🚀 The Transition to 100% Open Source (MIT)

Effective with this release, [CuraFrame is transitioning from a hybrid licensing model to the pure, permissive MIT License.

The goal of this project has always been to push the boundaries of computational architecture. By removing commercial licensing friction, this technology is now completely open for unrestricted adoption, integration, and scaling by the broader research and enterprise community.

💼 Enterprise Consulting & Integration

While the core frameworks are now freely available, deploying complex architectures at an enterprise level requires precision.

If your organization requires custom scaling, proprietary integration, or dedicated technical consulting to deploy these models into your tech stack, I am officially opening my calendar for commercial consulting.

Contact for implementation and advisory roles: dfeen87@gmail.com

Curaframe v3.0.0 — Weighted Multi‐Constraint Scoring Engine

Curaframe 3.0.0 introduces the first fully integrated Weighted Multi‐Constraint Scoring Engine, transforming the system from a rule‐based evaluator into a reasoning‐driven stability assessment platform. This major release builds directly on the 2.5.0 foundation, where the complete C++ constraint‐bundle universe and unified evaluation layer were introduced. Version 3.0.0 adds the scoring architecture that interprets those bundles, applies domain‐specific weighting logic, and produces a single Composite Stability Score for each candidate.

Highlights of the 3.0.0 Release

This release adds a multi‐layer scoring subsystem that integrates tightly with the existing evaluation pipeline. The new components include:

• WeightedScoringEngine — a modular scoring engine that ingests all bundle outputs, applies weights, penalties, and bonuses, and generates a unified Composite Stability Score on a 0–100 scale.
• ScoringPipeline — a deterministic scoring flow that normalizes bundle signals, applies weight profiles, computes weighted penalties and bonuses, and assembles a structured scoring report.
• WeightProfile Framework — a configurable weighting model supporting per‐bundle and per‐signal weights, penalty multipliers, bonus multipliers, and global scaling factors. Two profiles are included:
  • DefaultResearchProfile — balanced, general‐purpose weighting.
  • HighSafetyProfile — conservative weighting emphasizing systemic and organ‐level safety.
• ScoringReport Structure — a structured output format containing the composite score, weighted contributions, penalty and bonus breakdowns, falsification impact, weight profile metadata, and a narrative scoring summary.
• Narrative Scoring Summaries — domain‐specific explanations describing how the score was formed, which bundles influenced it most, and how penalties and bonuses shaped the final stability assessment.
• Evaluator Integration — the MultiBundleEvaluator now exposes scoring‐ready outputs and provides a clean interface for retrieving the final ScoringReport.

Architecture Overview

The scoring engine sits above the constraint‐bundle layer introduced in 2.5.0. Each bundle produces structured signals and a narrative summary; the evaluator aggregates them; and the scoring engine interprets them through a configurable weighting model. This layered design allows Curaframe to evolve into a more expressive, research‐grade simulation platform capable of multi‐domain reasoning.

Documentation Updates

New documentation has been added to support the scoring subsystem:

• docs/scoring_engine.md — architecture, scoring flow, and integration details.
• docs/weight_profiles.md — design of weight profiles and examples.
• Updated version headers and references across the documentation set.
• New [3.0.0] entry in docs/CHANGELOG.md.

Versioning

This release increments Curaframe from 2.5.0 → 3.0.0, reflecting the introduction of a major new subsystem, expanded evaluation capabilities, and a shift from rule‐checking to weighted reasoning.

CuraFrame v2.4.1 — Patch Release

Release Date: 2026‐04‐05
Scope: Second‐pass documentation hardening for version alignment, deployment accuracy, and commercial‐ready clarity.
Code Changes: None.

This release applies a focused second‐pass polish to ensure all documentation, metadata, and deployment instructions accurately reflect the v2.4.1 state of the project. No functional or behavioral changes were made.

Version Bumps

• Updated setup.py and cura_frame/__init__.py from 0.2.0 → 2.4.1.
• Updated CITATION.cff:
  • Added top‐level version: "2.4.1".
  • Updated preferred-citation version to 2.4.1.

README Corrections

Deployment Instructions

• Corrected Render.com deployment details:
  • Previous documentation incorrectly described SQLite + 1 GB persistent disk (CURAFRAME_DB=/data/curaframe.db).
  • Actual render.yaml provisions a managed PostgreSQL 18 instance and injects DATABASE_URL.
• Added missing JWT_SECRET requirement:
  • Required by config.py at startup.
  • Absence silently breaks the application; now explicitly documented.

Citation Updates

• Updated BibTeX entries:
  • Keys refreshed.
  • Year updated 2025 → 2026.
  • Version updated 0.1.0 → 2.4.1.

Structural Cleanup

• Removed stale banner:
  "📣 Update — February 2025" (no longer relevant for new readers).
• Removed duplicate ## License section near the bottom; the full, correct section already appears earlier.

Summary

This release delivers a targeted documentation‐only hardening pass to ensure CuraFrame’s deployment instructions, version metadata, and citations are accurate and commercial‐ready for v2.4.1. All changes are non‐breaking and do not affect runtime behavior, APIs, or configuration semantics.

