Skip to content

Releases: admina-org/admina

v0.10.1

Choose a tag to compare

@github-actions github-actions released this 17 Jun 08:01

[0.10.1] — 2026-06-17

Security patch release. Updates two dependencies flagged by upstream
advisories. No API or behaviour changes.

Security

  • cryptography updated to 49.0.0 (from 47.0.0), resolving the
    high-severity advisory affecting < 48.0.1. The dependency constraint
    ceiling is widened from <48 to <50.
  • pyo3 — the Rust binding behind the optional admina-core accelerator
    — updated 0.24 → 0.29, resolving the high + medium RUSTSEC advisory
    affecting < 0.29.0. The binding is migrated to the pyo3 0.29 attach
    API (Python::with_gilPython::attach, PyObjectPy<PyAny>).
    No functional change: the Rust engines remain at parity with the Python
    implementations, verified by the full suite with admina-core installed.

v0.10.0

Choose a tag to compare

@github-actions github-actions released this 17 Jun 06:08

[0.10.0] — 2026-06-16

Model-adapter and governance-unification release. Five new provider
adapters, configurable retry/backoff on the governed primitives, a uniform
engine-selection switch across proxy/SDK/integrations, and a set of auth,
forensic, and correctness hardening fixes.

Added

  • Five new model adapters, each a built-in plugin that lazy-imports its
    provider SDK so the dependency is only required when the adapter is used:
    • Anthropicadmina-framework[anthropic].
    • Mistraladmina-framework[mistral]; wraps mistralai chat
      completions (ADMINA_MISTRAL_API_KEY / ADMINA_MISTRAL_MODEL).
    • AWS Bedrockadmina-framework[bedrock]; wraps the boto3
      Converse API using the standard AWS credential chain
      (ADMINA_BEDROCK_REGION / ADMINA_BEDROCK_MODEL).
    • Google Geminiadmina-framework[gemini]; wraps google-genai
      generate-content (ADMINA_GEMINI_API_KEY / ADMINA_GEMINI_MODEL).
    • vLLM — an OpenAI-compatible adapter pointed at a local vLLM server
      (http://localhost:8000/v1 by default; ADMINA_VLLM_BASE_URL /
      ADMINA_VLLM_MODEL, model required).
  • Per-provider packaging extras [anthropic], [mistral], [bedrock],
    [gemini], [openai], [ollama], plus the [adapters] roll-up (all
    providers) and the [all] roll-up ([proxy,nlp,telemetry,adapters]).
  • Configurable retry/backoff on the governed primitives. RetryPolicy
    and a vendored run_with_retry executor (no new dependency) let
    GovernedModel, GovernedAgent, and GovernedData retry transient
    upstream/connector failures, opt-in via retry=RetryPolicy(...) (default
    is unchanged: a single attempt). Tunable with ADMINA_RETRY_* env knobs;
    callers and adapters can mark errors with RetryableUpstreamError /
    TerminalUpstreamError. GovernedData never retries past a residency
    refusal (raised before the region is contacted).
  • ADMINA_ENGINE=auto|python|rust selects the governance-engine backend
    uniformly across proxy, SDK, and integrations (an unrecognized value
    raises). Engines (firewall, PII, loop breaker) are now acquired through a
    single admina.engines package.
  • Typed firewall config: agent_security.firewall.custom_patterns and
    agent_security.firewall.disabled_categories. The admina.yaml plugins:
    list and a new plugin_config: block are wired into plugin discovery and
    instantiation; a plugin whose __init__ accepts a config parameter
    receives its block.
  • Forensic chain verification is now reachable, reporting hash-chain
    integrity via admina doctor and GET /api/v1/forensic/verify
    (verification was previously never invoked by any wired path).

Changed

  • Behavior change — GovernedModel.ask() now runs full governance by
    default.
    It runs the injection firewall on the prompt and any pluggable
    guards (was PII-only) and can return action="BLOCK" with empty text;
    GovernedResponse gains an action field (default "ALLOW"). Opt out per
    stage with GovernedModel(firewall_enabled=False, governance_guards=..., loop_detection=...). Loop detection runs only when a session_id is
    supplied per call.
  • SDK and LangChain/CrewAI callbacks now acquire engines via
    admina.engines.
    They gain Rust acceleration for the firewall and loop
    breaker under ADMINA_ENGINE=auto when admina-core is installed, and they
    now honor admina.yaml firewall overrides (custom_patterns /
    disabled_categories) — both previously proxy-only. PII redaction stays on
    the Python engine by default for full recall (the Rust scanner does not
    cover EU national IDs or NER person/org names); Rust PII is opt-in via
    ADMINA_ENGINE=rust.
  • One canonical governance pipeline. POST /mcp, POST /api/v1/validate,
    and the SDK governed primitives now all run the same pipeline in the same
    order (loop → firewall → PII → guards). GovernedAgent keeps a stable
    per-instance session so loop detection works across calls.

