Changelog
What’s new in delego.
Release highlights for the reference implementation. The protocol itself is versioned by the open wire specification; the package is 0.x.y where x is the protocol it implements.
v0.3.0protocol 0.3June 2026
- —The URL query string is folded into the action fingerprint (breaking): two requests that differ only in their query are now different actions, so an approval for one can't release the other — the last structural confused-deputy gap, closed at the decision layer.
- —Rate limits hold under concurrency: rate-limited proposals are serialized under the ledger lock, so the cap is exact on a single host.
- —delego verify prints the chain head, accepts --expected-head for external head-anchoring, and says explicitly when truncation can't be ruled out.
- —Audit completeness: unknown-approval-id denials and broker refusals/failures now always leave a signed receipt.
v0.2.3protocol 0.2June 2026
- —Brokers fail closed on unauthorised query strings (interim confused-deputy defense, superseded by the 0.3 query-fold).
- —Policy documents are validated on load and fail closed — unknown match/constraint keys are rejected instead of silently dropped.
v0.2.2protocol 0.2June 2026
- —Amount constraints parse as Decimal and deny non-finite values (a NaN amount no longer slips a cap).
- —verify(expected_head=…) added for external head-anchoring; tamper-evidence limits documented plainly.
- —HTTPProxyBroker became a real adapter: forwards an authorised action to an external credential gateway.
v0.2.0 – 0.2.1protocol 0.2June 2026
- —First public release on PyPI.
- —Single-use, intent-bound approvals: one human “yes” releases exactly one execution and can't be re-pointed at a different instruction.
- —Concurrent-writer safety: an OS file lock keeps parallel writers from forking the signed audit chain.