This release includes 3 security fixes for security teams reviewing exposed deployments.
Topics
+5 more
Affected surfaces
Summary
AI summaryAdded four audit REST endpoints and improved DecisionLogReader handling of concurrent write corruption.
Full changelog
What's New
Decision Audit Trail (TDR)
- 4 audit REST endpoints:
/audit/decision-record/{id},/audit/export,/audit/export-jsonl,/audit/verify/{id} - Trading Decision Record schema inspired by MiFID II Article 17 + EU AI Act Article 14
- SHA-256 tamper detection on every record
DecisionLogReader
- Reads EA JSONL decision logs (conditions, filters, indicators, execution, regime, risk)
- Priority: JSONL > CSV event_log > fallback
- Handles concurrent write corruption (merged JSON lines)
Pipeline Fixes
- Fixed strategy_map mismatch (VB/IM now match directly)
- TDR builder reads JSONL indicators with CSV fallback
- Onboarding CLI:
tradememory setup/doctor/config
Security
- Parameterized SQL (6 locations)
- Path traversal fix
- Server binds 127.0.0.1 by default
1,233 tests passing.
Full changelog: https://github.com/mnemox-ai/tradememory-protocol/compare/v0.5.0...v0.5.1
Security Fixes
- Parameterized SQL in six locations
- Path traversal vulnerability fixed
- Server now binds to 127.0.0.1 by default
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About mnemox-ai/tradememory-protocol
Structured 3-layer memory system (trades → patterns → strategy) for AI trading agents. Supports MT5, Binance, and Alpaca.
Related context
Beta — feedback welcome: [email protected]