Which AI harnesses support which v0.7 attested-cortex features — today, planned, in progress, blocked. The operator's contract for choosing a harness against the attested-cortex feature set.
Each row is an MCP-speaking AI harness. Each column is a v0.7 feature track. Cells use a five-level status alphabet so the operator can scan a row (“what does my harness do?”) or a column (“who has this feature?”) at a glance.
| Harness | A1+A2Capabilities v3 ( accept="v3") |
B1memory_load_family |
B2memory_smart_load |
G-trackHook pipeline | H-trackEd25519 attestation | I-trackSidechain transcripts | J-trackApache AGE (Postgres) |
K10Approval API |
|---|---|---|---|---|---|---|---|---|
| Claude Code Anthropic, deferred-tool registration via ToolSearch |
✅ | 🚧 | 🚧 | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Claude Desktop Anthropic, eager-load only |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Codex CLI OpenAI, eager-load only |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Cursor Anysphere, MCP via stdio |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Cline VS Code extension, MCP via stdio |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Continue.dev VS Code / JetBrains, MCP via stdio |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Aider CLI pair-programmer, MCP via stdio |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Goose Block / Square, MCP via stdio |
✅ | ⚠️ | ⚠️ | ✅ | ✅ | ✅ | ✅ | 🚧 |
| Generic JSON-RPC any MCP-compliant client / SDK |
✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Reading guide. The substrate features (G/H/I/J/K-track) ship in the v0.7.0
server binary — they are server-side capabilities that any MCP-speaking
client can drive over JSON-RPC. The harness column tells you whether the harness's
UX shell exposes those capabilities ergonomically (e.g. surfacing approval prompts to
the operator, or routing memory_load_family as a natural-language affordance).
Capabilities v3 (A1+A2) is unconditionally supported by every MCP harness because it’s a
passive response-shape change — the harness simply receives more data.
Why memory_load_family / memory_smart_load show partial / in-progress.
Eager-load harnesses (Claude Desktop, Codex, Cursor, Cline, Continue, Aider, Goose) can call
these tools, but cannot mid-session register newly-loaded tools without a session restart.
Claude Code is the only first-class harness today with deferred-tool registration via
ToolSearch — B1/B2 land in Claude Code first and roll out as harnesses adopt the MCP
notifications/tools/list_changed primitive.
Each v0.7 feature column maps to one or more tracks in V0.7-EPIC.md. The references below tie each cell’s status back to a specific PR / RFC section / migration paragraph.
The memory_capabilities response gets a top-level schema_version: 3
field plus per-family auto-discovery driven by the client request header
accept="v3". v2 fields stay at the same paths with the same shapes —
v3 is strictly additive. SDKs that pin v2 receive the v2 response unchanged through
all of v0.7.x. Universal support: any harness that already speaks
memory_capabilities receives v3 transparently.
memory_load_familyNamed loader tool that takes a family identifier (e.g. "governance",
"knowledge_graph") and registers that family’s tools into the live MCP
session. Replaces the v0.6.4 paradigm of
memory_capabilities(family=…, include_schema=true) as the canonical
runtime-expansion path. Most cells today are 🚧 in progress because B1
is mid-track in v0.7.x.
Refs: V0.7-EPIC.md §Track B
memory_smart_loadNatural-language loader that takes an intent string
(e.g. "I need to write a permission policy") and infers which families to
register. Built on top of B1 plus the v0.6.5 schema-compaction work absorbed into Track
C. This is the cortex-fluent answer to the v0.6.4 fancy-notebook framing —
the agent describes what it wants, not which tools to load.
Refs: V0.7-EPIC.md §Track B · #546
Subprocess JSON-stdio hook executor with 20 documented event types
(pre_store, post_store, pre_link, post_link,
pre_recall, pre_transcript_store, etc.), four decision shapes
(Allow / Modify(MemoryDelta) / Deny /
AskUser), per-event-class hard timeouts, and SIGHUP hot reload. Server-side
feature; transparent to the harness. ✅ universal.
Per-agent Ed25519 keypair management, outbound link signing over canonical CBOR
(RFC 8949 §4.2.1), inbound verification against the observed_by claim,
and a tri-state attest_level enum (unsigned / self_signed
/ peer_attested) returned in every link record. Server-side — harness
sees only the new field. ✅ universal.
Append-only memory_transcripts table (BLOB + zstd-3) plus
memory_transcript_links join table, per-namespace TTL with
archive-then-prune lifecycle, and the memory_replay <id> MCP tool.
Lets agents store full reasoning traces alongside the conclusions. Server-side.
✅ universal.
Refs: V0.7-EPIC.md §Track I
Optional Postgres-backed Cypher implementations of memory_kg_query,
memory_kg_timeline, memory_kg_invalidate, plus the new
memory_find_paths(source, target) MCP tool. Dual-path tests assert
set-equivalent results vs. the SQLite CTE backend. Bench-gated:
AGE-mode p95 must be ≥30% faster than CTE-mode at depth=5.
