Download Latest Version
v0.7.5 -- Trust hardening + attestation object draft source code.tar.gz (431.4 kB)
Get an email when there's a new version of pic-standard
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-04-03 | 1.6 kB | |
| v0.7.5 -- Trust hardening + attestation object draft source code.tar.gz | 2026-04-03 | 431.4 kB | |
| v0.7.5 -- Trust hardening + attestation object draft source code.zip | 2026-04-03 | 486.0 kB | |
| Totals: 3 Items | 919.0 kB | 2 | |
[0.7.5] - 2026-04-03
Added
strict_trustpipeline option: newPipelineOptions.strict_trust(defaultFalse). When enabled, all inboundprovenance[].trustvalues are sanitized to"untrusted"before verification. Evidence verification is the only path to trusted status.- Trust deprecation warning: when a proposal declares
trust:"trusted"but effective evidence verification will not run for that proposal, aPICTrustFutureWarningis emitted with migration guidance. In PIC/1.0, non-sanitizing mode will be legacy and non-conformant. - Attestation Object v1 draft:
docs/attestation-object-draft.md— non-normative design document for the canonical minimal signing target (community feedback welcome). - Migration guide:
docs/migration-trust-sanitization.md— step-by-step guide for migrating from self-asserted trust to evidence-backed trust. strict_trustandkey_resolverparameters inguard_mcp_tool(),guard_mcp_tool_async(), andPICToolNodefor integration-level opt-in.
Changed
- Pipeline refactor:
verify_proposal()now finalizes trust state (sanitization + evidence verification + trust upgrade) beforeActionProposalinstantiation. This removes duplicate instantiation/binding and ensuresstrict_trust=Trueworks correctly with evidence-backed proposals. PICToolNodeconstructor now acceptsverify_evidence,strict_trust,key_resolver,policy,proposal_base_dir, andevidence_root_dirfor full pipeline configuration.
