Changelog

Release history for governance-sdk. Follow on GitHub for updates.

v0.11.2latest2026-04-16

README sync automation — keeps npm README in lockstep with repo-root README

featscripts/sync-readme.mjs generates packages/governance/README.md from root README

featWired into prepublishOnly — every npm release ships an in-sync README

featCI guard fails the build if a manual README edit skips the sync

docsNo code changes. SDK behavior identical to 0.11.0.

v0.11.0stable2026-04-15

Scope honesty pass 2 — removes 5 unused modules, demotes 4 oversold ones. 1,328 tests, 0 failures.

breakRemoved governance-sdk/eval-trace, /eval-scorer, /eval-types and gov.eval — use a dedicated eval harness (inspect-ai, PyRIT, Phoenix, Langfuse) and route results to gov.audit.log()

breakRemoved governance-sdk/plugins/mcp-annotations — annotation-rule generator was a static template, not runtime governance

breakRemoved governance-sdk/supply-chain-sbom — use /supply-chain-cyclonedx (CycloneDX 1.5) instead

breakRemoved GovernMCPConfig.traceCollector — tool-call audit still fires via gov.audit

docsDemoted framing on metrics, otel-hooks, action-recorder, behavioral-scorer — they ship but are no longer headlined as built-in observability / dynamic-trust

docsReal OpenInference OTel exporter and TrustEngine promotion queued for future releases

test1,328 tests, 0 failures

perf49 → 44 export paths after dead-module removal

v0.10.02026-04-02

Scope honesty pass 1 — tightened public surface ahead of 1.0

docsSee packages/governance/CHANGELOG.md for the full list of cuts and demotions

v0.1.0 — 0.9.x2026-01-15 → 2026-03-31

Early iteration — core policy engine, framework adapters, audit chain, injection detection, scoring

featcreateGovernance() — core governance instance with rule evaluation

featFramework adapters: Mastra, Vercel AI SDK, LangChain, OpenAI Agents, Anthropic, Genkit, LlamaIndex, Mistral, Ollama + MCP & Bedrock

feataudit-integrity module — HMAC-SHA256 hash-chained audit with chain.verify() and chain.export()

featdetectInjection() — 54 regex patterns across 7 categories (F1 = 0.48 on 6,931-sample LIB benchmark)

featKill switch at priority 999 — kill(), killAll(), revive(), reviveAll() (per-process)

feat7-dimension governance scoring — composite 0–100 score, L0–L4 levels

featEU AI Act + ISO 42001 + NIST AI RMF self-assessment mappings

featPostgreSQL storage adapter via governance-sdk-platform (auto-migration)

featTypeScript-native, zero runtime dependencies, MIT license

docsPer-release notes at packages/governance/CHANGELOG.md on GitHub

Stay up to date

Watch releases on GitHub Releases or subscribe to the npm feed.

Quickstart →Landing page