Changelog

This page lists notable changes across all five Aira surfaces (backend API, dashboard, Python SDK, TypeScript SDK, docs). SDK releases are versioned and linked to PyPI / npm; backend / dashboard ship continuously off main.

If you're integrating against the API, the wire contract is stable — nothing in the changelog below is a breaking change. Field names (action_uuid, receipt_uuid, etc.) are the same as they've always been; only user-facing labels and added features have changed.

Universal Receipts — 2026-04-15

Every terminal action state now produces a signed Ed25519 receipt. Previously, only successful actions (notarized) were signed; denials and failures were recorded in the audit log but lacked cryptographic proof.

New receipt statuses:

• notarized — action completed successfully, receipt seals the outcome.
• denied — policy blocked the action, receipt proves the system caught it.
• failed — action executed but failed, receipt records the failure.
• denied_by_human — human reviewer rejected the action, receipt records who and when.

Gateway: policy denials now return a receipt_uuid in the error response body (both OpenAI and Anthropic formats), so the denial is cryptographically verifiable without a second API call.

Zero audit gaps. A regulator can verify any decision Aira made, including the ones it blocked.

SDKs v3.1.0 — DORA compliance module — 2026-04-14

Full support for the EU Digital Operational Resilience Act (Regulation 2022/2554) — in force since 17 January 2025, mandatory for every EU financial entity and their critical ICT providers.

Install:

pip install aira-sdk==3.1.0
npm install aira-sdk@3.1.0

Backend: new /api/v1/dora/* routes covering Articles 17–19 (incidents), 24–27 (resilience testing), and 28–44 (ICT third-party register). Major-incident PDFs are rendered server-side and signed with Ed25519 using the same key infrastructure as EU AI Act reports. Gated behind ENABLE_DORA=true (default on).

Python + TypeScript SDKs (v3.1.0): 12 new methods each, sync + async mirrors on Python. New types: DoraIncident, IctThirdParty, DoraTest.

Dashboard: three new admin-only sections under /dashboard/dora/ — incidents list + detail + classify/resolve flows, ICT third-party register CRUD, resilience test log.

Docs: three new guides (DORA compliance, incident reporting, third-party risk) plus the DORA API reference.

SDKs v2.4.0 — 2026-04-15

Three phases of SDK work, catching up since v2.1.0. All additive.

Install:

pip install aira-sdk==2.4.0
npm install aira-sdk@2.4.0

Phase B — Article 6 signed explanation envelope (v2.2.0):

• verify_action_explanation() / verifyActionExplanation() on both sync Aira and AsyncAira. Public endpoint — no API key needed, so a regulator or auditor with just the saved JSON can re-verify.
• ActionExplanation carries an _envelope block (Ed25519 signature over the canonical JSON of the explanation, excluding the envelope itself and request_id).
• New types: ExplanationVerification, ExplanationEnvelope (TS).

Phase C — Annex IV technical documentation (v2.3.0):

• New constant FRAMEWORK_ANNEX_IV = "eu_ai_act_annex_iv" exported from both SDKs alongside FRAMEWORK_ART12 / ART9 / ART6.
• create_compliance_report(framework=FRAMEWORK_ANNEX_IV, ...) generates the full Annex IV technical file mapped 1:1 to the nine sub-sections referenced by Article 11. 10-year retention.

Phase 2 — Output content-scan policy (v2.4.0):

• get_output_policy() / update_output_policy(**fields) (PATCH semantics — only fields you pass change). Admin role required.
• ActionReceipt.output_scan_flags: dict | None carries the mode (flag / deny / redact), decision, worst severity, libraries, and per-pattern hits. None when output filtering is disabled.
• New types: OutputPolicy, OutputPolicyUpdate, OutputScanFlags, OutputScanHit (TS).

See Output Filtering and the envelope guide for the full behaviour.