Security

  • Closed a fail-open default. A proxy started with no ADMINA_API_KEY no
    longer authenticates every request as admin: the keyless built-in API-key
    provider is now fail-closed and is not loaded. With no key and no auth
    providers, protected requests are rejected unless
    ALLOW_UNAUTHENTICATED=true is explicitly set, and the proxy logs a loud
    startup warning.
  • Dashboard live WebSocket authentication and origin checks. The live
    feed now validates the signed admina_session session cookie (it
    previously compared the signed token against the raw API key and always
    failed when a key was set), and the WebSocket upgrade enforces an Origin
    allow-list (CORS_ORIGINS) to mitigate Cross-Site WebSocket Hijacking.
    Absent-Origin (non-browser) clients still require a valid credential; '*'
    in CORS_ORIGINS opts into allowing any origin.
  • Built-in API-key provider accepts the signed dashboard cookie (it
    previously treated the cookie as a raw key and rejected valid browser
    sessions). HTTP, WebSocket, and provider auth now share one credential
    verifier so they cannot drift.
  • Forensic store hardening. The store now reconstructs its hash-chain
    state from the persisted records when the state file is missing or corrupt,
    instead of silently restarting from GENESIS (which forked or overwrote the
    audit trail); a corrupt state file is logged at ERROR. Concurrent writes are
    serialized to prevent chain forks, and verify_chain anchors against the
    persisted record count and chain head so a truncated tail is detected as
    invalid. The FilesystemForensicStore plugin gets the same hardening.

Fixed

  • EU AI Act gap analysis no longer reports a false COMPLIANT. Each
    requirement's declared checks are padded to the canonical count, so
    supplying a bool or a short check-list no longer inflates the compliance
    score (unspecified checks count as unmet); generate_report also accepts a
    bare bool in current_compliance without raising TypeError.
  • Credit-card PII detection now validates the Luhn checksum (Python
    engine), eliminating false positives on arbitrary 16-digit numbers.
  • PII scanning covers dict keys, not only values. The proxy now redacts
    PII in dict-shaped MCP tool results (previously only plain-string results
    were redacted), and the plugin PII engine merges overlapping detections into
    non-overlapping spans before redaction (no text corruption or leftover
    fragments). GovernedData.ingest() classifies the actual ingested content
    rather than misclassifying an opaque source locator (file path, URL) as
    content; opaque sources are flagged source_scanned=false.
  • /api/v1/validate delegates to the canonical pipeline. It honors
    GOVERNANCE_MODE (observe/dry-run), normalizes risk_level casing, and
    reports loop detection (CIRCUIT_BREAK) as action="BLOCK" to REST consumers
    (the consumer contract is preserved for n8n / CheshireCat / OpenClaw). Note:
    on a blocked request the checks object no longer carries a
    pii_redaction entry (PII is not run after a block) — read it with
    .get().
  • Config and observability fixes. admina.yaml schema_version is now
    parsed (was silently ignored); OISG criterion S2 reads the configured API
    key; and observe / dry-run "would-have-blocked" decisions now persist to the
    audit trail and reach the dashboard policy-suggestion engine (previously
    always zero).
  • Plugin and scaffolding fixes. Built-in plugins register under their
    declared name (e.g. ollama, apikey) instead of a lower-cased class
    name; admina plugin new scaffolds working plugins (async methods matching
    every ABC, correct admina-framework dependency floor, Python 3.11
    requirement, and an admina.plugins entry-point); and admina init
    scaffolds docker-compose image tags from the framework version instead of a
    hardcoded stale tag.
  • A pluggable governance guard that violates its contract is now logged at
    ERROR and recorded in the decision's checks (was a silent skip), so a broken
    guard is visible in the audit trail.
  • OpenAI and Ollama adapters offload their blocking SDK calls via
    asyncio.to_thread (consistent with the new adapters), so the event loop is
    not blocked and per-attempt retry timeouts can fire.

