Releases: DrakoLabs/drako
Drako v3.0.0
Drako v3.0.0 — Unified Release
The Python Governance Platform for AI Agents — compliance middleware for LangGraph, CrewAI, AutoGen, and 30+ frameworks.
This release unifies versioning across all Drako components. SDK, backend, and MCP server manifests now share a single version number.
What's New
Unified Versioning
All components synchronized to v3.0.0. Version drift across pyproject.toml, __init__.py, server.json, and OpenAPI spec is resolved.
New Commands
| Command | Description |
|---|---|
drako scan --simple |
Indie-developer-friendly output — 12 curated rules with framework-aware fix suggestions |
drako nocode scan |
Governance scanner for n8n and Flowise workflow exports — 10 rules with taint propagation |
drako[comply] |
EU AI Act documentation generator — Articles 9, 11, 12, 14 in DOCX and PDF |
drako desktop scan |
MCP server discovery across 8 AI clients with Desktop Governance Score |
Scanner Expansion
- 97 total governance rules (up from 25 in v1.0.1)
- TypeScript scanner with Tree-sitter (17 dedicated rules)
- Determinism scoring, benchmark system, baseline scanning
govern()universal wrapper for runtime compliance enforcement
Infrastructure
- RFC 3161 timestamping on audit trail entries
- Automated daily threat intelligence sync (AlienVault OTX + abuse.ch)
- Proxy mode, policy templates, Helm chart
Installation
pip install drako==3.0.0With optional extras:
pip install "drako[comply]==3.0.0" # EU AI Act docs
pip install "drako[typescript]==3.0.0" # TypeScript scanningQuick Start
drako scan . # Full governance scan
drako scan --simple . # Indie-dev friendly output
drako nocode scan flow.json # No-code workflow scan
drako desktop scan # Desktop agent governance
drako comply init # EU AI Act compliance wizardFull changelog: https://github.com/DrakoLabs/drako/blob/main/CHANGELOG.md
v2.2.2
v2.2.1
Fixed
- Framework detection for LangGraph/AutoGen in subdirectories (parent directory walk-up)
- AutoGen new package names support (
autogen_agentchat,autogen_core,ag2) - Jupyter notebook
.ipynbscanning with IPython magic line stripping - CrewAI
@CrewBasepattern: agent extraction from YAML config files - Unconditional exit code 1 on critical findings removed (only with
--threshold-det) - MULTI-002 false positive on constructor calls (Crew, Task, Agent)
Added
- Finding type classification:
vulnerabilityvsrecommendation - Terminal report split into FINDINGS and RECOMMENDATIONS sections
- Recommendations excluded from governance score
finding_typefield in JSON and SARIF output formats
Full changelog: https://github.com/angelnicolasc/drako/blob/main/CHANGELOG.md
Drako v2.2.0
80 governance rules. Dual scoring. Reachability analysis. Advisory corpus. Framework-specific detection. And a new name.
pip install drako
drako scan .Highlights
Determinism Score — A second score (0-100) that measures reliability, not just security. Unset temperatures, missing timeouts, no retries. Speaks to the engineer, not the CISO.
Reachability — Findings now show whether the flagged tool is actually reachable by any agent in your code. Unreachable findings are dimmed. Fix what matters first.
DRAKO-ABSS Advisories — 25 security advisories covering OWASP Top 10 for LLMs, MITRE ATLAS, and real framework CVEs. Linked inline with scan findings.
Framework-Specific Rules — 10 rules targeting CrewAI delegation, LangGraph state, AutoGen code execution, Semantic Kernel plugins, and PydanticAI patterns.
Vendor Concentration Risk — Detects single-vendor lock-in across model, framework, cloud, and governance layers.
Baseline System — Acknowledge existing findings, only surface new issues. Commit the baseline, share across the team.
Autopilot + Templates — drako init generates smart config from your scan. Industry templates: fintech, healthcare, eu-ai-act.
Out-of-Process Proxy — Network-level enforcement that the agent cannot bypass.
Full changelog: CHANGELOG.md