Changelog¶

1.2.0 (2026-03-08)¶

backend: add AES-256-GCM encryption backend (#141) (9ea7881)
backend: add per-key random salt key derivation to FernetBackend (64f2a76)
backend: add per-key random salt key derivation to FernetBackend (#143) (64f2a76)
bench: add multi-backend benchmarks and docs page (#145) (2dd4256)
serialization: add multi-backend coexistence and dispatch (#144) (c971d33), closes #145

create EncryptedJSON TypeDecorator for transparent column (dc70d5c)
examples: add encrypted ADK agent example with Ollama (f898849)
examples: add encrypted ADK agent example with Ollama (#139) (f898849)
session: rewrite EncryptedSessionService as DatabaseSessionService wrapper (#134) (dc70d5c), closes #133
spike: TypeDecorator wrapping spike — GO decision for Epic 7 (#130) (b9919df), closes #129

adr: add ADR-007 Architecture Migration decision (#132) (d94f883), closes #131
examples: reference basic usage example in README and (f898849)
getting-started: clarify swap is two changes, not three imports (#127) (9296ae3)
session: Epic 7 retrospective and sprint status update (f898849)
session: revise Epic 4 scope and extract shared test fixture (#138) (252ad4e)
session: update docs for Epic 7 architecture migration (#137) (c810c56)

address code review findings for story 6.2 (3ebeb6d)
correct docstring template db_url to db_path (3ebeb6d)
correct schema independence claims and architecture (3ebeb6d)
docs: address code review findings for story 6.2 (3ebeb6d)
docs: correct docstring template db_url to db_path (3ebeb6d)
docs: correct schema independence claims and architecture characterization (#123) (3ebeb6d), closes #121
docs: remove edit pencil icons from docs site (8f44167)
docs: replace inaccurate 'drop-in replacement' claims with BaseSessionService references (f323d5e)

add superseded revision markers to planning artifacts and ADRs (#125) (afbb53e), closes #124
branding: add custom palette, logo, favicon, badges, and social links (d71a38b)

ci: remove unsafe-best-match index strategy from smoke test (592ebe1)
ci: replace TestPyPI gate with local wheel smoke test (#97) (cf932e8)
docs: apply code review fixes for Getting Started guide (efb222e)
release: guard fromJSON with short-circuit to prevent empty parse (#90) (cd3eca5)

architecture: add envelope protocol and algorithm specification pages (#92) (f76555a), closes #91
docstrings: add Examples sections to 5 EncryptedSessionService (44911c4)
docstrings: add fenced examples to all public APIs and enforce docvet fail-on (#85) (44911c4)
docstrings: add missing See Also and Attributes sections (44911c4)
faq: add FAQ page with 6 required entries and nav integration (#96) (f3e7ade), closes #95
getting-started: add Getting Started guide with full example and (efb222e)
getting-started: add Getting Started guide with full example and verification (#101) (efb222e), closes #100
mkdocs: restructure nav, add strict builds, and complete site setup (#88) (8544448), closes #86
roadmap: update completion status, add backend upgrade schedule (#94) (1357afd), closes #93
templates: prescribe fenced-blocks-everywhere in (44911c4)

session: EncryptedSessionService — drop-in replacement for ADK's BaseSessionService with field-level encryption at rest
encryption: Fernet symmetric encryption backend (AES-128-CBC + HMAC-SHA256) with async-first design
serialization: Self-describing binary envelope format with version and backend metadata for future key rotation
persistence: Async SQLite persistence via aiosqlite with own schema, independent of ADK internals
validation: ConfigurationError with startup-time passphrase and backend validation
security: Coordinated disclosure policy (SECURITY.md), Apache-2.0 license, zero-CVE dependency audit
ci: Automated PyPI releases via OIDC trusted publishing — no stored tokens, changelog generation via release-please