Thoth SDK
sdk v0.1.6 / proxy v0.2.7

Changelog

Release notes for Thoth SDKs and the MCP proxy.

All notable changes to Thoth SDKs and the MCP proxy/CLI are documented here. Releases follow Semantic Versioning. Latest tags: Go v0.1.5 · Python v0.1.6 · TypeScript v0.1.6 · Thoth Binary Line (thoth + thothctl) v0.2.8.

v0.1.6 / v0.2.8April 22, 2026Headless GitOps + thothctl + Rust Event Ingestor

This release line publishes:

  • Go SDK: unchanged at sdk/go/v0.1.5
  • Python SDK: unchanged at sdk/python/v0.1.6
  • TypeScript SDK: unchanged at sdk/npm/v0.1.6
  • Thoth binary line: thoth/v0.2.8 (thoth + thothctl)
Improvements

Fleet management + MDM providers

  • Added tenant-scoped MDM provider configuration and sync workflows for Jamf and Intune.
  • Fleet management now supports on-demand provider inventory synchronization to upsert endpoint records.
  • Provider sync now supports default fleet and environment mapping for imported endpoints.

Headless control plane

  • thothctl is now documented as the default admin path for no-dashboard bootstrap and updates.
  • New GitOps headless section covers Terraform, Pulumi, Argo CD, and GovAPI orchestration patterns.
  • GitOps docs now use public-provider/public-runbook distribution patterns instead of internal module paths.
  • SIEM/PAM integration guidance is now aligned to API-first and CI-driven operations.

Event pipeline deployment

  • ECS deployment workflows now enforce eventingestor as a Rust service target.
  • Deployment matrix validation now fails if eventingestor drifts out of the Rust service group.

Manual endpoint enrollment

  • Fleet management now provides generated re-enrollment scripts for endpoints not associated with a fleet.
  • Direct endpoint enrollment supports optional fleet assignment through THOTH_FLEET_ID.
  • Endpoint health state remains current through periodic proxy check-ins.

Documentation

  • Added external-facing docs for MDM provider sync and manual endpoint enrollment flow.
  • Proxy install docs now default to thoth/v0.2.8.
  • Added public-platform delivery workflows: Terraform-based public repo bootstrap and CI mirroring for provider/runbook content.
v0.1.6 / v0.2.7April 21, 2026Proxy Identity Defaults + Enforcer Context-Diff Warnings

This release line publishes:

  • Go SDK: unchanged at sdk/go/v0.1.5
  • Python SDK: unchanged at sdk/python/v0.1.6
  • TypeScript SDK: unchanged at sdk/npm/v0.1.6
  • MCP Proxy: thoth/v0.2.7
Improvements

MCP Proxy (thoth binary)

  • Endpoint identity resolution now defaults to immutable machine identity (Intune/Jamf managed ID override, then OS machine ID), with hostname only as last-resort fallback.
  • THOTH_USER_ID remains required and must be a valid email address.
  • enforcer_url and govapi_url are inferred from tenant_id + apex_domain.
  • --enforcer-url / THOTH_ENFORCER_URL are now deprecated and ignored.

Enforcer

  • Requests with valid keys now proceed even when endpoint/fleet scope context does not match exactly; enforcer emits warnings for follow-up.
  • Tenant user-domain mismatches are now warn-only when key validation succeeds.

Documentation

  • Customer docs now reflect thoth/v0.2.7 defaults for identity, URL inference, and runtime env expectations.
v0.1.6 / v0.2.3April 20, 2026Wrap-Config Env Injection + Simpler Endpoint Routing

This release line publishes:

  • Go SDK: unchanged at sdk/go/v0.1.5
  • Python SDK: unchanged at sdk/python/v0.1.6
  • TypeScript SDK: unchanged at sdk/npm/v0.1.6
  • MCP Proxy: thoth/v0.2.3
Improvements

MCP Proxy (thoth binary)

  • thoth wrap-config now supports repeatable --env KEY=VALUE to inject runtime environment values directly into selected MCP server entries.
  • Wrap output remains idempotent and now reports environment changes when values are updated.
  • Fleet registration URL handling is simplified:
    • govapi_url is derived automatically from tenant_id + apex_domain as https://grid.<tenant>.<apex-domain>.
    • enforcer_url is derived automatically as https://enforce.<tenant>.<apex-domain> when not explicitly set.
    • legacy gov_api_url compatibility paths are removed.
  • Runtime identity hardening:
    • THOTH_USER_ID must be a valid email address.
    • customer domain policy is enforced centrally by enforcer tenant metadata (admin-managed), with automatic request blocking for non-matching user domains.