Backend + Dashboard — 2026-04-15

Output content filtering (Phase 2)

• New enable_output_filtering feature flag, default True.
• POST /api/v1/output-policies GET + PATCH for the per-org policy. Admin-only. Returns 404 when feature flag off.
• POST /api/v1/output-policies/test — dry-run sandbox. Returns what would fire under the current policy without minting a receipt. Powers the dashboard "Test your policy" panel at /dashboard/settings/output-filtering.
• Notarize hook scans outcome_details against the org's policy. Three modes: flag (record on the receipt), deny (refuse the receipt with HTTP 422 OUTPUT_SCAN_VIOLATION, action stays at pre-notarize state), redact (matched spans replaced with [REDACTED] before the outcome is hashed and signed).
• output_scan_flags JSON column added to action_receipts — part of the signed canonical payload, so the scan result is cryptographically tamper-evident.
• output_scan_policy JSON column added to organizations — hydrated with defaults on read.

See Output Filtering guide + API reference.

Article 6 signed envelope (Phase B)

• Every GET /api/v1/actions/{id}/explanation response carries an _envelope block (Ed25519 signature, content_hash, signing_key_id, generated_at).
• New public endpoint POST /api/v1/verify/explanation — accepts a saved explanation JSON, recomputes the canonical hash, verifies the signature against the public key registered at the JWKS endpoint. No auth required.
• PDF rendering of Article 6 explanations now embeds the envelope metadata so paper exports carry the same proof as the JSON form.

See Article 6 envelope guide.

Annex IV technical documentation (Phase C)

• New compliance report framework eu_ai_act_annex_iv, generates the full Annex IV technical file mapped to the nine sub-sections referenced by Article 11.
• 10-year retention (retention_requirement_years: 10) per Article 18, vs Article 12's 6 years.
• Pulls every input from existing data: org profile, registered agents, policy catalogue, signing keys, policy evaluations, behavioral baselines, drift alerts, settlement commitments.
• Section metadata also exposed on the report row's report_metadata.sections, so the dashboard can render per-section without re-fetching the PDF.

See Annex IV guide.

Phase 1 cleanup

• Article9RiskCategory model + GET /api/v1/compliance/reports/article9/categories query route. Each Article 9 report now also persists one row per (agent_id, category) observed in the period — answers "what was agent X's risk profile in Q1 2026?" without re-running the generator.
• New per-article guide pages: Article 12, Article 9, Article 6.

Internal cleanup (no behaviour change)

• All four _build_legacy_v1_N_payload builders deleted, verify dispatch collapsed to one path. ACTION_RECEIPT_VERSION reset to "1". No customer receipts existed at the older versions — pure dead-code removal.
• Provider adapter api_key= backwards-compat shim removed; the one supported path is now credentials={"api_key": "..."}.
• 45 accumulated Alembic migrations collapsed into a single 0001_initial_schema migration that uses Base.metadata.create_all. Future schema changes start adding incremental migrations on top of 0001 as normal. Hosting moves via pg_dump / pg_restore unaffected.

Audit fixes shipped during the same window

• Redact mode now honours redact_severity_threshold (was redacting on every match regardless of severity — leaked policy signal).
• Explicit await db.rollback() in deny-mode OUTPUT_SCAN_VIOLATION path so rollback doesn't depend on implicit FastAPI exception handling.
• apply_redaction applies the Luhn validation filter symmetrically for credit-card matches (no more false-positive CC redactions).
• ActionReceiptSummary and ActionNotarizeResponse schemas now expose output_scan_flags so the SDK gets the scan result back on the same response, no second round trip needed.
• CORS allow_methods now includes PATCH (previously the /output-policies PATCH preflight failed silently).

Polish — 2026-04-15

• Landing page #04 Content Scan card + #12 Compliance Reports card updated to reflect Phases B/C/2.
• Docs what-is-aira overview gained a "Compliance bundles + regulator-ready reports" subsection covering Article 12, Article 9, Article 6 (with envelope), Annex IV.
• UUID label sweep across dashboard dialogs, docs prose, and the Python CLI: anywhere the underlying value is a UUID and the human-facing label said "ID", it now says "UUID". Wire-contract field names (action_uuid, receipt_uuid, etc.) are unchanged.

Earlier history

The platform shipped its initial round of regulatory features in the weeks leading up to this changelog page (Article 12 / Article 9 / Article 6 PDFs, compliance bundles with Annex VII field mapping, Merkle settlements, drift detection, multi-party signatures, replay context, agent identity + DIDs, evidence packages, agent estate). Going forward each shipped feature gets a dated entry above.