Skip to content

Releases: declaw-ai/declaw-python

declaw v1.4.0

Choose a tag to compare

@github-actions github-actions released this 01 Jul 00:46

2026-07 train: credential vault client + injection domain scoping.

Added

  • Credential vault client — VaultClient and AsyncVaultClient for managing
    secrets by name: create_secret(), list_secrets(), rotate_secret(),
    delete_secret(), update_scopes(), and list_presets(). Secret values are
    write-only (never returned after create). Attach secrets to a sandbox with
    vault_refs={"ENV_VAR": "secret-name"}; the value is injected at the egress
    proxy and never enters the sandbox (#386, #399, #408, #456).
  • Opt-in domain scoping for full injection defense — pass domains=[...] to
    restrict prompt-injection scanning to specific destination hosts.

declaw v1.3.0

Choose a tag to compare

@github-actions github-actions released this 11 Jun 22:18

2026-06 train: file-granular volumes, OPA governance.

Added

  • Mode-based volumes: write-back and mount modes with a file-granular
    backend, plus a detached volume-files API — volume.files.write() /
    read() / list() / info() / exists() / remove() / rename() /
    mkdir(), volumes.empty() and volumes.ingest() constructors, and
    volume locks (acquire / renew / release / status) (#344).
  • OPA custom-policy support for AI agents: custom policy config with
    policy_ref resolution, content_gate for model/domain gating, and
    out-of-box AI governance packs via GovernancePacks (#279, #345).

Changed

  • The per-sandbox audit flag now gates network, command, and filesystem
    event categories: enabled=False suppresses all gated categories
    while lifecycle and admin events are still recorded (#332).