Documentation

  • Customer-facing docs are updated for v0.2.3.
  • Proxy setup examples now use supported wrap-config flags and document inline environment injection via --env.
v0.1.6 / v0.2.2April 19, 2026Fail-Closed Enforcement + Canonical Contract Parity

This release line publishes:

  • Go SDK: sdk/go/v0.1.5
  • Python SDK: sdk/python/v0.1.6
  • TypeScript SDK: sdk/npm/v0.1.6
  • MCP Proxy: thoth/v0.2.2
Improvements

Proxy + SDK enforcement behavior

  • Go and proxy paths now enforce fail-closed posture on enforcer/runtime failures.
  • Enforcement payload contract is normalized to canonical fields:
    • tool_args
    • enforcement_trace_id
    • user_id, approved_scope, session_intent, session_tool_calls
  • Session tool-call history is bounded to the latest 128 calls for parity across Go and proxy paths.

Documentation

  • Docs now reflect fail-closed behavior in SDK guidance and security posture sections.
  • Version banners and docs-site changelog are updated for the latest SDK/proxy releases.
v0.1.3 / v0.2.0April 15, 2026Telemetry Metadata + Policy Context Propagation

This release publishes:

  • Go SDK: unchanged at sdk/go/v0.1.2
  • Python SDK: sdk/python/v0.1.3
  • TypeScript SDK: sdk/npm/v0.1.3
  • MCP Proxy: thoth/v0.2.0 (public release: atensecurity/thoth v0.2.0)
Improvements

Python SDK (aten-thoth)

  • BehavioralEvent now includes endpoint context fields:
    • endpoint_id
    • hostname
  • BehavioralEvent now includes WORM chain evidence fields:
    • chain_index
    • hash
    • previous_hash
    • signature
  • Dependency lock/metadata refreshed as part of the SDK patch line.

TypeScript SDK (@atensec/thoth)

  • Enforcer payload now propagates:
    • tool_args
    • user_id
    • metadata.policy_context
    • enforcement_trace_id
  • ThothConfig adds:
    • policyContext
    • enforcementTraceId
  • Instrumentation now serializes tool call arguments safely before enforcement checks.

MCP Proxy (thoth binary)

  • Emitted events now include normalized top-level endpoint metadata:
    • endpoint_id
    • hostname
  • Event metadata includes hostname consistently for downstream pipelines.
  • MCP proxy distribution now uses the cross-platform thoth binary release line.
  • Docs + install path standardized to:
    • curl -fsSL https://install.atensecurity.com/thoth | sh
    • GitHub release assets from atensecurity/thoth
v0.1.2April 10, 2026Tenant API URL Contract + Session Intent Enforcement

This release publishes v0.1.2 for all Thoth SDKs:

  • Go: sdk/go/v0.1.2
  • Python: sdk/python/v0.1.2
  • TypeScript: sdk/npm/v0.1.2
Improvements

Unified SDK API URL contract

  • Go, Python, and TypeScript SDKs now use a single tenant API URL for both:
    • policy enforcement (POST /v1/enforce)
    • behavioral event ingestion (POST /v1/events/batch)
  • SDK startup now requires tenant API URL configuration via:
    • explicit config (APIURL / api_url / apiUrl)
    • or THOTH_API_URL
  • Removed SDK fallbacks to hosted global defaults and split endpoint semantics.

Go SDK

  • NewClient now fails fast when APIURL is missing.
  • Examples and tests updated to pass THOTH_API_URL explicitly.
  • SDK docs now include required env setup and quickstart examples.

Python SDK

  • ThothConfig now requires tenant API URL resolution (api_url or THOTH_API_URL) and enforces a single URL contract.
  • resolved_enforcer_url now follows the single-URL contract and mirrors resolved_api_url.
  • session_intent is now accepted in config and passed to enforcement payloads.
  • Step-up polling now sends auth headers when api_key is present.

TypeScript SDK

  • Removed HOSTED_API_URL fallback and split enforcer semantics.
  • instrument() now throws at startup when apiUrl/THOTH_API_URL is missing.
  • Enforcement and event emission now route through the same tenant API URL.
  • sessionIntent is now supported in config and forwarded to enforcement payloads.
  • Runtime/test baseline updated and validated for Node.js 18+ compatibility.
v0.1.1March 31, 2026API Contract Fixes

This patch release fixes critical mismatches between the Go and TypeScript SDKs and the enforcement API. All SDK consumers on v0.1.0 should upgrade.

