loud
startup warning. - Dashboard live WebSocket authentication and origin checks. The live
feed now validates the signedadmina_sessionsession cookie (it
previously compared the signed token against the raw API key and always
failed when a key was set), and the WebSocket upgrade enforces an Origin
allow-list (CORS_ORIGINS) to mitigate Cross-Site WebSocket Hijacking.
Absent-Origin (non-browser) clients still require a valid credential;'*'
inCORS_ORIGINSopts into allowing any origin. - Built-in API-key provider accepts the signed dashboard cookie (it
previously treated the cookie as a raw key and rejected valid browser
sessions). HTTP, WebSocket, and provider auth now share one credential
verifier so they cannot drift. - Forensic store hardening. The store now reconstructs its hash-chain
state from the persisted records when the state file is missing or corrupt,
instead of silently restarting from GENESIS (which forked or overwrote the
audit trail); a corrupt state file is logged at ERROR. Concurrent writes are
serialized to prevent chain forks, andverify_chainanchors against the
persisted record count and chain head so a truncated tail is detected as
invalid. TheFilesystemForensicStoreplugin gets the same hardening.
Fixed
- EU AI Act gap analysis no longer reports a false
COMPLIANT. Each
requirement's declared checks are padded to the canonical count, so
supplying a bool or a short check-list no longer inflates the compliance
score (unspecified checks count as unmet);generate_reportalso accepts a
bareboolincurrent_compliancewithout raisingTypeError. - Credit-card PII detection now validates the Luhn checksum (Python
engine), eliminating false positives on arbitrary 16-digit numbers. - PII scanning covers dict keys, not only values. The proxy now redacts
PII in dict-shaped MCP tool results (previously only plain-string results
were redacted), and the plugin PII engine merges overlapping detections into
non-overlapping spans before redaction (no text corruption or leftover
fragments).GovernedData.ingest()classifies the actual ingested content
rather than misclassifying an opaque source locator (file path, URL) as
content; opaque sources are flaggedsource_scanned=false. /api/v1/validatedelegates to the canonical pipeline. It honors
GOVERNANCE_MODE(observe/dry-run), normalizesrisk_levelcasing, and
reports loop detection (CIRCUIT_BREAK) asaction="BLOCK"to REST consumers
(the consumer contract is preserved for n8n / CheshireCat / OpenClaw). Note:
on a blocked request thechecksobject no longer carries a
pii_redactionentry (PII is not run after a block) — read it with
.get().- Config and observability fixes.
admina.yamlschema_versionis now
parsed (was silently ignored); OISG criterion S2 reads the configured API
key; and observe / dry-run "would-have-blocked" decisions now persist to the
audit trail and reach the dashboard policy-suggestion engine (previously
always zero). - Plugin and scaffolding fixes. Built-in plugins register under their
declaredname(e.g.ollama,apikey) instead of a lower-cased class
name;admina plugin newscaffolds working plugins (async methods matching
every ABC, correctadmina-frameworkdependency floor, Python 3.11
requirement, and anadmina.pluginsentry-point); andadmina init
scaffolds docker-compose image tags from the framework version instead of a
hardcoded stale tag. - A pluggable governance guard that violates its contract is now logged at
ERROR and recorded in the decision's checks (was a silent skip), so a broken
guard is visible in the audit trail. - OpenAI and Ollama adapters offload their blocking SDK calls via
asyncio.to_thread(consistent with the new adapters), so the event loop is
not blocked and per-attempt retry timeouts can fire.
Internal
admina/proxy/engine_bridge.pyis now a re-export shim over
admina.engines. The duplicated SDK adapter/connector ABCs were removed —
admina.sdkre-exports the canonicaladmina.plugins.basedefinitions — and
the dashboard SPA is single-sourced from the packaged copy.
Documentation
- Corrected the MODEL_CARD engine-equivalence claim (the Rust and Python
firewall/PII engines differ — measured, not equivalent) and aligned the
documented governance pipeline order (loop → firewall → PII → guards).
v0.9.5
[0.9.5] — 2026-06-07
Stabilisation release (0.9.x).
Removed
- Legacy MinIO-SDK forensic backend. The
minioPython SDK (archived
upstream) is no longer a dependency, andFORENSIC_BACKEND=miniois gone.
MinIO servers remain fully supported through thes3backend (boto3) —
pointFORENSIC_S3_ENDPOINTat the server.FORENSIC_BACKEND=minionow
routes to thes3backend with a migration warning. The unused
MinIOForensicStoreplugin and theMINIO_*settings/secrets were
removed; the devdocker-compose.ymlandadmina inittemplates use the
filesystem backend.
Changed
- Default forensic store is now
filesysteminadmina.yamland the
generated project templates (wasminio).
Documentation
- README image and file links are now absolute (GitHub raw / blob URLs) so
they render on PyPI. README, guides, and templates describe the
filesystem/s3backends; MinIO is documented as one of the
S3-compatible servers reachable via thes3backend.
Internal
- Silence third-party deprecation warnings (OpenTelemetry SelectableGroups,
Starlette TestClient httpx) via pytestfilterwarnings; the SDK
import-isolation test uses the modernfind_specfinder API.
v0.9.4
[0.9.4] — 2026-06-06
Hardening release (0.9.x stabilisation).
Added
- Opt-in
[rust]extra.pip install "admina-framework[rust]"
pulls theadmina-coreRust accelerator wheel from PyPI, so
import admina_coresucceeds and the engine bridge auto-detects it.
The Rust engine is opt-in (not a default dependency); the default
install runs the pure-Python engines, which currently have broader
firewall detection coverage.
Changed
-
Rust firewall risk model: per-pattern severity.
