AgentOx v1.0.0 is a stability and hardening release. It formalizes stable public contracts for CLI behavior and JSON report schema while graduating HTTP/SSE transport to GA for basic request/response operation.

Stable Guarantees (Starting in v1.0.0)

• CLI contract is semver-stable (agentox audit options, target selection semantics, exit behavior).
• JSON report contract is semver-stable and includes schema_version: "1.0".
• Existing check IDs remain stable (CONF-*, SEC-*, BHV-*).

What Changed

• Added explicit JSON report schema version field:
  • schema_version: "1.0"
• Added compatibility parsing behavior for older report shapes that did not include schema_version.
• Hardened HTTP/SSE transport:
  • deterministic retry policy for transient failures (timeouts and 502/503/504),
  • no retry on 4xx responses,
  • structured status handling for 2xx/4xx/5xx classes,
  • SSE parser now supports multi-line data: payloads and ignores non-data lines,
  • response payloads are validated as JSON before session processing.
• Expanded transport and CLI contract tests for GA behavior.

Compatibility and Migration Notes

• Existing CI pipelines consuming summary and results remain compatible.
• schema_version is additive and does not remove existing fields.
• --target is now supported for GA basic request/response usage.

Explicitly Out of Scope for v1.0.0

• HTML reports
• Advanced streaming session lifecycle/resumption for SSE

Advanced streaming improvements are intentionally deferred to a later release.

AgentOx v0.4.0

AgentOx v0.4.0 introduces two major capabilities:

1. Behavioral Contracts (BHV-*) for runtime consistency validation.
2. HTTP/SSE Beta Transport via --target for non-stdio audit flows.

Highlights

• Added 3 behavioral checks:
  • BHV-001 Idempotency baseline
  • BHV-002 Schema-output alignment
  • BHV-003 Deterministic error semantics
• Enabled functional HTTP/SSE beta transport:
  • agentox audit --target <URL> now executes audits
  • Supports JSON and SSE response parsing in beta mode
• --only behavioral now runs behavioral checks (no longer blocked)
• Default audit now includes Conformance + Security + Behavioral checks

New Behavioral Checks

• BHV-001 Idempotency baseline
  • Verifies repeated tools/list calls are stable within one session.
• BHV-002 Schema-output alignment
  • Validates tools/call results against declared outputSchema (when present).
• BHV-003 Deterministic error semantics
  • Ensures repeated malformed calls produce stable error behavior.

HTTP/SSE Beta

• Implemented a working HttpSseTransport behind --target.
• Transport behavior:
  • HTTP POST request/response flow
  • Accepts application/json response payloads
  • Parses first valid data: event for text/event-stream responses
• Beta constraints remain:
  • No long-lived bidirectional session model yet
  • Focused on robust single request/response operations

CLI Changes

• --target is now active (beta), not a hard error.
• --only behavioral now executes BHV-*.
• Invalid dual target selection (--stdio + --target) now fails with explicit guidance.

Testing and Quality

Expanded test matrix includes:

• Behavioral category integration coverage
• HTTP/SSE transport contract tests (JSON + SSE modes)
• CLI behavior tests for:
  • --only security
  • --only conformance
  • --only behavioral
  • --target
  • invalid dual-target usage

Validation passed:

• cargo fmt --all
• cargo test --workspace
• cargo clippy --workspace --all-targets --all-features -- -D warnings

Documentation Updates

Updated docs to reflect v0.4 behavior and expected outputs:

• README check tables and totals
• SETUP CLI guidance for --target beta
• MCP test-server expected baseline now includes BHV-*

Versioning

• Workspace and crate linkage updated to v0.4.0.

AgentOx v0.3.0

This release focuses on post-v0.2 hardening: stronger security check behavior, broader regression coverage, improved test-server documentation, and transport-layer groundwork for future HTTP/SSE support.

Highlights

• Hardened SEC-* checks to reduce false positives/negatives.
• Expanded integration and CLI behavior tests.
• Added transport capability contracts and an HTTP/SSE placeholder behind a feature flag.
• Updated test-server documentation to reflect real v0.2+ expected results.
• Updated minimum supported Rust version baseline in project/CI.

