Release history

Changelog

Major milestones: foundation in v0.1, full platform in v0.5, and enterprise-ready features in v0.6.

Enterprise impact summary

What changed for buyers and operators

  • Stronger pre-execution controls to reduce AI operational risk in production workflows.
  • Better evidence portability with verifiable certificates and credential verification support.
  • Expanded deployment surfaces: GUI, SDKs, policy packs, and security event integrations.
  • More enterprise governance controls for approvals, policy enforcement, and replay-driven review.
  • Clearer path from demo evaluation to production-grade deployment.

v0.1

Foundation release

The initial release established the core architecture: an append-only ledger, a verify-then-commit cognitive loop, and the primitives for cryptographic accountability.

Features implemented

  • Append-only event ledger — PostgreSQL-backed event log with SHA-256 hash chaining; genesis block and session-scoped state.
  • Cognitive loop — Perceive → Propose → Verify → Commit → Execute pipeline with a primary LLM (Ollama/OpenAI/Anthropic).
  • Goal anchoring — Session goal hashed at creation (goal_hash); verified on every append_event.
  • Basic Tripwire — Path normalization, domain allowlisting, and command blocklist to constrain tool execution.
  • CLI entrypointsserve (Observer dashboard), audit "<goal>", and report for session export.
  • Observer dashboard — Web UI for real-time event stream and session visibility (SSE, content redaction for sensitive data).
  • Self-deploying Postgres — Optional Docker-backed default database; migrations and genesis block on first run.

v0.5

Platform maturity

v0.5 turned EctoLedger into a full security and compliance platform: 3-layer semantic guard, Merkle proofs, Ed25519 signing, audit certificates, orchestration, and policy DSL.

Features implemented

  • 3-layer semantic guard — Ledger goal anchoring; dual-LLM guard process (separate guard-worker binary) returning ALLOW/DENY; hybrid output scanner (regex + structural JSON/AST + base64 decode) for injection and goal-hijack detection.
  • Tripwire expansion — Strict path canonicalization, symlink-escape detection, justification length checks, HTTPS enforcement, and configurable allowlists/blocklists.
  • Ed25519 intent signing — Per-session keypair; every event’s content_hash signed for tamper-resistance.
  • Merkle tree state verification — Binary Merkle tree over event content hashes; inclusion proofs for findings (O(log n) verification).
  • EctoLedger Audit Certificate (.elc) — Self-contained, five-pillar verifiable record: Ed25519 signature, SHA-256 chain, Merkle proofs, OpenTimestamps/Bitcoin anchor, goal hash integrity. Standalone verify-cert binary for auditors.
  • Policy DSL (TOML) — Allowed/forbidden actions, conditional command rules, observation content rules (redact/flag/abort), approval gate triggers. Policy hash stored in session.
  • Approval gates — Policy-driven human-in-the-loop; POST /api/approvals and optional --interactive stdin flow.
  • Orchestrate — Multi-agent Recon → Analysis → Verify with per-role policy and CrossLedgerSeal binding sessions.
  • Report formats — SARIF 2.1, HTML, GitHub Actions annotations, GitLab Code Quality JSON, and certificate (.elc) export.
  • OpenTimestamps / Bitcoin anchoringanchor-session submits ledger tip to OTS for temporal non-repudiation.
  • Replay and diff-audit — Replay sessions (with optional observation injection); diff two sessions for baseline vs current.
  • Red-team — Adversarial agent that tests injection payloads against scanner and Tripwire; CI-ready exit code.
  • Industry policy packs — SOC 2, PCI-DSS v4.0, OWASP Top 10 2021 in crates/host/policies/.
  • Cloud credential injection — Ephemeral AWS/GCP/Azure/k8s credentials from JSON file; injected only into matching CLI child processes.
  • Webhook / SIEM egress — Optional HTTP POST on flagged/abort outcomes (JSON, CEF, LEEF).

v0.6

Enterprise & ecosystem EctoLedger

v0.6 adds pluggable backends, desktop GUI, official SDKs, W3C credentials, ISO 42001, Firecracker sandbox, EVM anchoring, SP1 ZK proofs, and operational hardening.

New functionality

  • Pluggable ledger backendsLedgerBackend trait; PostgreSQL (production) and SQLite (dev/CI) via DATABASE_URL. SQLite supports serve, replay, report, verify-certificate, verify-vc; audit/orchestrate/diff-audit/red-team/prove-audit/anchor require Postgres.
  • Tauri 2 management GUI — Glassmorphic desktop app (macOS, Windows, Linux): Dashboard, Live Dashboard, Prometheus metrics, Sessions (event timeline, .elc export), Policies (TOML editor), Tripwire config, Tokens (RBAC), Webhooks, Observer panel, Testing (adversarial), DevHub, Setup Wizard, Settings.
  • Python & TypeScript SDKs — Typed REST clients; Python includes LangChain LedgerTool and AutoGen LedgerHook. Zero external deps for TypeScript (native fetch).
  • Extended webhooks with HMACX-EctoLedger-Signature: sha256=<hex> for receiver verification; GuardDenial and TripwireRejection events.
  • W3C Verifiable Credentials — VC-JWT issued on session completion; Ed25519-signed, did:key: anchored. GET /api/sessions/{id}/vc and /api/sessions/{id}/vc/verify.
  • ISO 42001:2023 — Machine-readable policy pack (14 controls) and compliance whitepaper in docs/iso42001.md.
  • 4-layer semantic guard — Policy engine → dual-LLM guard → strict schema JSON validation (StrictAgentOutput, deny_unknown_fields) → Tripwire. Strict schema catches hijack keys (e.g. override_goal, system_prompt).
  • Firecracker microVM sandbox — Hardware execution isolation for run_command (Linux). Scripts: setup-firecracker.sh, provision-firecracker.sh.
  • EVM chain anchoringanchor-session --chain ethereum; publish ledger tip to any EVM chain via deployed EctoLedgerAnchor contract.
  • SP1 ZK proofsprove-audit (build with --features zk) for provable policy compliance without exposing raw event payloads; proof embedded in .elc.
  • Automatic signing-key rotationAGENT_KEY_ROTATION_STEPS; KeyRotation events in ledger.
  • Dynamic orchestrator policy injectionECTO_RECON_POLICY, ECTO_ANALYSIS_POLICY, ECTO_VERIFY_POLICY env vars or shared --policy file.
  • Configurable network bindingECTO_BIND_HOST / ECTO_BIND_PORT for Observer.
  • Hardware-aware connection poolingDATABASE_POOL_SIZE defaults to 2×CPU (5–50).
  • Zero-config demo mode — Launcher --demo with embedded Postgres, auto LLM detection, isolated demo DB. Docker demo via docker-compose.demo.yml.

Next step

Try the latest version in minutes

Use Quick Start to run EctoLedger locally, or watch the demo flow before integrating in your stack.

Start Quickstart Watch Product Demo View Releases