Changelog

Enterprise distribution and verification

• Added Homebrew tap publication flow for atensecurity/homebrew-tap.
• Added notarized macOS PKG release pathway for MDM deployments (Jamf/Intune/Kandji).
• Published Santa trust metadata (santa-metadata.json) and signing metadata for endpoint allowlisting.
• Expanded release metadata set: SBOMs (CycloneDX + SPDX), provenance, immutable manifest, checksums, and Sigstore keyless signatures.
• Added documentation runbooks for release channels, Santa trust policy, Kandji deployment, and deployment validation matrix.

Canonical observe mode

shadow is no longer part of the public SDK surface. The canonical enforcement mode is observe. The enforcer and all three SDKs continue to accept shadow as an alias — no config changes required in running deployments.

Expanded policy context propagation

ThothConfig / Config now accepts environment, enforcement_trace_id, session_intent, purpose, data_classification, and task_context. All fields are forwarded on every enforcement call.

HTTP diagnostics

Improved error messages for 401/403 enforcer responses with actionable hints about API key scope and ingest token configuration.

Docs and release consistency

• Promoted Thoth CLI/proxy docs to the thoth/v0.3.3 binary line.
• Standardized provider references on v0.1.7 across Terraform and Pulumi docs.

Infrastructure-as-code provider releases

• Added org-level API key auth for provider workflows and preserved bearer-token compatibility.
• Standardized CI/CD auth through THOTH_API_KEY for Terraform and Pulumi provider usage.
• Updated provider release notes and docs for dual-auth guidance.

Thoth binary line release

• Published thoth/v0.3.0 and aligned customer-facing install/version references.
• Updated release docs to reflect the current stable binary line for thoth and thothctl.

Release and upgrade clarity

• Standardized customer docs on canonical release channels (thoth/v* for endpoint runtime, sdk/* for SDKs).
• Updated install and quick-reference pages to reflect current stable versions and package constraints.

Operator workflows

• Added customer-ready strict-mode Secrets Broker examples for MCP tools (for example Figma, Notion, and Stitch host bindings).
• Documented fail-closed token handling patterns for endpoint runtime use without storing long-lived tokens in local tool config.

Runtime resilience

• Hardened telemetry ingest behavior for intermittent 403/edge enforcement failures to reduce dropped event noise and improve operator troubleshooting.

SDK diagnostics and enforcement traceability

• Added SDK log-level controls across Go, Python, and TypeScript for cleaner operator debugging.
• Improved STEP_UP token and enforcement trace diagnostics to make approval-path troubleshooting faster.

Thoth control-plane hardening

• Unified auth/delegation envelope fields across control-plane and runtime services.
• Added stricter default purpose-class enforcement and promotion lifecycle guardrails.
• Hardened model-router policy behavior and admin settings integration for safer runtime rollout control.
• Clarified API key redaction output and governance feed query UX.

SDK telemetry isolation

• Go, Python, and TypeScript SDK ingestion paths now align to tenant-scoped telemetry/event IDs to avoid cross-tenant event collisions.
• Instrumentation payload models were updated to preserve scoped event identity throughout ingest and normalization.

Endpoint runtime management

• Improved API key management UX and guidance for scope-aware authorization.
• Set a secure 90-day default API key expiry with proactive warnings for near-expiry keys.
• Fixed shadow mode STEP_UP visibility so review-to-agent-registry flows surface approval state consistently.

Lifecycle management

• Added in-place update workflows for endpoint runtime and admin tooling.
• Each command checks GitHub Releases, verifies asset checksums (checksums.sha256), and installs only verified binaries.
• --force is supported for explicit reinstallation of the latest release.

Customer docs

• Updated external docs to reflect current Thoth binary line v0.2.19.
• Added update workflow guidance so operators can keep binaries current without reinstall scripts.

SDK ingest reliability

• Go and TypeScript SDK emitters now send both Authorization: Bearer ... and X-Api-Key headers on ingest calls to match enforcer/runtime expectations.
• Non-2xx ingest failures now log the HTTP status, target URL, and a safe response-body snippet to speed up debugging.

API key management

• API key creation and authorization flows now support explicit scope selectors:
  • --organization
  • --fleet-id
  • --endpoint-id
  • --agent-id
• Command help now explains key scope vs runtime context matching in plain language.
• Authorization output now includes clear hints when validation fails due to expiry, permission mismatch, or scope mismatch.

Operator docs

• Public runbooks now use explicit scope flags in API key command examples so customer operators can copy/paste known-good commands.

Python SDK (aten-thoth)

• Restored from thoth import ThothClient compatibility export.
• Added legacy method aliases (wrap, wrap_openai_tools, wrap_anthropic_tools) that delegate to current instrument* APIs.

Documentation

• Python SDK README now includes a legacy compatibility section for ThothClient.
• Docs-site Python SDK reference now calls out preferred module-level APIs and legacy ThothClient support.

Fleet management + MDM providers

• Added tenant-scoped MDM provider configuration and sync workflows for Jamf and Intune.
• Fleet management now supports on-demand provider inventory synchronization to upsert endpoint records.
• Provider sync now supports default fleet and environment mapping for imported endpoints.

