Skip to content

feat: v0.7.1 — policy engine, time-windowed budgets, Hermes/CrewAI integrations, litellm CVE fix#32

Closed
orvi2014 wants to merge 5 commits into
mainfrom
feat/hermes-crewai-integrations
Closed

feat: v0.7.1 — policy engine, time-windowed budgets, Hermes/CrewAI integrations, litellm CVE fix#32
orvi2014 wants to merge 5 commits into
mainfrom
feat/hermes-crewai-integrations

Conversation

@orvi2014

@orvi2014 orvi2014 commented May 18, 2026

Copy link
Copy Markdown
Owner

Summary

Merges all v0.6.0 and v0.7.0 work into main, releasing as v0.7.1.

What's included

v0.7.0 — Policy engine + alert hooks

  • Policy / Rule / PolicyAction — declarative spend policies with configurable actions (block, warn, log)
  • Time-windowed budgets (BudgetWindow) — daily, weekly, monthly rolling caps per user
  • Alert hooks — fire callbacks when thresholds are crossed before a call is blocked

v0.6.0 — New integrations

  • Hermes Agent integration
  • CrewAI integration

v0.7.1 — Security fix

  • Pinned litellm>=1.30.0,!=1.82.7,!=1.82.8 to block the compromised PyPI packages (CVE-2026-33634, March 24 2026)

Test results

606 passed, 3 warnings in 3.30s

All 606 tests passing across router, budget, policy, stores, integrations (LangChain, LangGraph, CrewAI, Hermes, MCP, Vercel), and telemetry.

Checklist

  • 606 tests passing
  • litellm dep excludes CVE-2026-33634 versions
  • Version bumped to 0.7.1 in pyproject.toml and init.py

🤖 Generated with Claude Code

orvi2014 and others added 5 commits May 17, 2026 21:08
@orvi2014 @claude
feat(integrations): add Hermes Agent and CrewAI integrations — v0.6.0
81ad3ac 
Hermes Agent (baar/integrations/hermes.py):
- BaarHermesProxy: runs baar as a local OpenAI-compatible HTTP proxy
- BaarHermesSession: context manager that wires a budget-capped Hermes session
  via a temp HERMES_HOME, leaving the user's real ~/.hermes untouched
- setup_baar_provider: one-time permanent Hermes config writer
- 100% test coverage (tests/test_hermes_integration.py, 27 tests)

CrewAI (baar/integrations/crewai.py):
- BaarCrewLLM: subclasses crewai.LLM; routes call()/acall() through BAARRouter
  for semantic routing + pre-flight budget kill-switch on every agent turn
- BaarStepCallback: step_callback= drop-in for existing crews; checks budget
  between steps without touching the crew's LLM configuration
- 100% test coverage (tests/test_crewai_integration.py, 30 tests)

Also: router.py race-condition guards marked pragma no cover; coverage gap
tests added to test_router.py and test_baar_router_coverage.py.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@orvi2014 @claude
feat(policy+windows+alerts): policy engine, time-windowed budgets, al…
fe70e9a 
…ert hooks — v0.7.0

- Policy engine (baar.core.policy): declarative Rule/Policy evaluation before every LLM
  call; supports block, force_small, force_big, allow actions; raises PolicyViolation on block
- Time-windowed budgets (BudgetWindow): HOURLY/DAILY/MONTHLY spend resets via
  WindowedBudgetStore; works with Memory, File, and SQLite backends
- Alert hooks (Alert): threshold callbacks with once=True/False; auto re-arm on window
  rollover and BudgetTracker.reset()
- PolicyViolation treated like TaskRejected in run()/arun() — no consecutive-error penalty
- record_manual() emits UserWarning on pricing failure instead of silently recording $0
- 606 tests passing; all 7 independent review findings verified as false positives

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@orvi2014 @claude
chore: bump fallback __version__ to 0.7.0 in __init__.py
3bf7141 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@orvi2014
Merge branch 'main' into feat/hermes-crewai-integrations
6ec3fc8
@orvi2014 @claude
fix(security): exclude litellm 1.82.7 and 1.82.8 at install time — CV…
a951af8 
…E-2026-33634

Adds !=1.82.7,!=1.82.8 to the litellm dependency constraint so pip never
resolves to the supply-chain-compromised versions. The existing runtime block
in _check_litellm_version() is preserved as defence-in-depth.

Bumps version to 0.7.1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@codecov

codecov Bot commented May 18, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 97.35450% with 5 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
baar/router.py 88.63% 5 Missing ⚠️

📢 Thoughts on this report? Let us know!

@orvi2014 orvi2014 closed this May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orvi2014