Internal

  • admina/proxy/engine_bridge.py is now a re-export shim over
    admina.engines. The duplicated SDK adapter/connector ABCs were removed —
    admina.sdk re-exports the canonical admina.plugins.base definitions — and
    the dashboard SPA is single-sourced from the packaged copy.

Documentation

  • Corrected the MODEL_CARD engine-equivalence claim (the Rust and Python
    firewall/PII engines differ — measured, not equivalent) and aligned the
    documented governance pipeline order (loop → firewall → PII → guards).

v0.9.5

Choose a tag to compare

@github-actions github-actions released this 07 Jun 00:09

[0.9.5] — 2026-06-07

Stabilisation release (0.9.x).

Removed

  • Legacy MinIO-SDK forensic backend. The minio Python SDK (archived
    upstream) is no longer a dependency, and FORENSIC_BACKEND=minio is gone.
    MinIO servers remain fully supported through the s3 backend (boto3) —
    point FORENSIC_S3_ENDPOINT at the server. FORENSIC_BACKEND=minio now
    routes to the s3 backend with a migration warning. The unused
    MinIOForensicStore plugin and the MINIO_* settings/secrets were
    removed; the dev docker-compose.yml and admina init templates use the
    filesystem backend.

Changed

  • Default forensic store is now filesystem in admina.yaml and the
    generated project templates (was minio).

Documentation

  • README image and file links are now absolute (GitHub raw / blob URLs) so
    they render on PyPI. README, guides, and templates describe the
    filesystem / s3 backends; MinIO is documented as one of the
    S3-compatible servers reachable via the s3 backend.

Internal

  • Silence third-party deprecation warnings (OpenTelemetry SelectableGroups,
    Starlette TestClient httpx) via pytest filterwarnings; the SDK
    import-isolation test uses the modern find_spec finder API.

v0.9.4

Choose a tag to compare

@github-actions github-actions released this 06 Jun 14:52

[0.9.4] — 2026-06-06

Hardening release (0.9.x stabilisation).

Added

  • Opt-in [rust] extra. pip install "admina-framework[rust]"
    pulls the admina-core Rust accelerator wheel from PyPI, so
    import admina_core succeeds and the engine bridge auto-detects it.
    The Rust engine is opt-in (not a default dependency); the default
    install runs the pure-Python engines, which currently have broader
    firewall detection coverage.

Changed

  • Rust firewall risk model: per-pattern severity. RustFirewall
    now assigns a per-pattern RiskLevel and reports the max over matched
    patterns, mirroring the Python InjectionFirewall (previously the tier
    was derived from the match count, so a single match reported medium).
    On the internal evasion corpus the Rust firewall blocks 7/14 attacks at
    HIGH+, with no new false positives. Full Rust↔Python detection parity
    (evasion normalisation + multilingual patterns) is tracked for 0.10.

  • Forensic store consolidated on one hash-chain model.
    ForensicBlackBox (the proxy's audit trail) now implements the
    BaseForensicStore plugin interface (append / verify_chain(last_n) /
    store_name); its previous list-based verify_chain(records) is renamed
    verify_records(records). The unused colon-string hash-chain bridge
    (get_hash_chain, _PythonHashChainBridge, _RustHashChainBridge) is
    removed from proxy/engine_bridge.py — the proxy never used it. Breaking:
    callers of ForensicBlackBox.verify_chain(records) should use
    verify_records(records); engine_bridge.get_hash_chain() is gone.

Documentation

  • README install and Performance sections state the Rust engine is
    opt-in via [rust] and document the firewall detection trade-off
    between the two engines.

Internal

  • Raise the test coverage gate from 70% to 78% (current coverage 80%)
    to lock in the forensic and firewall test additions.

v0.9.3

Choose a tag to compare

@github-actions github-actions released this 23 May 15:40

[0.9.3] — 2026-05-23

UX hotfix for first-time users. Removes every cryptic "module not
found" error from the install → init → dev path: every failure now
prints an actionable upgrade command, and the README leads with the
install that actually makes admina dev work.

