STOE/Chronicle
Changelog

What's new in Chronicle.

A record of enforcement improvements, evidence capabilities, intelligence features, and platform changes — in the spirit of what Chronicle is built for.

v2.1

March 2026

latest

L2 Merkle verification · JWT leeway fix

  • featComplete L2 Merkle verification — batch writer + inclusion proof. Decisions now carry cryptographic inclusion proofs verifiable against the batch anchor.
  • featCanonical replay_mode field in enforce response — surfaces available replay depth (L0–L2) per decision.
  • featkey_envelope wired into enforcement — DEK wrap/unwrap fully integrated end-to-end.
  • fixJWT validation leeway 0 → 10s. Tolerates NTP clock skew between enforcement runtime and JWKS issuer.

v2.0

February 2026

major

L1+L2 replay verified · full split-plane architecture

  • featL1+L2 replay verified end-to-end. Stored request replayed against stored rules; Merkle anchoring in place.
  • featCanonical replay verified on client + server. replay_mode surfaces in enforce response.
  • featEvidence sovereignty complete — AES-256-GCM DEK + Vault Transit key wrapping fully operational.
  • featServer materializer promotes ingest events to canonical tables idempotently via ON CONFLICT guards.
  • featMulti-tenant RLS enforced via Postgres current_setting('app.current_tenant').

v1.9

January 2026

Identity binding · behavioral drift detection

  • featJWT extraction middleware v1.2 — JWKS validation, actor classification (human / service / agent), identity injection into enforcement context.
  • featBehavioral drift worker (hourly) — baseline comparison, deviation scoring, alert surfacing.
  • featDaily intelligence briefing worker — aggregates shadow AI signals, policy breach summaries, approval rate trends.
  • featSession causality graph — decision DAG across multi-hop agent sessions via Redis session store.
  • fixMCP gateway tool call attestation events now include full pre/post-call evidence.

v1.5

November 2025

LLM gateway · streaming SSE normalization

  • featOpenAI-compatible LLM gateway — transparent passthrough to any OpenAI/Anthropic endpoint.
  • featStreaming SSE normalization — pre/post-call evidence captured for streaming completions without blocking the stream.
  • featMCP tool gateway — proxies MCP upstream calls, enforces pre/post-call policy.
  • featAnalytics rollup worker (5s cadence) — approval rates, ML coverage, risk score trends.

v1.0

September 2025

initial

Initial Chronicle enforcement runtime

  • featCore /enforce endpoint — layered verdict engine with rule, policy, structural, and OOD layers.
  • featCombiner aggregates per-layer LayerTrace objects into a winning verdict with negative lineage.
  • featChronicleEvent schema v1 — canonical event emission for decisions, LLM calls, and tool invocations.
  • featVault AppRole bootstrap at startup — all runtime secrets fetched from Vault KV, no env var secrets in production.
  • featRedis event stream with flusher worker — fire-and-forget persistence never on the enforcement hot path.