2 publicaciones etiquetados con "security"

For a year, every AI feature in Parthenon spoke to a model the same way: build a prompt, send it, get one answer back. Abby answers a question. The publication writer drafts a paragraph. Useful — but fundamentally a vending machine. You put a prompt in, a completion comes out, and the model never gets to look around, use a tool, or change its mind.

This milestone changes that. Parthenon now runs genuine agentic copilots — built on Anthropic's Claude Agent SDK, the same autonomous loop that powers Claude Code — inside two workflows: the Study Designer and the Publication assistant. The agent decides which tools to call, iterates (search → draft → validate → refine), keeps a session across turns, streams its work to the browser, and — critically — asks for permission before it writes anything. It ships on a reusable, profile-agnostic core, behind a super-admin runtime switch, with PHP still holding the pen on every database write.

This post is the full story: the architecture, the four pull requests that built it, the human-in-the-loop approval gate, and the engineering discipline (and bugs) along the way.

v1.0.7 — CE/EE Fork, Extension Points, AGPLv3​

v1.0.7 is the largest architectural release in the v1.0.x arc. Where v1.0.6 was a feature drop (FinnGen, SSO, light mode), v1.0.7 is the foundation work that makes Parthenon a platform — a Community edition (AGPLv3) that remains fully usable on its own and an Enterprise edition that swaps in proprietary drivers for auth, tenancy, crypto, audit, observability, feature flags, installer phases, and compose composition.

It also completes the AGPLv3 relicense, ships Harmonia (AI-assisted concept-mapping with a reviewer UI), lands four new industry templates (NAACCR, STS, NCDR, lis_lab_to_omop), brings up the managed OHDSI Shiny runtime, and closes four critical Sentinel security findings.