Skip to content

chore: Update agentforge-mcp requirement from <0.4,>=0.3 to >=0.3,<0.5#151

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agentforge-mcp-gte-0.3-and-lt-0.5
Open

chore: Update agentforge-mcp requirement from <0.4,>=0.3 to >=0.3,<0.5#151
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/agentforge-mcp-gte-0.3-and-lt-0.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Updates the requirements on agentforge-mcp to permit the latest version.

Release notes

Sourced from agentforge-mcp's releases.

v0.4.0 — Graph + governance foundation

AgentForge v0.4.0 — Graph + governance foundation

Released 2026-06-24. Coordinated release train (ADR-0015): every workspace package bumps to 0.4.0 in lockstep.

The 0.4 train lands embedded, zero-ops graph storage and sharper GraphRAG; an offline upgrade-drift report so consumers can see what a version bump fixed; the first pillar of a governance spine (identity); and a data-loss fix in agentforge upgrade. Two new packages ship: agentforge-memory-kuzu and agentforge-governance. Additive and backward compatible — safe to upgrade from 0.3.x.


Highlights

  • feat-027 — embedded KuzuGraphStore. A zero-ops, file-backed, in-process graph store — path: .ckg and the store exists, no server (the graph analogue of the SQLite MemoryStore). It implements the locked GraphStore contract and passes run_graph_conformance, so it is swap-compatible with the Neo4j / SurrealDB drivers — and makes the whole graph + GraphRAG path testable offline. New agentforge-memory-kuzu package (driver: kuzu).

  • enh-005 — directional GraphRAG expansion. retrieval.graph_expansion gains direction: in | out | any, so expansion follows asymmetric edges the right way — in for callers / who-cites-X / dependents, out for callees / what-X-cites. Defaults to any (the original behaviour), so existing agents are byte-for-byte unchanged. No ABC change.

  • enh-006 — upgrade drift report. agentforge upgrade --notes [FROM..TO] prints which fixes — and the issues they close — a version range shipped, so a consumer can clean up workarounds a bump made removable instead of letting them linger. Works offline from a release_notes.json shipped in the wheel; a real agentforge upgrade also prints the summary for the range it crossed. Plus a @deprecated registry that warns and feeds the report.

  • feat-029 — governance: identity (pillar 1). The foundation of a governance spine (ADR-0023): every agent gets a stable, portable Principal so every action has a name. New IdentityProvider contract + conformance in core; the existing Principal is widened additively (kind / owner) so one principal serves both auth and identity. New agentforge-governance package ships the offline local driver (HMAC-signed credentials, URN ids). governance.identity config. Registry / policy / audit pillars follow on the 0.5 train.

  • bug-025 — agentforge upgrade data-loss fix. Upgrade was overwriting forked files and erasing agentforge:custom blocks; it now skips forked files and preserves the custom region via the three-section merge, and

... (truncated)

Changelog

Sourced from agentforge-mcp's changelog.

[0.4.0] — 2026-06-24

"Graph + governance foundation." Embedded zero-ops graph storage and directional GraphRAG; an offline upgrade-drift report; the first governance pillar (identity); and the agentforge upgrade data-loss fix. Two new packages — agentforge-memory-kuzu and agentforge-governance. Every workspace member bumped to 0.4.0.

Added

  • feat-029 — governance: identity (pillar 1). First pillar of the governance spine (ADR-0023): every agent gets a stable, portable Principal so every action has a name. New IdentityProvider contract (issue / resolve / verify / credential / rotate) + run_identity_conformance in agentforge-core; the existing Principal is widened additively with kind / owner (backward compatible — one principal for auth + identity). New agentforge-governance package ships the offline local driver (LocalIdentityProvider, in-process HMAC-signed credentials, URN ids agentforge:agent:<org>/<name>@<version>). governance.identity config block

    • build_identity_from_config. The Agent(identity=) wiring + runtime stamping follow with the audit pillar. Registry / policy / audit pillars land on the 0.5 train.
  • feat-027 — embedded KuzuGraphStore. A zero-ops, file-backed, in-process GraphStore driver — path: .ckg and the store exists, no server (the graph analogue of the SQLite MemoryStore). New agentforge-memory-kuzu package, registered as kuzu under the graph_stores entry-point category. Implements the locked GraphStore ABC and passes run_graph_conformance, so it's swap-compatible with the Neo4j / SurrealDB drivers; makes the whole graph + GraphRAG path testable offline. Mutations + get_node/get_edges use native openCypher (MERGE upserts); traverse/match run as Python algorithms over those primitives for exact contract semantics. kuzu>=0.11.3 (native; ships cp313 wheels for the CI matrix). Purely additive — existing configs and drivers untouched.

  • enh-005 — directional GraphRAG expansion. retrieval.graph_expansion (and the GraphExpansion value) gain direction: in | out | any, so graph expansion can follow asymmetric edges the right way — in for callers / who-cites-X / dependents, out for callees / what-X-cites / dependencies. any (the default) is the original undirected traverse behaviour, so existing agents are byte-for-byte unchanged. Directional expansion rides the already-locked GraphStore.get_edges(direction=...) primitive via a BFS in the Retrieverno ABC change, no major bump, no new package. Improves feat-023. First piece of the 0.4 graph train (see the enh-005 spec).

  • enh-006 — upgrade drift report (agentforge upgrade --notes). After bumping the framework pin, a consumer can now see which fixes (and the issues they close) the bump shipped, so dead workarounds get cleaned up instead of lingering. agentforge upgrade --notes [FROM..TO] prints the drift report for a version range (bare --notes = your current pin → the

... (truncated)

Commits
  • be9bf86 chore(release): v0.4.0 polish — full PyPI README + roadmap row + date bump to...
  • b0d878e chore(release): prep v0.4.0 (version bump + release notes) (#128)
  • 0b39661 test(e2e): cover the new v0.4 surfaces in the packaged-wheel gate (#127)
  • a73b10e feat(feat-029): governance identity — Principal + IdentityProvider + local dr...
  • 6ba8021 docs(feat-028): scrub market-positioning + competitor names from the OSS spec...
  • e564986 docs(feat-028): spec durable execution + human-in-the-loop (feat(ENH-019): serve-mcp working-directory auto-discovery #115-era control ...
  • 7d95dea feat(feat-027): embedded KuzuGraphStore (zero-ops file-backed graph driver) (...
  • 19335da feat(enh-005): directional GraphRAG expansion (in/out/any) (#122)
  • e587172 docs(feat-027,enh-005): port the 0.4 upstream specs into the repo (#121)
  • 7cd1f2b chore: Bump actions/checkout from 6 to 7 (#113)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [agentforge-mcp](https://github.com/Scaffoldic/agentforge-py) to permit the latest version.
- [Release notes](https://github.com/Scaffoldic/agentforge-py/releases)
- [Changelog](https://github.com/Scaffoldic/agentforge-py/blob/main/CHANGELOG.md)
- [Commits](Scaffoldic/agentforge-py@v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: agentforge-mcp
  dependency-version: 0.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants