# OpenDQV > Open-source, contract-driven data quality validation. Shift-left enforcement at the point of write — before data enters your pipeline. - **URL**: https://www.freshcrate.ai/projects/OpenDQV - **Author**: OpenDQV - **Category**: MCP Servers - **Latest version**: `v2.3.25` (2026-04-29) - **License**: MIT - **Source**: https://github.com/OpenDQV/OpenDQV - **Language**: Python - **GitHub**: 10 stars, 2 forks - **Registry**: github (`OpenDQV/OpenDQV`) - **Tags**: `data-contracts`, `data-governance`, `data-quality`, `data-validation`, `fastapi`, `mcp`, `open-source`, `python` ## Description Open-source, contract-driven data quality validation. Shift-left enforcement at the point of write — before data enters your pipeline. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v2.3.25` | 2026-04-29 | High | ## Summary Two related fixes shipped together for cohesive checksum-correctness hardening on the v2.3.x line. Found during the post-v2.3.24 inside-check (Mac BT outside-review defect for the rename, BT-7274 inside-check for the fail-closed gap). ## What changed ### 1. Rename \`isin_mod11\` → \`isin_luhn\` The algorithm key was mathematically misnamed in v2.3.23. The math is **Luhn mod-10** over the expanded numeric encoding (A=10..Z=35), not mod-11. Comments, error message text, and explaine | | `v2.3.9` | 2026-04-26 | High | ## CRT172 / K1 + K2 — auditor-readable audit event surface Adds two auth-gated endpoints over the `quality_stats` audit table so an auditor can read the rows every `/validate` and `/validate/batch` call already writes. ### New endpoints - **`GET /api/v1/audit/events/{event_id}` (K1)** — single row by the event_id UUID emitted on the validation response. Returns full audit detail incl. JSON-decoded `rule_failure_counts`. 404 when not found. - **`GET /api/v1/audit/events` (K2)** — cursor-pagin | | `v2.2.5` | 2026-04-17 | High | ### Added - **\`opendqv fork \`** — copy a contract to a new name as a clean DRAFT. Rewrites \`name:\`, \`version: \"1.0\"\`, \`status: draft\`, and \`asset_id:\` in place while preserving all comments, descriptions, and rules from the source. Replaces the \`cp + edit + reset\` workflow with one command. - **Linter rule \`FILENAME_NAME_MISMATCH\`** — \`opendqv lint\` now errors when the filename stem differs from the YAML's internal \`name:\` field. Catches the footgun where \`cp med | | `v2.2.4` | 2026-04-17 | High | ### Shipped - **43 bundled contracts now ship inside the Python package.** `pip install opendqv` followed by `opendqv list` works with zero configuration. Before v2.2.4, pip-install users saw *"No contracts found"* because the `contracts/` directory lived at repo root and never entered the wheel. They now live at `opendqv/contracts/` inside the package. - **`opendqv init --all`** — new flag copies every bundled contract (43+ regulated domains) plus reference lookup files into the target director | | `v2.2.3` | 2026-04-15 | High | ### Fixed - **4 broken `max_length` rules** in banking_transaction, fmcg_product, retail_product, and media_content contracts. Rules used `max:` instead of `max_length:` in YAML — Pydantic alias mapped to wrong field, so rules silently never fired. Found via MCP-driven sample record audit. - **16 sample record files** aligned with v1.1 contracts. 11 full rewrites (v1.0→v1.1 field name changes), 5 minor fixes. 142/142 sample records now validate correctly. - **proof_of_play samples** — panel_id | | `v2.2.2` | 2026-04-12 | Medium | ### Fixed - MCP server version was hardcoded as "1.8.4" — now reads from `config.ENGINE_VERSION` dynamically | | `v2.2.1` | 2026-04-11 | Medium | ## Highlights - **Security:** Removed yaml.full_load() fallback — eliminated RCE vector from YAML loading path - **Performance:** O(n squared) to O(n) grouped uniqueness — 954x faster at 2,000 records (131s to 0.14s) - **Maintainability:** _check_rule() dispatch table — 417-line god function to 23 handlers + dict lookup - **DX:** 62 broken import paths fixed across 27 docs files for pip users ### Full changelog 15 code quality improvements shipped via PICK methodology (Possible/Implement/Chal | | `v2.2.0` | 2026-04-11 | Medium | ## Highlights - **Security:** Removed yaml.full_load() fallback — eliminated RCE vector from YAML loading path - **Performance:** O(n squared) to O(n) grouped uniqueness — **954x faster** at 2,000 records (131s to 0.14s) - **Maintainability:** _check_rule() dispatch table — 417-line god function to 23 handlers + dict lookup - **DX:** 62 broken import paths fixed across 27 docs files for pip users ### Full changelog 15 code quality improvements shipped via PICK methodology (Possible/Implement/ | | `v2.1.0` | 2026-04-11 | Medium | ## What's Changed **Critical distribution fix** — `pip install opendqv` now works correctly. `import opendqv` succeeds, all modules live under the `opendqv/` namespace, and no PyPI package collisions. ### Changes - **Namespace restructure**: All modules moved under `opendqv/` package — eliminates collisions with `sdk`, `security`, `core` top-level PyPI packages - **SEC-001 hardened**: `regex` library is now a required dependency — ReDoS timeout protection guaranteed on every install - **`opend | | `v2.0.0` | 2026-04-07 | Medium | OpenDQV Core graduates from Alpha to **Beta**. No breaking changes from 1.9.8 — this release is a status milestone, not an API break. Existing 1.9.x deployments upgrade in place. ## What Beta means - **Public API surface is stable.** REST endpoints, contract YAML schema, MCP tool names, and Python SDK signatures will not change without a deprecation cycle (one minor release of warnings before removal). - **Security fixes are backported** to the latest 2.x line. - **Coverage 93%, 3,398 tests** | ## Dependency audit - **Score**: 18/100 - **Total deps**: 48 - **Resolved**: 19 - **Unresolved**: 29 - **License conflicts**: 0 - **Warnings**: 35 - **Scanned**: 2026-05-04 ## Citation - HTML: https://www.freshcrate.ai/projects/OpenDQV - Markdown: https://www.freshcrate.ai/projects/OpenDQV.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/OpenDQV/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._