bmdhodl · bmdhodl · Feb 20, 2026 · Feb 21, 2026
diff --git a/.github/actions/agentguard-eval/action.yml b/.github/actions/agentguard-eval/action.yml
@@ -34,7 +34,7 @@ runs:
   using: "composite"
   steps:
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
       with:
         python-version: ${{ inputs.python-version }}
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,8 +14,8 @@ jobs:
       matrix:
         python-version: ${{ github.event_name == 'pull_request' && fromJSON('["3.9","3.12"]') || fromJSON('["3.9","3.10","3.11","3.12"]') }}
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'pip'
@@ -32,16 +32,16 @@ jobs:
             --cov-fail-under=80
       - name: Upload coverage artifact
         if: matrix.python-version == '3.12'
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f  # v6
         with:
           name: coverage-report
           path: coverage.xml
 
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
           cache: 'pip'

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -16,8 +16,8 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v6
-      - uses: github/codeql-action/init@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e  # v4
         with:
           languages: python
-      - uses: github/codeql-action/analyze@v4
+      - uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e  # v4
diff --git a/.github/workflows/entropy.yml b/.github/workflows/entropy.yml
@@ -12,8 +12,8 @@ jobs:
   entropy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
         with:
           python-version: "3.12"
           cache: 'pip'

diff --git a/.github/workflows/ops-cadence.yml b/.github/workflows/ops-cadence.yml
@@ -13,7 +13,7 @@ jobs:
   staleness:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -16,9 +16,9 @@ jobs:
       id-token: write
       attestations: write
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
 
@@ -31,12 +31,12 @@ jobs:
           SOURCE_DATE_EPOCH: "0"
 
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a  # v3
         with:
           subject-path: sdk/dist/*
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1
         with:
           packages-dir: sdk/dist/
           password: ${{ secrets.PYPI_TOKEN }}

diff --git a/.github/workflows/release-content.yml b/.github/workflows/release-content.yml
@@ -13,7 +13,7 @@ jobs:
   announce:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
         with:
           fetch-depth: 0  # full history for changelog
 

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -15,14 +15,14 @@ jobs:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
         with:
           persist-credentials: false
-      - uses: ossf/scorecard-action@v2.4.3
+      - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a  # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
-      - uses: github/codeql-action/upload-sarif@v4
+      - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e  # v4
         with:
           sarif_file: results.sarif
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -242,14 +242,15 @@ Step-by-step instructions for common tasks. Follow these patterns for consistenc
 
 ### Public API Surface
 
-**Tracing:** `Tracer`, `TraceContext`, `TraceSink`, `JsonlFileSink`, `StdoutSink`, `HttpSink`
+**Tracing:** `Tracer`, `TraceSink`, `JsonlFileSink`, `StdoutSink`, `HttpSink`
 **Guards:** `LoopGuard`, `FuzzyLoopGuard`, `BudgetGuard`, `TimeoutGuard`, `RateLimitGuard`
 **Exceptions:** `LoopDetected`, `BudgetExceeded`, `BudgetWarning`, `TimeoutExceeded`
 **Instrumentation:** `trace_agent`, `trace_tool`, `patch_openai`, `patch_anthropic`, `unpatch_openai`, `unpatch_anthropic`
 **Async:** `AsyncTracer`, `AsyncTraceContext`, `async_trace_agent`, `async_trace_tool`, `patch_openai_async`, `patch_anthropic_async`, `unpatch_openai_async`, `unpatch_anthropic_async`
 **Cost:** `estimate_cost`
 **Evaluation:** `EvalSuite`, `EvalResult`, `AssertionResult`
-**Integrations:** `AgentGuardCallbackHandler` (LangChain), `guarded_node`/`guard_node` (LangGraph), `AgentGuardCrewHandler` (CrewAI), `OtelTraceSink` (OpenTelemetry)
+**Integrations:** `AgentGuardCallbackHandler` (LangChain), `guarded_node`/`guard_node` (LangGraph), `AgentGuardCrewHandler` (CrewAI)
+**Sinks (optional import):** `OtelTraceSink` (`from agentguard.sinks.otel import OtelTraceSink`)
 
