Changelog¶

All notable changes to Xybern are listed here. Xybern follows Semantic Versioning.

2026-05¶

LLM Gateway, Proxy layer between your application and LLM providers (OpenAI, Anthropic, Google, Azure). Every prompt and completion is evaluated against active policies before reaching the model or your system. Supports dry-run mode for safe policy testing.
Active Connections, Real-time view of all LLM provider connections in the Sentinel dashboard, with per-connection enforcement statistics.
MCP Proxy Gateway Mode, Run Xybern's MCP server as a transparent proxy in front of any existing MCP server. All tool calls are intercepted and enforced without changes to the downstream server.

Enforcement response now includes decision_path (fast or full) so you can distinguish cached from fully evaluated decisions.
Temporal Permission Windows now support action-level constraints within a scope, not just scope-level grants.

Policy-as-Code SDK, Define, version, and deploy policies as Python code. Xybern diffs your policy definitions against current state and applies changes atomically with full Provenance Vault tracking.
A2A Delegation, Agent-to-Agent delegation. An agent can grant a subset of its own permissions to another agent for a specific task, with full audit trail.
Policy Shadow Mode, Evaluate new policies against live traffic without enforcing them. Identify false positives before activating a policy in production.
Agent RBAC, Assign roles to agents and attach policies to roles. Simplifies governance at scale without per-agent policy management.
Federation, Connect multiple Xybern workspaces or external identity providers for cross-organisation enforcement.

POST /v1/enforce/intercept latency reduced on the fast path, average under 5 ms.
Breakglass events now trigger an automatic Slack or webhook notification if a webhook is configured for the breakglass event type.

Escalation status polling no longer returns stale state after a resolution is submitted in under 500 ms.

Temporal Permission Windows, Time-bounded permissions that auto-expire. Modelled after JIT access patterns in human IAM, purpose-built for AI agents.
Breakglass Protocol, Emergency override mechanism with mandatory justification, audit logging, and per-agent cooldown (max 3 per 30 minutes).
Custom Policy Builder, UI-based policy authoring for non-engineering teams. Build metadata-driven rules without writing code.
Metadata Field Policy, Evaluate arbitrary action metadata fields (amount, recipient, region) against policy rules without SDK changes.
Webhooks, Subscribe to enforcement events and receive them at any HTTP endpoint. Supports decision.allow, decision.block, decision.escalate, escalation.resolved, breakglass.triggered, and policy.changed.

Agent registry now supports tags and description fields for easier management at scale.
Decision log pagination now supports cursor-based pagination in addition to offset-based.

SDK Auto-Capture, Automatically intercept agent tool calls without adding manual intercept calls at each action site. Zero code changes for CrewAI, LangGraph, AutoGen, and LlamaIndex integrations.
Credential Lifecycle Management, Automatic issuance, rotation, and revocation of agent credentials. Agents never hold long-lived secrets.
Human-in-the-Loop, Full escalation flow with Sentinel dashboard review queue, resolution API, and SDK-level wait_for_escalation() polling.
Provenance Vault, Immutable audit log for every enforcement decision, escalation, policy change, and credential event.

Framework integrations now include full examples for CrewAI, AutoGen, LangGraph, LlamaIndex, and custom pipelines.

Core enforcement API, POST /v1/enforce/intercept for pre-execution action interception. Returns allow, block, or escalate with trust score, reasoning, and vault entry ID.
Agent-to-Agent communication enforcement, POST /v1/enforce/agent-comm for governing messages between agents in multi-agent pipelines.
Agent Registry, Register, update, suspend, and deregister agents. All enforcement decisions are tied to a registered agent_id.
Policies CRUD, Create, read, update, and delete policies via API. Policies are evaluated against every intercepted action.
Decisions & Escalations API, Query the immutable decision log, list pending escalations, and resolve them programmatically.
Sentinel Dashboard, Web interface for security teams to monitor decisions, review escalations, and manage agents and policies.
Python SDK, Official SDK with enforcement client, policy management, escalation polling, and auto-capture layer.