N/A on the SQLite default install; opt-in via Postgres adapter.
Refs: V0.7-EPIC.md §Track J · ADR-0002
HTTP + SSE + MCP surfaces for human-in-the-loop approvals, with HMAC mandatory and
remember=forever persistence. Wraps the K9 permission-decision contract
plus the G4 hook AskUser decision shape. Most harness cells show
🚧 in progress — harness UX integration is per-harness work
(the API is universal but the UX shell varies).
Refs: V0.7-EPIC.md §Track K10
Every cell in the matrix above is backed by a Discovery Gate observation cell. The Discovery Gate is a public, append-only ledger of live LLM × harness × release-binary runs, with full transcripts, MCP wire logs, and machine-checkable verdict JSON.
The tests/calibration_t0.rs
suite drives a synthetic MCP client through every cell of the matrix above —
capability-discovery sweep, loader invocation, hook fire-and-decision, attestation
round-trip, transcript replay, AGE/CTE dual-path equivalence, and approval-API HMAC
handshake — against the v0.7.0 release binary. CI-gated; any regression fails the PR.
The Discovery Gate repo runs each supported harness against the v0.7.0 release binary with a real LLM and publishes the verdict JSON. v0.6.4 ran 6/6 PASS against live xAI Grok 4.3; v0.7.0 expands to T5 mesh-recovery cells plus per-feature tracks (G/H/I/J/K).
| Tier | What it measures | v0.6.4 baseline | v0.7.0 target |
|---|---|---|---|
| T0 Calibration | Wire-shape parity, error-recovery diagnostics | 6/6 PASS | Per-track gate, all green |
| T1 Awareness | Agent recognizes all families exist | 100% PASS | Capabilities v3 must surface every loader |
| T2 Reactive recovery | Agent recovers from -32601 via --include-schema | 100% PASS | Same; memory_load_family path also tested |
| T3 Proactive expansion | Agent reaches for the loader before failing | 100% PASS | memory_smart_load(intent=…) proactive-load path |
| T4 Mesh recovery | Mesh routes around misconfigured peers | 100% PASS (3/3) | K6 A2A correlation IDs + retry + replay protection |
| T5 Attestation | Inbound link verified against peer’s known pubkey | n/a | H6 verification end-to-end test, signed-events audit table |
Not every track lands in the v0.7.0 cut. The items below are explicitly deferred to v0.7.1 or later, with a published rationale. This section is the operator’s counterpart to the “deferred” section in rfc-attested-cortex.md §Out of scope.
sqlite-vec migration + per-namespace HNSW shardsllm.rs + streaming tool responsesPermanently out of OSS scope. Hardware-backed key storage (TPM / HSM / Secure Enclave), compliance certification (FIPS-140, Common Criteria), 24x7 SLA support, curated skill marketplace operations, and hosted multi-tenant federation hubs all live in the AgenticMem commercial layer. The OSS provides the abstractions and protocols; the certified-managed deployments are commercial. See RFC §Out of scope for the full rationale.
The companion table for harness authors. Lifted directly from rfc-attested-cortex.md §Server / SDK compatibility.
| Server version | SDK 0.6.3 | SDK 0.6.4 | SDK 0.7.0 | Notes |
|---|---|---|---|---|
| v0.6.3 | ✅ | ✅ (additive only) | ⚠️ (v0.7 SDK may call missing tools) | v0.6.3 lacks loaders, AGE, attestation |
| v0.6.4 | ✅ | ✅ | ⚠️ (v0.7 SDK may call missing tools) | v0.6.4 lacks all v0.7 features |
| v0.7.0 | ✅ (v2 fields preserved) | ✅ (v2 fields preserved; v3 ignored) | ✅ (full feature set) | Wire compat preserved through v0.7.x |
Forward compat. The v0.7.0 server preserves v0.6.4 wire formats
(v2 capabilities response, all existing tool surfaces, all existing HTTP routes).
A v0.6.4 SDK calling a v0.7.0 server sees the same shapes it saw before; new fields
are present in responses but the SDK ignores them. New tools (loaders,
memory_find_paths, memory_replay, memory_verify,
memory_approval_*) are present in tools/list but the v0.6.4 SDK
doesn’t call them; no harm.
Backward compat caveat. A v0.7.0 SDK calling a v0.6.4 server may
attempt to call tools that don’t exist (memory_find_paths etc.) —
the SDK handles this with a clean ToolNotFound error, not a hard failure.
SDK consumers on v0.7.0 should feature-detect via memory_capabilities before
calling new tools.
The matrix above is the single-screen operator summary. The links below are the authoritative documents the matrix is lifted from.
Refresh cadence: this page is updated after each track lands (G → H → I → J → K). The matrix cells move from 🚧 to ✅ as the Discovery Gate observation cells flip green. File an issue if a cell doesn’t match what you observe in the wild.