- Claims vs. Reality verification —
verify_claimsstage extracts factual claims from agent output, matches against signed provenance, classifies as verified/unverified/contradicted/fabricated. Verification report is itself a signed artifact. - MCP Server — SpineFrame is now an MCP server (10 tools, stdio + SSE). Published on official MCP registry as
io.github.Ratnaditya-J/spineframe. Any MCP client can run audits, retrieve reports, verify provenance. - MCP-based evidence gathering — Compliance pipeline gathers evidence from GitHub and filesystem via MCP tool-use loop with dynamic turn allocation.
- Cross-platform artifact hashing — Fixed
write_text→write_bytesfor consistent SHA-256 hashes on Windows. - Compliance report provenance — Report now shows evidence source breakdown (GitHub vs filesystem), type distribution, and tool call statistics instead of empty research-style provenance chain.
- Cost propagation — LLM costs from tool-use loops now tracked in run manifest.
- 62 registered stage types, 930 tests.
Initial release.
- Three production pipelines: research (11 stages), OSINT (10 stages), compliance (6 stages) with 53 registered stage types
- Full assurance layer: default trust enforcement, signed provenance (Ed25519), tool policy, domain assertions, identity-aware execution
- Provenance chain with merkle hash integrity from claim to source URL, externally verifiable
- Web UI with live progress, smart fork suggestions, run comparison, artifact browser, and provenance viewer
- Provider support for Anthropic, OpenAI, Tavily, Serper, SearXNG, and MCP tools with lazy optional dependencies