AgentLock v1.2.1 - Signed Receipts, Hash-Chained Context, 99.5/A Benchmark

Ed25519 signed receipts (AARM R5) with HMAC-SHA256 fallback. Hash-chained tamper-evident context (AARM R2). First-call-any-risk DEFER trigger. Deny-on-block whitelist escalation. Sibling deferral. Prompt scan carry-forward. Critical hardening blocks all tools. 847 tests passing. Optional crypto: pip install agentlock[crypto].

AgentLock v1.2.0 - Adaptive Prompt Hardening & New Decision Types

Adaptive prompt hardening with pre-LLM threat detection. Three new decision types: MODIFY (output transformation and PII redaction), DEFER (suspend ambiguous calls), STEP_UP (human approval for suspicious patterns). Four signal detectors: velocity, tool combination anomaly, response echo, and prompt scanning. Gate enforcement at critical session risk. 745 tests passing. Full backward compatibility with v1.0 and v1.1.x.

AgentLock v1.1.2 - Independent Filter Pipeline

Decoupled injection defense and PII defense into independent pipeline layers. InjectionFilter and PiiFilter run sequentially with no shared logic. Tuning one no longer affects the other. Trust degradation runs independently of both. 44 new tests. Full backward compatibility.

AgentLock v1.1.1 - PII Defense Patch

Security fix: PII data was being fetched into memory before redaction. Added gate-level classification check that blocks tool execution before data is retrieved when the caller's clearance is below the tool's output classification. 16 new tests. Full backward compatibility (max_output_classification defaults to None).

AgentLock v1.1.0 -- Memory & Context Permissions

Context authority model with trust degradation, provenance tracking, and memory access control. 5 new enums, 2 new schema blocks, 8 new denial reasons, 7 new exception classes, 142 new tests (409 total). Full backward compatibility with v1.0.

AgentLock v1.0.0 - The Open Authorization Standard for AI Agents

AgentLock v1.0.0

The first release of AgentLock — the open authorization standard for AI agent tool calls.

What's included

• Core authorization gate with deny-by-default enforcement
• Pydantic v2 schema for tool permission definitions
• Single-use, time-limited, operation-bound execution tokens
• Role-based access control
• Scope enforcement (data boundaries, max records, allowed recipients)
• Per-user per-session rate limiting
• PII detection and auto-redaction
• Structured denial responses with reason codes
• Audit logging (minimal/standard/full levels)
• @agentlock decorator for one-line tool protection
• CLI: validate, schema, init, inspect, audit
• Framework integrations: LangChain, CrewAI, AutoGen, MCP, FastAPI, Flask
• JSON schema for tool definition validation
• 267 tests passing, zero lint errors, zero type errors

Install

pip install agentlock

Links

• Interactive demo: https://agentlock.dev
• Documentation: https://github.com/webpro255/agentlock/tree/main/docs
• PyPI: https://pypi.org/project/agentlock/