Security Check Improvements

• SEC-001 Prompt Injection Echo Safety
  • Explicitly treats pure echo responses as benign when no sensitive leakage markers are present.
  • Normalized/truncated evidence output for stable reporting.
• SEC-002 Tool Parameter Boundary Validation
  • Case-based accepted JSON-RPC error code policy.
  • Accepts structured tool errors via result.isError=true where applicable.
• SEC-003 Error Leakage Detection
  • Centralized leak pattern constants.
  • Added allowlist context guards to reduce noisy matches (e.g. schema/property context).
• SEC-004 Resource Exhaustion Guardrail
  • Probe profile (burst size/payload size) now adapts to configured timeout.
  • Deterministic timeout-budget check added.
  • Evidence now includes timeout/profile context.

Test Matrix Expansion

• Added core integration coverage for:
  • Default check set shape and count consistency (14 total in default run).
  • Category consistency in results/summary.
  • Rust SDK profile baseline (CONF-005 expected fail; security checks expected pass).
• Added transport contract tests for default Transport trait behavior.
• Added CLI behavior tests:
  • --only security routes to SEC-* only
  • --only conformance routes to CONF-* only
  • --only behavioral fails fast with clear message
  • --target remains explicit “not implemented”

Transport Foundation (v0.3 groundwork)

• Added TransportCapabilities contract on the transport trait.
• Added feature-gated HTTP/SSE placeholder transport module (http-sse) for future implementation.
• Added explicit Unsupported transport error variant.

Documentation Updates

• Updated mcp-test-servers/README.md with:
  • v0.2+ expected baseline (13/14) for Rust SDK server
  • Explicit SEC-* expected outcomes
  • Command matrix (text/json/security-only)
  • Expected failure policy for CONF-005
• Updated version references and setup docs for current release baseline.

CI/Toolchain

• Minimum Rust baseline updated to 1.93.1 in workspace and CI MSRV job.
• CI matrix simplified to run tests on Ubuntu + macOS (Windows removed).

Compatibility

• No breaking API changes intended for end users.
• --target remains intentionally unimplemented; behavior is unchanged (explicit error path).

AgentOx v0.2.0 Release Notes

Highlights

• Added first security audit suite with 4 new checks:
  • SEC-001 Prompt-injection echo safety
  • SEC-002 Tool parameter boundary validation
  • SEC-003 Error leakage detection
  • SEC-004 Resource-exhaustion guardrail
• Default audit now runs both conformance and security checks.

CLI Improvements

• --only is now strict/validated: conformance | security | behavioral.
• --only security now runs only SEC-* checks.
• --only behavioral now fails fast with a clear “not implemented yet” message.
• --timeout is now enforced by transport read timeout (including disposable sessions used by destructive probes).
• --format is now typed/validated (text, json).

Engine / Core Changes

• Added security check module and runner registration:
  • register_security_checks()
  • register_default_v0_2_checks()
• Added context-level timeout propagation for check execution sessions.

Testing & Quality

• Added integration tests to verify:
  • Security-only execution returns only SEC-* checks.
  • Default v0.2 execution includes both CONF-* and SEC-*.
• Full verification passed:
  • cargo fmt --all
  • cargo test --workspace
  • cargo clippy --workspace --all-targets -- -D warnings

Documentation Updates

• Updated README.md and SETUP.md for v0.2 behavior and SEC-* coverage.
• Updated examples and check references to include security checks.

Known Limitations

• --target (HTTP/SSE transport) is still not implemented; stdio remains the supported transport.
• Behavioral checks are not yet implemented in this release.

Compatibility Notes

• No breaking JSON report schema changes.
• Existing CONF-* checks and semantics remain intact.

Initial release of AgentOx — audit MCP servers for protocol conformance.

What's included

• 10 conformance checks (CONF-001 through CONF-010)
• Stdio transport (spawn and audit any MCP server)
• Text and JSON report output
• CI-friendly exit codes (0 = pass, 1 = findings)
• Published to crates.io: cargo install agentox