Curaframe v2.4.0 – Release Notes

Overview

Curaframe v2.4.0 delivers a major stability, maintainability, and security upgrade across the web layer, shared database interface, and domain core. This release significantly reduces duplication, improves architectural separation, hardens authentication, and introduces the groundwork for future ORM-based migrations.

** Key Improvements**

1. FastAPI Entrypoint Refactor

• The main FastAPI entrypoint has been transformed into a thin app factory, delegating all route logic to apps/web/api/*.
• All database-backed handlers have been converted to synchronous def functions, ensuring proper threading behavior and preventing event-loop blocking under concurrency.
• Shared dependencies replace previously duplicated helpers in main.py, unifying behavior and reducing maintenance overhead.

2. Centralized Web Configuration & Auth Helpers

• Added a centralized configuration module for web settings.
• Introduced structured JWT and CSRF helper utilities.
• Implemented request-scoped database initialization with:
  • Persistent JWT_SECRET enforcement
  • A unified get_db() dependency that automatically uses:
    • a PostgreSQL ConnectionPool when available,
    • or per-request SQLite connections as a fallback.

3. Database Layer Enhancements

• Removed all query syntax adaptation logic to eliminate unsafe SQL transformations.
• Standardized all DB operations around parameter tuple execution.
• Enabled check_same_thread=False for SQLite connections to ensure thread-safe request handling.
• Upgraded password hashing to Argon2id, implemented via:
  • a passlib-based path,
  • with a cryptography-backed fallback for constrained environments.

4. Domain-Level Bundle Metadata & UI Improvements

• Bundle metadata moved into a shared domain module for proper layering.
• Web calculator UI now loads bundle options derived directly from domain logic.
• Introduced initial SQLAlchemy model scaffolding, setting the foundation for the planned long-term ORM migration.

5. Core & Type System Updates

• The core Constraint type now uses Python generics, improving static type safety.
• Refreshed and updated console and web test suites to align with new configuration and database behaviors.
• Added a dedicated test-only JWT secret bootstrap, ensuring consistent auth behavior across environments.

** Testing**

All tests have been updated and verified:

✅ pytest tests/test_console_db_auth.py -q
✅ pytest tests/test_web.py -q
✅ pytest -q

CuraFrame v2.3.0 — Security, Stability & Architectural Hardening Release

This release strengthens JWT handling, adds CSRF protection, improves input validation, eliminates database connection leaks, and introduces clearer architectural boundaries. CodeQL reports 0 security alerts, and all existing functionality remains backward‐compatible.

Security Hardening

JWT Expiration & Verification

• Added exp and iat claims to all JWT tokens.
• Default expiration: 24 hours (configurable via JWT_EXPIRATION_HOURS).
• _decode_jwt now enforces verify_exp=True for strict expiration checks.

CSRF Protection

• Implemented double‐submit cookie pattern for /register and /login POST routes.
• GET routes now generate CSRF tokens and set them as cookies.
• POST routes validate the CSRF token before processing.

Input Validation

Added server‐side validation in both main.py and db_auth.py:

• Username: 3–64 chars, alphanumeric + underscore
• Email: basic regex + max length 254
• Password: 8–128 chars

Invalid inputs now fail fast with clear error messages.

Content Security Policy

• Added Content-Security-Policy header to the existing security middleware.

Cleanup

• Removed unused imports (json, secrets) from db_auth.py.

Robustness & Resilience

Database Connection Safety

• All database operations now use try/finally with conn.close() to prevent connection leaks.

Division‐by‐Zero Guard

• probabilistic_satisfaction now handles lower == upper safely by returning lower <= threshold.

Bounded History & Logs

• CuraFrame.evaluation_history is now a deque(maxlen=1000).
• PipelayerGovernor now enforces max_event_log=1000 with truncation after each append.

NaN Guards

• Added math.isnan() checks to all comparison helpers:
  less_than, less_than_or_equal, greater_than, greater_than_or_equal.

Architectural Clarity

Shared Database Layer

• Introduced cura_frame/db.py containing shared DB helpers.
• db_auth.py now imports from this unified layer.

Test Structure Cleanup

• Moved pipelayer/test_pipelayer_usage.py → tests/test_pipelayer_usage.py for consistency.

Consistency & Maintainability

• Added __version__ = "0.2.0" to cura_frame/__init__.py.
• Updated setup.py to version 0.2.0.
• _EXIT_CODES moved from inside main() to module scope in cli.py.
• Constraint.copy() now uses copy.deepcopy(self.provenance) for correctness.

Security Assessment

• CodeQL: 0 security alerts
• All existing tests pass without modification

CuraFrame v2.2.0 — Release Notes

Release Date: February 25 2026
Highlights: Secure authentication for the Console, persistent evaluation history, unified DB backend support, and UI refinements

CuraFrame v2.2.0 extends the platform’s security and usability by bringing full authentication, session‐aware history logging, and database‐backed persistence into the Streamlit Console. This release completes the transition from a stateless demo interface to a secure, multi‐user research workspace that operates consistently across SQLite and PostgreSQL deployments.

