Skip to content

agentward-ai/agentward

v0.5.2 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1mo Secrets & Credentials
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth rbac

Summary

AI summary

Adds EU AI Act, DORA, and MiFID II audit frameworks with HTML evidence pack generation.

Full changelog

Adds three audit-facing features that close the gap between AgentWard's existing controls and what EU regulated entities (DORA, EU AI Act, MiFID II) actually have to put in front of an auditor.

EU AI Act framework (8 controls)

agentward comply --framework eu_ai_act

  • eu-ai-act.art9-risk-management — zero-trust default action
  • eu-ai-act.art12-record-keeping — audit trail availability
  • eu-ai-act.art12-detection — sensitive content detection
  • eu-ai-act.art13-transparency — registry cross-reference
  • eu-ai-act.art14-human-oversight-write — gate write-capable AI components
  • eu-ai-act.art14-human-oversight-network — gate network-capable AI components
  • eu-ai-act.art15-cybersecurity — behavioral baseline
  • eu-ai-act.art25-provider-chain — accountable owner & subcontractor disclosure

policy.skill_metadata schema (operator-supplied)

  • SkillMetadata.owner — accountable party for a skill
  • SubcontractorEntry — vendor / role / data_residency / contract_status

Surfaces in DORA Art. 28(3) and EU AI Act Art. 25 findings as RECOMMENDED gaps when missing. No auto-fix; the operator must declare these facts. DORA control count: 9 → 10.

agentward report (HTML Evidence Pack)

agentward report --frameworks dora,mifid2,eu_ai_act --audit-log audit.jsonl
  • Single self-contained HTML file: no external CSS/JS, print-friendly via @media print rules.
  • Sections: header, executive summary cards, policy summary table, per-framework findings, audit-chain integrity verification, scan inventory, footer.
  • Verifies HMAC audit chain when a log is supplied; embeds the last 25 entries by default. Tampered chains surface as BROKEN with the first-break line number.
  • Browsers handle the PDF round trip via Print → Save as PDF.

Test coverage

  • 25 EU AI Act tests
  • 8 subcontractor-chain tests across DORA + EU AI Act
  • 16 Evidence Pack tests
  • Full suite: 3,560 passing

Install

pip install --upgrade agentward
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agentward-ai/agentward

Get notified when new releases ship.

Sign up free

About agentward-ai/agentward

Permission control plane for AI agents. MCP proxy that enforces least-privilege YAML policies on every tool call, classifies sensitive data (PII/PHI), detects dangerous skill chains, and generates compliance audit trails. Supports stdio and HTTP proxy modes.

All releases →

Related context

Beta — feedback welcome: [email protected]