Releases: sanna-ai/sanna
Release list
sanna v1.1.1
What's Changed
Fixes
- SAN-49: Add
UnsupportedAlgorithmto crypto exception handling — prevents unhandled exceptions when encountering unsupported key algorithms - SAN-48: Bump
CHECKS_VERSIONto"7"for SAN-27 empty-checks normalization — ensures fingerprint correctness after the empty-checks hash fix in v1.1.0
Documentation
- SAN-43: Document
unpatch_subprocess()as an intentional design limitation
Full Changelog
Install
pip install sanna==1.1.1
v1.1.0 — Security Hardening
Security Hardening Release
Security
- Shell metacharacter bypass fix in subprocess interceptor (SAN-35)
os.exec*/os.spawn*/os.popenpatching in subprocess interceptor (SAN-42)- TOCTOU race mitigation with binary path resolution (SAN-44)
- Wrapper script bypass detection in subprocess interceptor (SAN-45)
- Thread-safe restore for subprocess interceptor (SAN-46)
- Env var manipulation bypass prevention in subprocess interceptor (SAN-47)
Fixed
- Fingerprint edge cases aligned with TypeScript SDK and spec (SAN-27)
Improved
- Broad
except Exceptionreplaced with specific exception types across the codebase (SAN-1)
Install
pip install sanna==1.1.0Full Changelog: v1.0.0...v1.1.0
v1.0.0 — Receipt Sinks, Workflow Chaining, Content Mode
What's New
Receipt Sinks
Pluggable receipt persistence via the ReceiptSink abstract base class. Four built-in implementations:
NullSink— No-op (default, preserves existing behavior)LocalSQLiteSink— SQLite-backed local persistence wrappingReceiptStoreCloudHTTPSink— HTTP endpoint with retry, backoff, and buffer-on-failureCompositeSink— Fan-out to multiple sinks simultaneously
Configure in gateway YAML or pass directly to @sanna_observe. FailurePolicy enum controls error behavior: LOG, BUFFER, or RAISE.
Multi-Step Workflow Chaining
Two new receipt fields link governed actions across multi-step agent workflows:
parent_receipts— List of parent receipt IDs establishing a DAG of governance decisionsworkflow_id— Shared identifier grouping all receipts in a workflow
Content Mode
content_mode: "hash_only" stores only cryptographic hashes of inputs/outputs — no plaintext in the receipt. Enables governance enforcement without data exposure. Configurable per-constitution or per-call via content_mode_source.
Spec v1.1
spec_versionbumped to"1.1"checks_versionbumped to"6"- 14-field fingerprint formula (was 12) — fields 13–14 are
parent_receipts_hashandworkflow_id_hash - Backward-compatible verifier auto-detects 12 vs 14 field fingerprints via
checks_version
API Surface
17 top-level exports (was 10). Seven new sink-related types added to sanna.__all__:
ReceiptSink, NullSink, LocalSQLiteSink, CloudHTTPSink, CompositeSink, SinkResult, FailurePolicy
Breaking Changes
- Receipt fingerprint is now 14 fields. Receipts generated by v1.0.0 will not verify against v0.13.x verifiers.
checks_versionis"6"(was"5"). The verifier uses this to auto-detect the fingerprint formula.spec_versionis"1.1"(was"1.0").
v0.13.x receipts continue to verify correctly with the v1.0.0 verifier (backward compatible).
Install
pip install sanna==1.0.0
pip install "sanna[mcp]==1.0.0" # with gateway supportStats
- 2587 tests passing (up from 2391 in v0.13.7)
- 53 new tests covering all v1.0.0 features