Bug Fixes

Go SDK (github.com/atensecurity/thoth-go)

  • Critical enforcement compatibility and decision-handling fixes across request/response mapping.
  • Endpoint and schema alignment updates for stable enforcement and step-up behavior.
  • Improved client metadata propagation and response observability fields.

TypeScript SDK (@atensec/thoth)

  • emitBehavioralEvent was not exported from the package root. It is now accessible via import { emitBehavioralEvent } from "@atensec/thoth".

REST API documentation

  • All endpoint paths, request field names (corrected to snake_case), response schemas, and HTTP status codes in the API reference now match the actual backend.
v0.1.0March 30, 2026First General Availability Release

This is the first general-availability release of the Thoth SDK. All three language SDKs (Python, Go, TypeScript) are stable and production-ready.

New Features

Hosted API — single API key, zero infrastructure

The Thoth enforcement and event ingestion API is now hosted at https://api.atensecurity.com. Authentication requires a single THOTH_API_KEY — no AWS credentials, no infrastructure setup. All three SDKs pick it up automatically from the environment.

export THOTH_API_KEY="thoth_live_your_key_here"

Python SDK (thoth-sdk)

  • instrument(agent, ...) — Instrument any AI agent with a .tools attribute. Auto-detects LangChain AgentExecutor and CrewAI Agent via duck-typing.
  • instrument_anthropic(tool_fns, ...) — Wrap tool execution functions for Anthropic Claude agentic loops. Returns a governed dict[str, Callable].
  • instrument_openai(tool_fns, ...) — Wrap tool execution functions for OpenAI tool-calling loops.
  • ThothPolicyViolation exception — raised when the enforcer blocks a tool call. Fields: tool_name, reason, violation_id.
  • get_current_session() — Access the active session context from within a governed tool call.
  • ThothConfig — Pydantic model with full field validation.
  • EnforcementMode enum — observe | progressive | step_up | block.
  • LangGraph and CrewAI integrations — auto-detected via duck-typing.

Go SDK (github.com/atensecurity/thoth-go)

  • NewClient(Config) — Initialize the Thoth client with env-var fallback.
  • Client.WrapTool / Client.WrapToolFunc — wrap string and map tool functions.
  • Client.StartSession(ctx, agentID, sessionID) — per-request session isolation.
  • PolicyViolationError, StepUpRequiredError — typed error values.
  • Fail-open guarantee — enforcer unreachable never blocks tool execution.

TypeScript SDK (@atensec/thoth)

  • instrument<T>(agent, config) — generic agent instrumentation; preserves TypeScript types.
  • wrapAnthropicTools / wrapOpenAITools — sub-path imports for framework-specific wrappers.
  • ThothPolicyViolation — extends Error. Fields: toolName, reason, violationId.
  • EnforcementMode enum, ThothConfig interface, BehavioralEvent interface.
  • Async generator support and strict: true compilation.

REST API (https://api.atensecurity.com)

  • POST /v1/events/batch — up to 100 events per batch; idempotent via event_id; 90-day retention.
  • POST /v1/enforce — returns ALLOW | BLOCK | STEP_UP with progressive anomaly scoring.
  • GET /v1/enforce/hold/{hold_token} — returns pending | approved | denied | expired.
  • Rate limits: 1,000 req/min (events), 500 req/min (enforce), 200 req/min (hold) per tenant.
Enforcement Modes
ModeBehavior
observeLog and emit events only. Never block.
progressiveEscalating enforcement based on session anomaly scoring. Default.
step_upAlways require human approval for out-of-scope tools.
blockImmediately reject with ThothPolicyViolation.

Planned (Unreleased)

These items are planned and not yet shipped. Scope and timing can change.

In progress

Approval workflow enhancements

  • Expanded step-up approval options, including better integration paths for enterprise workflows.

SDK ergonomics improvements

  • Better session lifecycle ergonomics and safer default configuration paths.

Policy source integrations

  • Expanded support for external policy/governance systems in enterprise deployments.

Under evaluation

Governance analytics and exports

  • Additional governance analytics and export/reporting workflows.

Enterprise alerting improvements

  • Enhanced operational alerting for high-priority governance events.

Compliance reporting templates

  • Expanded policy/compliance reporting templates for regulated environments.

Previous

GitOps Headless Control Plane

Next

Changelog

On this page