orionfold-relay 0.19.0 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -104,10 +104,13 @@ The governance is *in* the workflow, not bolted on. A blueprint is a fixed step
104
104
  ## Why it stays trustworthy
105
105
 
106
106
  - **Local-first** — SQLite database, no cloud dependency, `npx orionfold-relay` and go
107
+ - **Never phones home** — no telemetry, no update checks, no license server; the complete outbound-network inventory is documented and code-linked in [docs/trust/data-flow.md](docs/trust/data-flow.md)
107
108
  - **Your rules, enforced** — tool permissions, inbox approvals, and audit trails for every agent action
108
109
  - **Your AI team** — 21 specialist profiles ready to deploy, each with instructions, tool policies, and runtime tuning
109
110
  - **Know what you spend** — usage metering, budgets, and per-provider/per-model spend visibility on governed runs
110
- - **Open source** — Apache-2.0, read the engine and run it yourself
111
+ - **Open source & verifiable** — Apache-2.0, read the engine and run it yourself; every npm release ships with a provenance attestation and a CycloneDX SBOM ([docs/trust/supply-chain.md](docs/trust/supply-chain.md))
112
+
113
+ Evaluating Relay for an enterprise? The full trust pack — [security packet](docs/trust/security-packet.md), [data-flow disclosure](docs/trust/data-flow.md), [supply-chain verification](docs/trust/supply-chain.md), [plain-language license terms](docs/trust/license-terms.md), and [continuity statement](docs/trust/continuity.md) — lives in [`docs/trust/`](docs/trust/). Vulnerability reports: [SECURITY.md](SECURITY.md).
111
114
 
112
115
  <img src="https://raw.githubusercontent.com/orionfold/relay/main/public/readme/inbox-list.png" alt="The governance command center: tool-permission approvals, agent questions, and a permission queue — nothing reaches a client without sign-off" width="1200" />
113
116
 
@@ -139,6 +142,9 @@ relay license remove <license-id> # forget a license
139
142
  - **What's free stays free.** Capabilities never move from the free engine into a paid
140
143
  pack. Paid packs are new content, not repossessed features.
141
144
 
145
+ The full terms in plain language — seats, transfer, what expiry does and doesn't do —
146
+ are in [docs/trust/license-terms.md](docs/trust/license-terms.md).
147
+
142
148
  ---
143
149
 
144
150
  ## Runtime bridge
package/dist/cli.js CHANGED
@@ -1186,7 +1186,7 @@ var CURRENT_PLUGIN_API_VERSION, CAPABILITY_VALUES, ORIGIN_VALUES, PrimitivesBund
1186
1186
  var init_types = __esm({
1187
1187
  "src/lib/plugins/sdk/types.ts"() {
1188
1188
  "use strict";
1189
- CURRENT_PLUGIN_API_VERSION = "0.19";
1189
+ CURRENT_PLUGIN_API_VERSION = "0.20";
1190
1190
  CAPABILITY_VALUES = ["fs", "net", "child_process", "env"];
1191
1191
  ORIGIN_VALUES = ["ainative-internal", "third-party"];
1192
1192
  PrimitivesBundleManifestSchema = z.object({
@@ -12891,7 +12891,7 @@ var init_registry6 = __esm({
12891
12891
  init_registry5();
12892
12892
  init_installer();
12893
12893
  init_schedule_spec();
12894
- SUPPORTED_API_VERSIONS = /* @__PURE__ */ new Set([CURRENT_PLUGIN_API_VERSION, "0.18"]);
12894
+ SUPPORTED_API_VERSIONS = /* @__PURE__ */ new Set([CURRENT_PLUGIN_API_VERSION, "0.19"]);
12895
12895
  pluginCache = null;
12896
12896
  lastLoadedPluginIds = /* @__PURE__ */ new Set();
12897
12897
  PluginTableSchema = z16.object({
@@ -25623,8 +25623,8 @@ import { execFileSync as execFileSync3 } from "child_process";
25623
25623
  import yaml12 from "js-yaml";
25624
25624
  import semver from "semver";
25625
25625
  function relayCoreVersion() {
25626
- if (semver.valid("0.19.0")) {
25627
- return "0.19.0";
25626
+ if (semver.valid("0.20.0")) {
25627
+ return "0.20.0";
25628
25628
  }
25629
25629
  try {
25630
25630
  const root = getAppRoot(import.meta.dirname, 3);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "orionfold-relay",
3
- "version": "0.19.0",
3
+ "version": "0.20.0",
4
4
  "description": "Orionfold Relay — a local-first, multi-agent orchestration runtime and builder scaffold for AI-native work.",
5
5
  "keywords": [
6
6
  "ai",
@@ -1,6 +1,6 @@
1
1
  id: echo-server
2
2
  version: 0.1.0
3
- apiVersion: "0.19"
3
+ apiVersion: "0.20"
4
4
  kind: chat-tools
5
5
  name: Echo Server
6
6
  description: |
@@ -1,6 +1,6 @@
1
1
  id: finance-pack
2
2
  version: 0.1.0
3
- apiVersion: "0.19"
3
+ apiVersion: "0.20"
4
4
  kind: primitives-bundle
5
5
  name: Finance Pack
6
6
  description: |
@@ -1,6 +1,6 @@
1
1
  id: reading-radar
2
2
  version: 0.1.0
3
- apiVersion: "0.19"
3
+ apiVersion: "0.20"
4
4
  kind: primitives-bundle
5
5
  name: Reading Radar
6
6
  description: |
@@ -53,7 +53,7 @@ import type { ScheduleSpec } from "@/lib/validators/schedule-spec";
53
53
  // unfixed from 0.15.0 through 0.16.0 — treat the window test's failure as
54
54
  // a release blocker, not noise). The 0.13→0.14 three-MINOR bridge is over;
55
55
  // this is the standard 2-MINOR window now.
56
- const SUPPORTED_API_VERSIONS = new Set([CURRENT_PLUGIN_API_VERSION, "0.18"]);
56
+ const SUPPORTED_API_VERSIONS = new Set([CURRENT_PLUGIN_API_VERSION, "0.19"]);
57
57
 
58
58
  /** Test-helper export so the window-enforcement test can read state. */
59
59
  export function isSupportedApiVersion(apiVersion: string): boolean {
@@ -6,7 +6,7 @@ import { z } from "zod";
6
6
  // (a hardcoded copy there once drifted to "0.14" — scaffolded plugins would
7
7
  // have been disabled on load the moment the window tightened). Bump on every
8
8
  // MINOR release; api-version-window.test.ts fails if this goes stale.
9
- export const CURRENT_PLUGIN_API_VERSION = "0.19";
9
+ export const CURRENT_PLUGIN_API_VERSION = "0.20";
10
10
 
11
11
  // Shared capability tuple — single source of truth used by Zod schema and
12
12
  // capability-check.ts hash derivation. Exported so consumers don't need a