BradGroux/veritas-kanban v4.0.0

v4.0.0 — Agent Governance & Trust

on GitHub

Veritas Kanban 4.0 — Agent Governance & Trust

This is the governance release. VK now ships a complete Agent Governance Layer — configurable policies, behavioral drift detection, decision audit trails, output evaluation, and user feedback analytics. Alongside that: a fully customizable dashboard grid, a Prompt Template Registry with version control, and a real-time Global System Health Bar.

All shadcn/ui components have been upgraded to v4 with Tailwind v4 integration. The MCP server grows to 33+ tools across 7 categories, including full comment CRUD and project management. Seven new SOP guides, an updated API reference, and a comprehensive self-hosting guide round out the docs.

54 commits since v3.3.3.

✨ Added

🛡️ Agent Governance Layer

• Agent Policy & Guard Engine (#178) — Define what agents can and can't do. Configurable allow / deny / require-approval guard rules per tool and action, with configurable precedence (deny-first or allow-first), per-agent and per-project scoping, and a built-in audit log for every policy decision. REST API: GET/POST /api/policies, GET/PUT/DELETE /api/policies/:id, POST /api/policies/:id/evaluate.

• Decision Audit Trail with Assumption Tracking (#179) — Log agent decisions with structured records: decision text, confidence score, supporting evidence, stated assumptions. Record outcomes afterward to see whether assumptions held. Full-text search and filtering by agent, task, and confidence range. REST API: GET/POST /api/decisions, GET/PUT/DELETE /api/decisions/:id, POST /api/decisions/:id/outcome.

• Agent Output Evaluation & Scoring Framework (#180) — Score agent outputs against weighted criteria profiles: RegexMatch, KeywordContains, NumericRange, CustomExpression. Composite scoring via weightedAvg, minimum, or geometricMean. Evaluation history with per-scorer breakdown and per-dimension explanations. REST API: GET/POST /api/scoring/profiles, POST /api/scoring/evaluate, GET /api/scoring/history.

• Behavioral Drift Detection & Alerting (#181) — Set metric baselines and alert thresholds; get notified when agent behavior deviates. Drift status lifecycle: ok → warning → alert → resolved, with automatic timestamps on detection and resolution. REST API: GET/POST /api/drift, GET/PUT/DELETE /api/drift/:id, POST /api/drift/:id/resolve.

• User Feedback Loop with Sentiment Analytics (#182) — Collect feedback on agent outputs with sentiment tagging (positive / neutral / negative) and category labels. Aggregate analytics: sentiment breakdowns, trends over time, category distributions. REST API: GET/POST /api/feedback, GET/DELETE /api/feedback/:id, GET /api/feedback/analytics.

📊 Dashboard & Visibility

• Draggable & Resizable Dashboard Widget Grid (#183) — Drag-and-drop widget repositioning with smooth animations, resizable widgets with snap-to-grid, and layout persistence via settings.json. Add or remove widgets from the library.

• Global System Health Status Bar (#185) — Persistent header bar with five health levels (stable → reviewing → drifting → elevated → alert) across three signal categories: system resources, agent availability, and operation success rate. Expand for a detail panel. REST API: GET /api/v1/system/health.

📝 Prompt Template Registry

• Prompt Template Registry with Version Control (#184) — Version-controlled prompt templates with variable extraction ({{agent_name}}, {{task_context}}), full version history with rollback to any prior version, usage tracking, and preview rendering with sample variable injection. REST API: full CRUD at /api/prompt-registry/templates.

🔌 MCP

• MCP comment CRUD tools (PR #206) — Five new MCP tools: add_comment, list_comments, get_comment, update_comment, delete_comment. Works with task-level and sprint-level comments.

• MCP project management tools (PR #227, reimplements #151) — Seven new MCP tools: list_projects, get_project, create_project, update_project, delete_project, get_project_stats, reorder_projects. Thanks @hekr4jivs for the original implementation.

🔗 Lifecycle & Notifications

• Lifecycle hooks wired to notification service (PR #201) — Hooks with notify: true now push events through the notification service, integrating with @mention notifications for addressable hook alerts.

📚 Documentation

• Comprehensive MCP server docs at docs/mcp/README.md — architecture, quickstart, full tool catalog with examples, security model, troubleshooting, and FAQ.
• docs/guides/SELF_HOST.md — Production self-hosting guide covering reverse proxy setup, auth hardening, Docker, and backups. Thanks @xechehot for the original guide (reimplements #126).
• Seven new SOP guides covering agent governance, broadcasts, delegation, deliverables, squad chat, system health monitoring, and prompt registry.
• Updated docs/API-REFERENCE.md with all v4.0 endpoints.

🔄 Changed

• shadcn/ui v4 upgrade (#186, PR #219) — All UI components updated for shadcn/ui v4 compatibility with Tailwind v4 integration. Breaking prop changes resolved across the component tree.

  ⚠️ Upgrade note: If you have customized shadcn/ui components, review the shadcn/ui v4 migration guide before upgrading. The Tailwind v4 integration changes how theme tokens are defined.

🐛 Fixed

• Squad chat panel scroll (PR #225, #224) — Panel now properly scrolls to latest message; overflow clipping bug in nested flex containers resolved.
• False cycle detection in dependency API (PR #208, #188) — DFS algorithm no longer flags valid multi-path dependencies as cycles when two nodes share a common ancestor.
• TypeScript build errors (PR #207, #177) — Resolved type mismatches from shadcn/ui v4 and Zod 4 type inference changes. Thanks @TylonHH for the original fix (reimplements #130).
• SystemHealthBar successRate percentage display (PR #212, #211) — successRate is now correctly formatted as a percentage (0–100) instead of a decimal (0–1).

🙏 Community Contributors

• @xechehot — Self-hosting guide (#226, reimplements #126)
• @TylonHH — Settings schema fix (#228, reimplements #130)
• @hekr4jivs — MCP project management tools (#227, reimplements #151)

Thank you — this release is better because of you.

🔗 Key Links

• Full Changelog
• API Reference
• Self-Hosting Guide
• MCP Server Docs
• Agent Governance SOPs