 ### Constraints
 

diff --git a/README.md b/README.md
@@ -113,12 +113,13 @@ pip install agentguard47[langchain]
 ```
 
 ```python
-from agentguard import Tracer, BudgetGuard
+from agentguard import Tracer, BudgetGuard, LoopGuard
 from agentguard.integrations.langchain import AgentGuardCallbackHandler
 
-tracer = Tracer(guards=[BudgetGuard(max_cost_usd=5.00)])
+tracer = Tracer(service="my-agent")
 handler = AgentGuardCallbackHandler(
     tracer=tracer,
+    loop_guard=LoopGuard(max_repeats=3),
     budget_guard=BudgetGuard(max_cost_usd=5.00),
 )
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -4,9 +4,9 @@
 
 | Version | Supported          |
 |---------|--------------------|
-| 1.1.x   | Yes                |
-| 1.0.x   | Security fixes only |
-| < 1.0   | No                 |
+| 1.2.x   | Yes                |
+| 1.1.x   | Security fixes only |
+| < 1.1   | No                 |
 
 ## Reporting a Vulnerability
 
@@ -27,6 +27,7 @@ Include:
 - **Triage:** Within 7 days
 - **Fix:** Target 30 days for critical, 90 days for others
 - **Disclosure:** Coordinated with reporter, following 90-day standard
+- **Credit:** Reporters are credited in release notes and this file unless they prefer to remain anonymous
 
 ## Scope
 

diff --git a/docs/blog/001-why-agents-loop.md b/docs/blog/001-why-agents-loop.md
@@ -69,12 +69,6 @@ AgentGuard report
 
 The guard caught the loop on the third identical call. No tokens wasted. No silent failure.
 
-Open the trace viewer to see the full event timeline in your browser:
-
-```bash
-agentguard view traces.jsonl
-```
-
 ## Why this matters
 
 Without tracing, loop failures are invisible. Your agent returns after 30 seconds and you don't know if it did useful work or burned $2 in API calls repeating itself.

diff --git a/docs/examples/langchain_example.md b/docs/examples/langchain_example.md
@@ -40,7 +40,6 @@ print(response)
 
 ```bash
 agentguard report traces.jsonl
-agentguard view traces.jsonl
 ```
 
 ## Notes

diff --git a/docs/guides/getting-started.md b/docs/guides/getting-started.md
@@ -42,12 +42,6 @@ AgentGuard report
   Approx run time: 0.3 ms
 ```
 
-Open a timeline in your browser:
-
-```bash
-agentguard view traces.jsonl
-```
-
 ## 3. Add a loop guard
 
 Stop agents that repeat themselves. Guards auto-check on every `span.event()` call:

diff --git a/examples/cost_guardrail.py b/examples/cost_guardrail.py
@@ -155,4 +155,3 @@ def research_agent(topic: str, max_iterations: int = 50) -> str:
     # If using local file, show how to view the trace
     if not api_key:
         print(f"\nView trace: agentguard report cost_guardrail_traces.jsonl")
-        print(f"Open viewer: agentguard view cost_guardrail_traces.jsonl")
diff --git a/sdk/README.md b/sdk/README.md
@@ -31,7 +31,6 @@ with tracer.trace("agent.run") as span:
 
 ```bash
 agentguard report traces.jsonl   # summary table
-agentguard view traces.jsonl     # Gantt timeline in browser
 ```
 
 ## Guards
@@ -161,7 +160,6 @@ sink = HttpSink(
 
 ```bash
 agentguard report traces.jsonl      # human-readable summary
-agentguard view traces.jsonl        # Gantt trace viewer in browser
 agentguard summarize traces.jsonl   # event-level breakdown
 agentguard eval traces.jsonl        # run evaluation assertions
 agentguard eval traces.jsonl --ci   # CI mode (stricter checks, exit code)
-Original file line number
+Diff line change
@@ Expand Up / @@ -40,7 +40,6 @@ print(response) @@
     ```bash
     agentguard report traces.jsonl
-    agentguard view traces.jsonl
     ```
     ## Notes
@@ Expand Down @@