Headless control plane

• Admin tooling is now documented as the default path for no-dashboard bootstrap and updates.
• New headless operations section covers API-driven and automation-driven orchestration patterns.
• Documentation now emphasizes customer-run automation workflows without dashboard dependency.
• SIEM/PAM integration guidance is now aligned to API-first and CI-driven operations.
• Added browser control-plane workflows for provider, policy, and enrollment management across supported browsers.
• Added browser sync workflows for endpoint-side policy resolution and managed artifact application (applied/rendered/dry_run) to support mixed browser fleets.

Manual endpoint enrollment

• Fleet management now provides generated re-enrollment scripts for endpoints not associated with a fleet.
• Direct endpoint enrollment supports optional fleet assignment through THOTH_FLEET_ID.
• Endpoint health state remains current through periodic proxy check-ins.

Documentation

• Added external-facing docs for MDM provider sync and manual endpoint enrollment flow.
• Proxy install docs now default to thoth/v0.2.8.
• Added public-platform delivery workflows: Terraform-based public repo bootstrap and CI mirroring for provider/runbook content.

MCP Proxy (thoth binary)

• Endpoint identity resolution now defaults to immutable machine identity (Intune/Jamf managed ID override, then OS machine ID), with hostname only as last-resort fallback.
• THOTH_USER_ID remains required and must be a valid email address.
• enforcer_url and govapi_url are inferred from tenant_id + apex_domain.
• --enforcer-url / THOTH_ENFORCER_URL are now deprecated and ignored.

Enforcer

• Requests with valid keys now proceed even when endpoint/fleet scope context does not match exactly; enforcer emits warnings for follow-up.
• Tenant user-domain mismatches are now warn-only when key validation succeeds.

Documentation

• Customer docs now reflect thoth/v0.2.7 defaults for identity, URL inference, and runtime env expectations.

MCP Proxy (thoth binary)

• thoth wrap-config now supports repeatable --env KEY=VALUE to inject runtime environment values directly into selected MCP server entries.
• Wrap output remains idempotent and now reports environment changes when values are updated.
• Fleet registration URL handling is simplified:
  • govapi_url is derived automatically from tenant_id + apex_domain as https://grid.<tenant>.<apex-domain>.
  • enforcer_url is derived automatically as https://enforce.<tenant>.<apex-domain> when not explicitly set.
  • legacy gov_api_url compatibility paths are removed.
• Runtime identity hardening:
  • THOTH_USER_ID must be a valid email address.
  • customer domain policy is enforced centrally by enforcer tenant metadata (admin-managed), with automatic request blocking for non-matching user domains.

Documentation

• Customer-facing docs are updated for v0.2.3.
• Proxy setup examples now use supported wrap-config flags and document inline environment injection via --env.

Proxy + SDK enforcement behavior

• Go and proxy paths now enforce fail-closed posture on enforcer/runtime failures.
• Enforcement payload contract is normalized to canonical fields:
  • tool_args
  • enforcement_trace_id
  • user_id, approved_scope, session_intent, session_tool_calls
• Session tool-call history is bounded to the latest 128 calls for parity across Go and proxy paths.

Documentation

• Docs now reflect fail-closed behavior in SDK guidance and security posture sections.
• Version banners and docs-site changelog are updated for the latest SDK/proxy releases.

Python SDK (aten-thoth)

• BehavioralEvent now includes endpoint context fields:
  • endpoint_id
  • hostname
• BehavioralEvent now includes WORM chain evidence fields:
  • chain_index
  • hash
  • previous_hash
  • signature
• Dependency lock/metadata refreshed as part of the SDK patch line.

TypeScript SDK (@atensec/thoth)

• Enforcer payload now propagates:
  • tool_args
  • user_id
  • metadata.policy_context
  • enforcement_trace_id
• ThothConfig adds:
  • policyContext
  • enforcementTraceId
• Instrumentation now serializes tool call arguments safely before enforcement checks.

MCP Proxy (thoth binary)

• Emitted events now include normalized top-level endpoint metadata:
  • endpoint_id
  • hostname
• Event metadata includes hostname consistently for downstream pipelines.
• MCP proxy distribution now uses the cross-platform thoth binary release line.
• Docs + install path standardized to:
  • curl -fsSL https://install.atensecurity.com/thoth | sh
  • GitHub release assets from atensecurity/thoth

Unified SDK API URL contract

• Go, Python, and TypeScript SDKs now use a single tenant API URL for both:
  • policy enforcement (POST /v1/enforce)
  • behavioral event ingestion (POST /v1/events/batch)
• SDK startup now requires tenant API URL configuration via:
  • explicit config (APIURL / api_url / apiUrl)
  • or THOTH_API_URL
• Removed SDK fallbacks to hosted global defaults and split endpoint semantics.

Go SDK

• NewClient now fails fast when APIURL is missing.
• Examples and tests updated to pass THOTH_API_URL explicitly.
• SDK docs now include required env setup and quickstart examples.

Python SDK

• ThothConfig now requires tenant API URL resolution (api_url or THOTH_API_URL) and enforces a single URL contract.
• resolved_enforcer_url now follows the single-URL contract and mirrors resolved_api_url.
• session_intent is now accepted in config and passed to enforcement payloads.
• Step-up polling now sends auth headers when api_key is present.

TypeScript SDK

• Removed HOSTED_API_URL fallback and split enforcer semantics.
• instrument() now throws at startup when apiUrl/THOTH_API_URL is missing.
• Enforcement and event emission now route through the same tenant API URL.
• sessionIntent is now supported in config and forwarded to enforcement payloads.
• Runtime/test baseline updated and validated for Node.js 18+ compatibility.