chernistry/bernstein

v1.10.0 — production-grade orchestration: cluster mTLS, air-gap, lineage, capability matrix

The release where Bernstein stops behaving like a developer toy and ships the controls that compliance, ops, and security teams ask for first.

What's new

• Cluster mode goes mTLS-native. bernstein cluster bootstrap-ca issues node certificates; node-to-node transport is mutually authenticated by default. A real 2-process e2e harness exercises 6 chaos scenarios (worker crash, central restart, network partition, token expiry, concurrent claims) on every CI run. Five Prometheus metrics and six audit-event types ship with documented Cloudflare Tunnel and Tailscale deployment paths.
• Air-gap distribution that actually verifies. scripts/build_airgap_wheelhouse.py resolves the pinned dependency closure into a signed wheelhouse; bernstein verify <wheelhouse> checks cosign signatures (GPG fallback). A new --profile airgap egress gate refuses adapter and MCP network calls outside an explicit allow-list. bernstein doctor airgap self-checks before you ship.
• Per-artifact lineage trail with regulator-class evidence. Every agent file write emits a signed record linking output (path + byte range + sha) to inputs, producer, prompt SHA, model, cost, and tokens. Schema v2 adds regulatory_class and a customer-key Ed25519 signature for DORA / NIS2. Tampering surfaces in the janitor with a SIEM webhook; bernstein lineage verify <run_id> rebuilds the chain on demand.
• Lethal-trifecta refusal as a spawn-time gate. Agents are tagged with declarative capabilities (PRIVATE_DATA, UNTRUSTED_INPUT, EXTERNAL_COMM); the orchestrator refuses to spawn any agent whose tool chain unions all three. Phase-emit policies ride the same matrix. Bypass-immune at the engine layer, not the prompt layer.
• Cascade router with a rework-rate ledger. (model, effort, phase, outcome) lands in JSONL under .sdd/runtime/rework/. Once a bucket crosses promotion_threshold=0.30 over min_samples=20, the router auto-promotes — sonnet → opus, etc. — without operator intervention. You stop paying for tasks that keep getting redone.
• Discrete phase pipeline with mechanical exit gates. Research / plan / implement / verify run as separate phases with distilled JSON handoffs and per-phase JSON-Schema validation. Five exit gates (R001-R005: no-open-questions, decisions-reference-prior, acyclic graph, monotonic constraints, byte budget) re-fire on violation. Gate results land in the lineage trail. Opt-in via defaults.PHASE_PIPELINE.enabled.

Also in this release

Action cache + AST-fingerprint memoization (closes the stale-cache class of bugs), best-of-N parallel candidate spawning with judge-based selection, swarm-migration map-reduce via bernstein migrate, MCP tool-search lazy loading with BM25 ranking, A2A-compliant /.well-known/agent.json + /llms.txt, agent-mode profiles (smart / deep / fast), session handoff between terminal and chat surfaces, model catalogue refresh (GPT-5.5, GPT-5.5-mini), and the CLM (Cyber Language Model) gateway adapter for sovereign-LLM deployments.

Why we built this

Two threads converged. Operators running Bernstein in shared infrastructure asked for primitives an auditor recognises: signed lineage, capability gates, signed wheelhouses, mTLS. At the same time, anyone running multi-model cascades on real workloads kept paying twice for tasks that got redone, so the router had to learn from outcomes instead of a static cost table. v1.10.0 ships both halves.

Install

pipx install --upgrade bernstein

Container: ghcr.io/sipyourdrink-ltd/bernstein:1.10.0.

Full documentation under docs/cluster/, docs/compliance/, docs/sandbox/, and docs/observability/. Compare against v1.9.4: https://github.com/sipyourdrink-ltd/bernstein/compare/v1.9.4...v1.10.0