v0.3.0

Chitin v0.3.0

First major release since v0.2.0 (Feb 2026). 117 commits — a shift from policy-evaluator-plus-hooks into a full runtime-governance platform with sessions, soul attribution, MCP governance, agent reputation, and drift detection.

Highlights

• MCP-native governance — chitin mcp-govern exposes policy evaluation as a framework-agnostic MCP server, and mcp-serve surfaces policies as guidance tools for agents that can call MCP.
• Sessions — chitin session binds driver, model, soul, and role into a session_id so every downstream event (gate result, soul tag, artifact triple) joins back for analysis. chitin session wrap claude-code --soul <name> is the shell-facing entry point; install-shell adds claws / cc / cs aliases.
• Policy inheritance — LoadWithInheritance merges parent→child chitin.yaml chains, with chitin inheritance to debug the merge and --conflicts to detect dead or redundant rules.
• Risk-gated writes — 4-stage draft/review/stop lifecycle for write actions (#73), plus state witness re-validates git state before every write (#74), plus drift guard halts plan deviation in real time (#63).
• Agent reputation — dynamic scoring (#39/#59) feeds routing and gate decisions.

New Commands

• chitin mcp-govern — framework-agnostic governance MCP server (#124)
• chitin mcp-serve — policy-as-guidance MCP tools (#92)
• chitin mcp-sync — auto-generate policy rules from .mcp.json (#112)
• chitin session — full session lifecycle (start, wrap, end, install-shell, list, rate)
• chitin research init --from-issue — bootstrap research-phase manifest from a GH issue (#131, #132)
• chitin preflight — intent-layer governance before action evaluation (#66)
• chitin doctor and init --all — diagnose + bulk-install across drivers (#91)
• chitin driver heartbeat <name> — emit driver liveness to sentinel (#90)
• chitin flow emit — manual flow-event emission (#83)
• chitin explain — human-readable governance decisions
• chitin inheritance — audit policy merge chain (chain, merge, simulate, violations)
• chitin audit --inherited — audit each chitin.yaml in the inheritance chain (#65)

Governance & Policy

• New invariants: dangerous-force-push blocks git push --force (#119/#120), no-credential-file-creation (Write-only semantics, #48/#57), plus artifact-protection invariants.
• Policy engine: IsStricterThan, Merge, and LoadWithInheritance (#40/#60); prefix/* glob support (#58); stateful policies — session-aware rules (#1); sequence fingerprinting for doom-loop detection (#2).
• Governance Intelligence Tier 0 — Permission Explainer + Policy Audit (#9).

Driver Support

• Codex and Gemini CLI hook handlers.
• Copilot coding agent instructions + review integration.
• OpenClaw plugin adapter via before_tool_call (#12).
• Git driver + reusable chitin-gate workflow for CI governance (#129).

Workflows

• Reusable chitin-gate workflow (#129) and semantic-advisory workflow (probabilistic, non-blocking) (#130).
• Claude Code 2.x hook payload fix — now reads stdin instead of env vars (#111).

Sessions & Telemetry

• Soul attribution — every governance event tags the active soul (#96); session triple enriched with SoulContext (#97); unified agent+soul attribution on every emit path (#105).
• Session artifact triple on End (soft coverage, not gating) — contract with sentinel + atlas.
• Hook lifecycle events for sentinel health tracking (#81).
• Git-based LinkCollector populates session.links.json edges (#114).

Breaking Changes

• agentguard → chitin rename across the codebase. Pre-v0.2 configs using agentguard keywords should migrate. (Internal rename; external chitin.yaml schema is unchanged.)

Fixes

• Claude Code 2.x hook payload via stdin (#111); deny event on fail-closed when chitin.yaml missing (#113); various gate workflow fixes (#134–#139); non-deterministic hashing; session persistence; deny-with-requires semantics.

Docs

• README Feynman refresh (#108); Chitin Platform vs Chitin Kernel naming (#107); GETTING_STARTED hub + claws wrapper docs (#68, #69); closed-loop runbook as verification procedure (#143); ASCII diagrams replacing mermaid (#70).

Spec

• Published chitin protocol v0.1 — execution events + dispatch contract (#103).

---

Install: go install github.com/chitinhq/chitin/cmd/chitin@v0.3.0 or grab a release binary from the assets below.

Upgrade: Existing chitin.yaml files keep working. Run chitin doctor after upgrade to verify hook wiring; re-run chitin init <driver> if hook payload format has drifted.

v0.1.0 — Lean Governance Kernel

Chitin v0.1.0

Clean-room rewrite of the AgentGuard kernel. Single Go binary, zero npm dependencies.

What's inside

• 26 invariants — battle-tested safety checks (secret exposure, protected branches, force push, CI/CD protection, and 22 more)
• 6 action types — simplified from v1's 43: read, write, exec, git, net, dangerous
• 2 modes — monitor (warn) or enforce (block)
• Deny-wins-always — deny rules override allow rules regardless of order
• 6 commands — claude-hook, copilot-hook, evaluate, init, status, validate

Install

curl -fsSL https://raw.githubusercontent.com/chitinhq/chitin/main/install.sh | bash

Quick start

chitin init claude    # set up Claude Code hooks
chitin init copilot   # set up Copilot hooks
chitin status         # check readiness
chitin evaluate -t Bash -c "rm -rf /" -p chitin.yaml  # test evaluation

Stats

• 2,137 lines of Go
• 3.6 MB binary
• 2 dependencies (yaml.v3 + cobra)
• 0 lines of TypeScript