Skip to content

Releases: sanna-ai/sanna

sanna v1.1.1

Choose a tag to compare

@nicallen-exd nicallen-exd released this 26 Mar 19:24

What's Changed

Fixes

  • SAN-49: Add UnsupportedAlgorithm to crypto exception handling — prevents unhandled exceptions when encountering unsupported key algorithms
  • SAN-48: Bump CHECKS_VERSION to "7" for SAN-27 empty-checks normalization — ensures fingerprint correctness after the empty-checks hash fix in v1.1.0

Documentation

  • SAN-43: Document unpatch_subprocess() as an intentional design limitation

Full Changelog

v1.1.0...v1.1.1

Install

pip install sanna==1.1.1

v1.1.0 — Security Hardening

Choose a tag to compare

@nicallen-exd nicallen-exd released this 25 Mar 18:19
79ef4df

Security Hardening Release

Security

  • Shell metacharacter bypass fix in subprocess interceptor (SAN-35)
  • os.exec*/os.spawn*/os.popen patching in subprocess interceptor (SAN-42)
  • TOCTOU race mitigation with binary path resolution (SAN-44)
  • Wrapper script bypass detection in subprocess interceptor (SAN-45)
  • Thread-safe restore for subprocess interceptor (SAN-46)
  • Env var manipulation bypass prevention in subprocess interceptor (SAN-47)

Fixed

  • Fingerprint edge cases aligned with TypeScript SDK and spec (SAN-27)

Improved

  • Broad except Exception replaced with specific exception types across the codebase (SAN-1)

Install

pip install sanna==1.1.0

Full Changelog: v1.0.0...v1.1.0

v1.0.0 — Receipt Sinks, Workflow Chaining, Content Mode

Choose a tag to compare

@nicallen-exd nicallen-exd released this 06 Mar 03:14

What's New

Receipt Sinks

Pluggable receipt persistence via the ReceiptSink abstract base class. Four built-in implementations:

  • NullSink — No-op (default, preserves existing behavior)
  • LocalSQLiteSink — SQLite-backed local persistence wrapping ReceiptStore
  • CloudHTTPSink — HTTP endpoint with retry, backoff, and buffer-on-failure
  • CompositeSink — Fan-out to multiple sinks simultaneously

Configure in gateway YAML or pass directly to @sanna_observe. FailurePolicy enum controls error behavior: LOG, BUFFER, or RAISE.

Multi-Step Workflow Chaining

Two new receipt fields link governed actions across multi-step agent workflows:

  • parent_receipts — List of parent receipt IDs establishing a DAG of governance decisions
  • workflow_id — Shared identifier grouping all receipts in a workflow

Content Mode

content_mode: "hash_only" stores only cryptographic hashes of inputs/outputs — no plaintext in the receipt. Enables governance enforcement without data exposure. Configurable per-constitution or per-call via content_mode_source.

Spec v1.1

  • spec_version bumped to "1.1"
  • checks_version bumped to "6"
  • 14-field fingerprint formula (was 12) — fields 13–14 are parent_receipts_hash and workflow_id_hash
  • Backward-compatible verifier auto-detects 12 vs 14 field fingerprints via checks_version

API Surface

17 top-level exports (was 10). Seven new sink-related types added to sanna.__all__:
ReceiptSink, NullSink, LocalSQLiteSink, CloudHTTPSink, CompositeSink, SinkResult, FailurePolicy

Breaking Changes

  • Receipt fingerprint is now 14 fields. Receipts generated by v1.0.0 will not verify against v0.13.x verifiers.
  • checks_version is "6" (was "5"). The verifier uses this to auto-detect the fingerprint formula.
  • spec_version is "1.1" (was "1.0").

v0.13.x receipts continue to verify correctly with the v1.0.0 verifier (backward compatible).

Install

pip install sanna==1.0.0
pip install "sanna[mcp]==1.0.0"   # with gateway support

Stats

  • 2587 tests passing (up from 2391 in v0.13.7)
  • 53 new tests covering all v1.0.0 features