This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+11 more
Summary
AI summaryReceipts now include session state digest with drift detection via root-level flag.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Receipts now carry `mcp_session_state` with capability digest pair captured at session start and signing time. Receipts now carry `mcp_session_state` with capability digest pair captured at session start and signing time. Source: llm_adapter@2026-05-31 Confidence: high |
— |
| Feature | Low |
`state_changed=true` is hoisted to the payload root when session state drifts. `state_changed=true` is hoisted to the payload root when session state drifts. Source: granite4.1:30b@2026-05-31-audit Confidence: low |
— |
Full changelog
Transparent proxy verify-state mode (#54): receipts now carry mcp_session_state with a tools/prompts/resources/capability digest pair captured at session start and re-captured at signing time; state_changed=true is hoisted to the payload root on drift, with zero wire-vocabulary change.
Claude Managed Agents integration guide (#50) and a README link to it. Tier-1 server tests (#52) covering the five highest-CRAP enforcement paths. README lead repositioned to a painkiller frame (#56). Comment-hygiene and lint cleanup across src/.
PyPI: https://pypi.org/project/asqav-mcp/0.3.7/
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About jagmarques/asqav-mcp
AI agent governance MCP server with policy enforcement, quantum-safe audit trails (ML-DSA), multi-party authorization, and compliance reporting. Check policies, sign actions, and verify signatures through MCP tools.
Related context
Beta — feedback welcome: [email protected]