Fixed

  • admina dev no longer crashes with ModuleNotFoundError: uvicorn
    when the [proxy] extra is missing.
    Local-mode dev now does an
    early check and prints an actionable message: which extras to
    install, or how to fall back to the Docker stack. No traceback.
  • admina doctor no longer reports "All checks passed" when
    admina dev is guaranteed to fail.
    Missing [proxy] is now a
    surfaced issue with the exact upgrade command.
  • admina doctor extras table fixed. numpy and scikit-learn
    are now correctly grouped under [proxy] (where they actually
    belong since 0.9.2), not [nlp].
  • admina doctor spaCy diagnostic is venv-safe. Previously
    suggested python -m spacy download en_core_web_sm, which on uv
    managed virtualenvs silently installs into a different interpreter
    (the one that owns pip on PATH). The new message points at the
    canonical python -m spacy download command and the direct
    wheel URL (uv pip install <github-url>) so users on either tool
    have a path that lands the model in the right venv. The missing
    model is now a soft warning (PII redaction still works in
    regex-only mode), not a doctor failure.
  • admina init "Next steps" adapts to the install. Only suggests
    admina dev when [proxy] is installed; only suggests admina dev --stack when Docker is on PATH. Missing prerequisites are surfaced
    inline with the upgrade command. python main.py is always shown
    because the SDK works with any install.

Docs

  • README Quick Start leads with pip install "admina-framework[proxy]" (the install that makes admina dev
    work). pip install admina-framework (SDK only) is demoted to an
    "Advanced" footnote for users embedding the SDK without the local
    dev server.

v0.9.2

Choose a tag to compare

@github-actions github-actions released this 22 May 17:59

[0.9.2] — 2026-05-22

Hotfix release. Fixes three day-one bugs that prevented new users from
seeing a working admina dev after pip install.

Fixed

  • admina dev now boots with [proxy] only. Previous versions
    crashed at startup with ModuleNotFoundError: No module named 'spacy'
    unless the [nlp] extra was also installed. spaCy is now imported
    lazily; without it, PII redaction runs in regex-only mode (still
    covers email, phone, SSN, IBAN, IP, credit card and EU national IDs).
  • numpy and scikit-learn moved from [nlp] to [proxy]. They
    are core dependencies of the LoopBreaker (proxy guardrail), not
    NLP-specific. pip install admina-framework[proxy] now installs
    everything the proxy actually needs.
  • Dashboard no longer blanks out when one endpoint fails.
    /api/dashboard/infra previously returned HTTP 500 when
    UPSTREAM_MCP_URL was empty or unreachable, which (via Promise.all
    in the SPA) blanked every widget. The endpoint now reports
    not_configured / unreachable cleanly, and the dashboard uses
    Promise.allSettled so a single failing endpoint never wipes the
    rest of the UI.
  • admina doctor no longer prints tracebacks for missing optional
    plugin dependencies.
    A plugin whose import fails because of a
    missing optional dep now logs a single Skipping plugin … — optional dependency '…' not installed line. Real plugin bugs still log a full
    traceback.

Internal

  • Funding link in .github/FUNDING.yml points to the dedicated sponsor
    landing page (https://admina.org/sponsor/).
  • admina-core bumped to 0.9.2 (sync release) — no Rust changes,
    but the crate / wheel / sdist versions now track admina-framework so
    the two artefacts always carry the same number on PyPI, crates.io,
    and ghcr.io. From this release on, every published artefact in the
    monorepo (admina-framework, admina-core, admina-proxy image,
    admina-dashboard image) ships with the same version. A new CI job
    (scripts/check-versions.py) blocks PRs that drift the manifests
    out of alignment.

v0.9.1

Choose a tag to compare

@github-actions github-actions released this 21 May 08:34

[0.9.1] — 2026-05-21

Hotfix release.

Fixed

  • admina-core: now ships as a single abi3-py311 wheel and uses
    dynamic_lookup on macOS, so the same artefact loads cleanly on any
    Python 3.11+ interpreter.
  • admina-framework[nlp]: the en_core_web_sm spaCy model is no
    longer declared as a direct dependency (PyPI does not accept URL-pinned
    deps in published wheels). After installing the [nlp] extra, run:
    python -m spacy download en_core_web_sm.
  • Release pipeline: admina-core wheel matrix temporarily excludes
    Intel Mac (macos-13) to avoid multi-hour runner queues. Intel Mac
    users install from sdist.

Notes

  • admina-core 0.9.0 is yanked; install admina-core 0.9.1 or later.
  • admina-framework 0.9.0 continues to work standalone (pure-Python
    governance pipeline) — upgrade is only required if you also install
    admina-core.