# tenuo > High-performance capability authorization engine for AI agents. Cryptographically attenuated warrants, task-scoped authority, verifiable offline. Rust core. - **URL**: https://www.freshcrate.ai/projects/tenuo - **Author**: tenuo-ai - **Category**: MCP Servers - **Latest version**: `v0.1.0-beta.23` (2026-04-25) - **License**: NOASSERTION - **Source**: https://github.com/tenuo-ai/tenuo - **Homepage**: https://tenuo.ai - **Language**: Rust - **GitHub**: 54 stars, 4 forks - **Registry**: github (`tenuo-ai/tenuo`) - **Tags**: `a2a`, `agents`, `ai-agents`, `capabilities`, `cryptography`, `langchain`, `langgraph`, `llm`, `mcp`, `rust` ## Description High-performance capability authorization engine for AI agents. Cryptographically attenuated warrants, task-scoped authority, verifiable offline. Rust core. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v0.1.0-beta.23` | 2026-04-25 | High | ### Fixed - **Malformed warrant bytes at activity ingress now surface as a non-retryable `CHAIN_INVALID` denial** with a DENY audit event (`constraint_violated="malformed_warrant_header"`). Previously, CBOR-semantic errors from `Warrant.from_bytes` leaked out of `_extract_warrant_from_headers` as an uncaught `DeserializationError`, which could be treated as retryable by Temporal and was invisible to audit sinks. ### Changed - **`TenuoPluginConfig.retry_pop_max_windows` default rai | | `v0.1.0-beta.22` | 2026-04-14 | Medium | ## What's Changed ### Fixed - **Delegation constraint violations no longer hang workflows** — `TemporalConstraintViolation` raised inside `tenuo_execute_child_workflow()`, `workflow_grant()`, and `workflow_issue_execution()` is now wrapped as `ApplicationError(non_retryable=True)`. Previously, misconfigured delegation chains caused infinite Temporal retries. - **PopDedupStore warning downgraded to DEBUG** — no more noisy warnings on every worker startup during local development. ### Ad | | `v0.1.0-beta.21` | 2026-04-14 | Medium | ## What's Changed ### Changed - **Modularized `tenuo.temporal` package** — the monolithic `temporal.py` (5 300+ lines) is now 15 focused submodules (`_interceptors`, `_workflow`, `_client`, `_config`, `_pop`, `_headers`, `_decorators`, `_state`, `_dedup`, `_observability`, `_constants`, `_resolvers`, `_warrant_source`, `exceptions`, `temporal_plugin`). Public imports (`from tenuo.temporal import X`) are unchanged thanks to `__getattr__` lazy loading. Internal (`_`-prefixed) symbols must no | | `v0.1.0-beta.20` | 2026-04-13 | Medium | ### Breaking - **Removed `trusted_approvers` / `approval_threshold` from `TenuoPluginConfig`** — warrant is sole source of truth for approvers and threshold (#372) ### Security - Temporal child workflow header isolation — fail-closed without `tenuo_execute_child_workflow()` (#349) - Temporal mint activity fail-closed on missing `issue_execution()` (#349) - CodeQL path injection fix (#361) - Authorizer approval response blind spots (#362) ### Added - A2A approval transport for h | | `v0.1.0-beta.19` | 2026-04-10 | Medium | ### Security - Guarded telemetry emissions across all adapters — control-plane outages can no longer crash the authorization path. - MCP client connection detection uses proper `isinstance` checks instead of fragile string matching. ### Added - MCP `request_hash` threading through the wire protocol for end-to-end approval correlation. - `tenuo.cp_transport` module — HTTP transport extracted from core for clean protocol/transport separation. - ADK `redact_args_in_logs` option to preve | | `v0.1.0-beta.18` | 2026-04-09 | Medium | See [CHANGELOG.md](https://github.com/tenuo-ai/tenuo/blob/v0.1.0-beta.18/CHANGELOG.md) for full history. ### Security - **Explorer** — Vite updated to 8.0.8+ (dev-server advisories: GHSA-p9ff-h696-f583, GHSA-v2wj-q39q-566r, GHSA-4w7w-66w2-5vf9). ### Added - **FastMCP `TenuoMiddleware`** — runs `MCPVerifier` on every `tools/call`; optional `tenuo[fastmcp]` extra. - **Temporal `TenuoTemporalPlugin`** — client + worker interceptors and sandbox passthrough; `TenuoPluginConfig.from_env()` fo | | `v0.1.0-beta.17` | 2026-04-06 | Medium | ## 0.1.0-beta.17 — 2026-04-05 See [CHANGELOG.md](https://github.com/tenuo-ai/tenuo/blob/v0.1.0-beta.17/CHANGELOG.md) for the full history. ### Security - **CodeQL / supply-chain hygiene** — `docs/_preview.py` resolves markdown only under `docs/` (realpath containment). Explorer uses `replaceAll` where global replacement is intended. Blog layout loads GoatCounter over HTTPS with Subresource Integrity. ### Added - **Signed approval envelopes in audit payloads** — `VerifiedApproval` | | `v0.1.0-beta.16` | 2026-04-01 | Medium | ### Added - **Approval records in authorizer receipts** — `AuthorizationEvent` now includes verified `ApprovalRecord`s when human-in-the-loop approvals contributed to an authorization decision. Only approvals that passed all cryptographic and policy checks are included. - `**VerifiedApproval` struct** — new type propagated through `ChainVerificationResult` to avoid redundant Ed25519 re-verification in the audit path. ### Security - **15 new cryptographic tests** — comprehensive round-trip, | | `v0.1.0-beta.15` | 2026-03-29 | Medium | ## What's Changed ### Added - **`ArgApprovalGate::Exempt`** — new approval gate variant (in development). See Tenuo Cloud documentation for usage details. - **`WRAP_TOOL_CALL_SUPPORTED` flag** exported from `tenuo.langgraph` — lets callers detect at runtime whether the installed LangGraph version supports authorization hooks (`wrap_tool_call` requires LangGraph ≥ 0.3 / Python 3.10+). - **rand 0.9 upgrade** — `SigningKey::generate` now uses `OsRng.try_fill_bytes` with `Zeroizing<[u8; 32]> | | `v0.1.0-beta.14` | 2026-03-21 | Low | ## What's new in beta.14 ### Signing correctness - **`SignedEvent.signing_payload`** — The exact CBOR bytes that were signed are now included in every audit event. The control plane verifies these directly instead of reconstructing the payload, eliminating cross-language CBOR encoding mismatches. - **`sign_event()` authorizer ID override** — Events buffered before registration completed were previously signed with a stale pending ID. The flush path now always uses the canonical registered | ## Citation - HTML: https://www.freshcrate.ai/projects/tenuo - Markdown: https://www.freshcrate.ai/projects/tenuo.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/tenuo/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._