RustFirewall
now assigns a per-patternRiskLeveland reports the max over matched
patterns, mirroring the PythonInjectionFirewall(previously the tier
was derived from the match count, so a single match reportedmedium).
On the internal evasion corpus the Rust firewall blocks 7/14 attacks at
HIGH+, with no new false positives. Full Rust↔Python detection parity
(evasion normalisation + multilingual patterns) is tracked for 0.10. -
Forensic store consolidated on one hash-chain model.
ForensicBlackBox(the proxy's audit trail) now implements the
BaseForensicStoreplugin interface (append/verify_chain(last_n)/
store_name); its previous list-basedverify_chain(records)is renamed
verify_records(records). The unused colon-string hash-chain bridge
(get_hash_chain,_PythonHashChainBridge,_RustHashChainBridge) is
removed fromproxy/engine_bridge.py— the proxy never used it. Breaking:
callers ofForensicBlackBox.verify_chain(records)should use
verify_records(records);engine_bridge.get_hash_chain()is gone.
Documentation
- README install and Performance sections state the Rust engine is
opt-in via[rust]and document the firewall detection trade-off
between the two engines.
Internal
- Raise the test coverage gate from 70% to 78% (current coverage 80%)
to lock in the forensic and firewall test additions.
v0.9.3
[0.9.3] — 2026-05-23
UX hotfix for first-time users. Removes every cryptic "module not
found" error from the install → init → dev path: every failure now
prints an actionable upgrade command, and the README leads with the
install that actually makes admina dev work.
Fixed
admina devno longer crashes withModuleNotFoundError: uvicorn
when the[proxy]extra is missing. Local-mode dev now does an
early check and prints an actionable message: which extras to
install, or how to fall back to the Docker stack. No traceback.admina doctorno longer reports "All checks passed" when
admina devis guaranteed to fail. Missing[proxy]is now a
surfaced issue with the exact upgrade command.admina doctorextras table fixed.numpyandscikit-learn
are now correctly grouped under[proxy](where they actually
belong since 0.9.2), not[nlp].admina doctorspaCy diagnostic is venv-safe. Previously
suggestedpython -m spacy download en_core_web_sm, which on uv
managed virtualenvs silently installs into a different interpreter
(the one that ownspipon PATH). The new message points at the
canonicalpython -m spacy downloadcommand and the direct
wheel URL (uv pip install <github-url>) so users on either tool
have a path that lands the model in the right venv. The missing
model is now a soft warning (PII redaction still works in
regex-only mode), not adoctorfailure.admina init"Next steps" adapts to the install. Only suggests
admina devwhen[proxy]is installed; only suggestsadmina dev --stackwhen Docker is on PATH. Missing prerequisites are surfaced
inline with the upgrade command.python main.pyis always shown
because the SDK works with any install.
Docs
- README Quick Start leads with
pip install "admina-framework[proxy]"(the install that makesadmina dev
work).pip install admina-framework(SDK only) is demoted to an
"Advanced" footnote for users embedding the SDK without the local
dev server.
v0.9.2
[0.9.2] — 2026-05-22
Hotfix release. Fixes three day-one bugs that prevented new users from
seeing a working admina dev after pip install.
Fixed
admina devnow boots with[proxy]only. Previous versions
crashed at startup withModuleNotFoundError: No module named 'spacy'
unless the[nlp]extra was also installed. spaCy is now imported
lazily; without it, PII redaction runs in regex-only mode (still
covers email, phone, SSN, IBAN, IP, credit card and EU national IDs).numpyandscikit-learnmoved from[nlp]to[proxy]. They
are core dependencies of the LoopBreaker (proxy guardrail), not
NLP-specific.pip install admina-framework[proxy]now installs
everything the proxy actually needs.- Dashboard no longer blanks out when one endpoint fails.
/api/dashboard/infrapreviously returned HTTP 500 when
UPSTREAM_MCP_URLwas empty or unreachable, which (viaPromise.all
in the SPA) blanked every widget. The endpoint now reports
not_configured/unreachablecleanly, and the dashboard uses
Promise.allSettledso a single failing endpoint never wipes the
rest of the UI. admina doctorno longer prints tracebacks for missing optional
plugin dependencies. A plugin whose import fails because of a
missing optional dep now logs a singleSkipping plugin … — optional dependency '…' not installedline. Real plugin bugs still log a full
traceback.
Internal
- Funding link in
.github/FUNDING.ymlpoints to the dedicated sponsor
landing page (https://admina.org/sponsor/). - admina-core bumped to 0.9.2 (sync release) — no Rust changes,
but the crate / wheel / sdist versions now track admina-framework so
the two artefacts always carry the same number on PyPI, crates.io,
and ghcr.io. From this release on, every published artefact in the
monorepo (admina-framework, admina-core, admina-proxy image,
admina-dashboard image) ships with the same version. A new CI job
(scripts/check-versions.py) blocks PRs that drift the manifests
out of alignment.
v0.9.1
[0.9.1] — 2026-05-21
Hotfix release.
Fixed
- admina-core: now ships as a single
abi3-py311wheel and uses
dynamic_lookupon macOS, so the same artefact loads cleanly on any
Python 3.11+ interpreter. - admina-framework[nlp]: the
en_core_web_smspaCy model is no
longer declared as a direct dependency (PyPI does not accept URL-pinned
deps in published wheels). After installing the[nlp]extra, run:
python -m spacy download en_core_web_sm. - Release pipeline: admina-core wheel matrix temporarily excludes
Intel Mac (macos-13) to avoid multi-hour runner queues. Intel Mac
users install from sdist.
Notes
admina-core 0.9.0is yanked; installadmina-core 0.9.1or later.admina-framework 0.9.0continues to work standalone (pure-Python
governance pipeline) — upgrade is only required if you also install
admina-core.