Reference
Changelog
What changed in Fibric, newest first. The platform follows semver: the kernel contract, the EventEnvelope, the propose-then-approve loop, and the receipt shape are stable across the 1.x line. Connectors and operators you ship today keep working as we add capability.
Dates are release dates. Added is new surface, Changed may need attention on upgrade, Fixed is a correctness fix. The CLI and SDKs share one version line. Subscribe to releases with fibric notify releases --on.
A documentation-only release: the docs site expanded, and the API reference was reorganized from one page into an overview plus per-group references. No platform behavior changed.
- Dedicated API reference pages per endpoint group: Events, Operators, Connectors, Actions & plans, and Receipts, each with full parameter tables, curl examples, and error cases.
- Errors: the error envelope, the complete code table grouped by HTTP status, and the 409 semantics for idempotency conflicts and the single-flight entity lock.
- Rate limits & quotas: the
X-RateLimitheaders, default limits per endpoint group, burst behavior, 429 handling, and the action allowance quota.
- The API reference became an overview page: authentication, versioning, idempotency, pagination, the envelope-to-receipt object model, and an index of every endpoint. Detailed endpoint documentation moved into the group pages; existing anchors redirect.
- The docs navigation gained the expanded Concepts, Build, and Reference sections that these pages live in.
The first stable release. The kernel contract is frozen for the 1.x line: one canonical EventEnvelope, the AI proposes a plan and a deterministic check approves or blocks it, single-flight per entity, idempotency keys, fail-closed trust, walled-off tenancy, and a receipt for every action. Everything built on these holds.
- Stable
1.0kernel contract:EventEnvelope,ExecutionPlan, and the receipt shape are now covered by the semver guarantee. - Receipt export to CSV and JSONL with
fibric receipt export, scoped to the active tenant and ready for an auditor. - Marketplace publishing for connectors, with immutable versions and a validated
noun.verbcapability contract. - First-class Python SDK reaching parity with TypeScript:
define_connector,tool, andPlanproduce the same contract on the wire.
- Side-effecting tools now fail closed by default: if no trust-policy rule allows a step, the executor declines it rather than running it. Add an explicit allow rule to keep prior behavior.
- The CLI consolidated
fibric receiptsandfibric receiptinto the singularreceiptgroup. The plural alias is kept through1.x.
- Single-flight now keys on the full entity path, so two operators acting on the same order can no longer interleave a double hold.
fibric operator run --dry-runprints every step's idempotency key, matching exactly what a real run would submit.
The release-candidate line. Capability-over-connector indirection landed end to end, so swapping one vendor for another became a configuration change instead of a rewrite.
- Capability binding: operators request a capability like
order.read, and the platform routes it to whichever installed connector provides it. fibric connector test <name> <tool>to run a tool against a real connection; reads run, side-effecting tools dry-run.- OAuth 2.0 auth helper, with the platform running the authorization dance and refreshing tokens out of your code path.
- Operators now bind to capabilities rather than connector names. A manifest that named a connector directly needs to name the capability instead.
- Idempotency keys moved from optional to required on every side-effecting plan step. The CLI warns on any step missing one.
- Vault credential resolution no longer leaked a connection's secret name into operator logs.
- Plans proposed with zero steps now return an empty receipt set instead of erroring.
Tenancy hardening. Every envelope and every row now carries reseller_id and tenant_id, and isolation is enforced at the data layer, not by application code remembering to filter.
- Row-level tenancy on every table, keyed on
reseller_idandtenant_id, so a query can never reach across the wall. - Tenant-scoped tokens:
fibric token createmints a credential that resolves to exactly one tenant and only that tenant. - The
senseandreasonseams in the operator SDK, separating reads from the base-model reasoning step.
- Real-data-only is now enforced for live tenants: a view backed by a fallback is tagged
source:"fallback"so a placeholder can never read as a governed metric.
- Receipts written during a retry no longer duplicate; the idempotency key coalesces them into one.
- The executor now releases single-flight on a thrown tool error instead of holding the entity until timeout.
The propose-then-approve loop took its current shape. The model stopped acting. It started proposing a validated ExecutionPlan that a deterministic check approves or blocks: the split that makes Fibric governable.
- The deterministic executor: it validates a proposed plan, checks it against the trust policy, and runs each approved step one at a time.
- The receipt ledger: every step records its proposal, the policy rule applied, the idempotency key, and the result.
plan.submit()in both SDKs as the single handoff from an operator's proposal to the executor.
- Operators can no longer call a side-effecting tool directly; the tool must become a step in a plan. Direct calls now raise at validation time.
sideEffectingtools that returned early without a result no longer leave a receipt in a pending state.
Older beta notes live in the release archive. For what these versions document, start at Core concepts or the CLI reference.