1. Authentication and User Management for the Console

The Console now supports full user registration and login, enabling authenticated access to evaluation tools and history.

New Authentication Module

• Added db_auth.py implementing:
  • User registration
  • Login verification
  • Password hashing and validation
  • History logging
  • Backend‐agnostic support for SQLite and PostgreSQL

Console Access Control

• Updated apps/console_streamlit/app.py to restrict all evaluation and history views to authenticated users.
• Unauthenticated visitors are redirected to the login/registration flow.

2. Persistent Evaluation History

Evaluations performed in the Console can now be saved and revisited.

Save to History

• Added a "Save to History" button to the evaluation results panel.
• Results are stored in Streamlit session state to ensure correct behavior across reruns.
• Logged entries are persisted through the same DB layer used by the web app.

3. Unified Database Support for Console Deployments

The Console now works seamlessly with both SQLite (local) and PostgreSQL (production).

Database Integration

• Updated render.yaml so the Console service receives the correct database environment variables.
• The authentication and logging layer automatically adapts to:
  • SQLite (local development)
  • PostgreSQL (Render or cloud deployment)

This ensures the Console and Web App share a consistent data backend.

4. UI and Navigation Enhancements

Improved Sidebar Visibility

• Added custom CSS to ensure the Streamlit hamburger menu remains visible and accessible across themes and screen sizes.

Summary

CuraFrame v2.2.0 introduces secure authentication, persistent evaluation history, and unified database support to the Console, transforming it into a robust, multi‐user environment aligned with real research workflows. With backend‐agnostic DB handling and improved UI navigation, the Console now operates as a first‐class component of the CuraFrame ecosystem.

CuraFrame v2.1.0 — Release Notes

Release Date: February 2026
Highlights: Full simulation suite, three new therapeutic bundles, complete calculator coverage, and major security & correctness upgrades

CuraFrame v2.1.0 is a reliability‐focused release that strengthens the platform across four dimensions: (i) complete simulation coverage for every constraint bundle, (ii) expanded therapeutic domain support, (iii) full property coverage in the web calculator, and (iv) foundational security and correctness improvements to authentication, data handling, and evaluation logic. Together, these changes significantly improve scientific rigor, platform safety, and end‐to‐end consistency.

1. Complete Simulation Coverage for All Bundles

Earlier versions lacked concrete, reproducible simulation data demonstrating correct accept/reject behavior across all bundles. v2.1.0 introduces a full suite of paired candidate files and regression tests.

New Example Candidate Files

Located in simulations/candidates/, the suite includes 16 JSON files—one accepted and one rejected candidate per bundle.

4. Security, Authentication, and Correctness Improvements

v2.1.0 includes foundational security upgrades and correctness fixes identified during a codebase audit.

Password & Authentication Security

• Replaced unsalted SHA‐256 hashing with PBKDF2‐HMAC‐SHA256 + per‐user salt
  (industry‐standard, GPU‐resistant, parameterized key stretching)
• Added minimum password length requirement (8 characters)
• Updated all tests to use passwords meeting the new minimum
• Added test_register_rejects_short_password

Session Security

• Added configurable secure flag for session cookies
  (CURAFRAME_SECURE_COOKIES environment variable)

Correctness Fixes

• Zero‐value property filter fixed:
  Replaced value != 0.0 with value is not None so legitimate 0.0 values are evaluated.
• Added test_calculator_zero_logP_is_evaluated_not_skipped to prevent regressions.

Test Suite Status

All existing tests pass after the upgrade:
105 tests passed.

Summary

CuraFrame v2.1.0 delivers major improvements across the entire platform:

• Complete simulation suite for every constraint bundle
• Three new therapeutic bundles and four new constraint primitives
• Full property coverage in the web calculator
• Security‐hardened authentication, safer session handling, and correctness fixes
• Expanded test suite ensuring long‐term reliability

These changes make CuraFrame significantly more robust, scientifically grounded, and production‐ready for real pharmaceutical research workflows.

CuraFrame v2.0.0 — Release Notes

Release Date: February 2026
Highlights: Streamlit Console Upgrade, AILEE Pipeline Integration, Expanded Test Coverage, Deployment Support

✨ New Features

• Interactive Calculator Mode (Streamlit Console)
  Added a guided, form‐based evaluation mode that automatically generates input fields based on the selected constraint bundle. This enables users to enter candidate properties without writing JSON, improving accessibility for scientific and non‐technical users.

• AILEE Pipeline Integration (Optional Analysis Mode)
  Introduced an optional analysis pathway that routes candidate evaluations through the AILEE Trust Layer pipeline. This provides an additional layer of deterministic, trust‐scored reasoning for teams that want deeper auditability or multi‐model consensus checks.
  The Streamlit sidebar now includes an AILEE toggle, activating a lightweight trust‐score pathway that is fully compatible with deployment.

• Email Results and download Buttons
  Added a built‐in option to export and share evaluation summaries via email, enabling easier collaboration across research teams.

🧪 Expanded Test Coverage

This release includes a significant expansion of the automated test suite to ensure scientific correctness, bundle fidelity, and trust‐layer behavior:

• Constraint Bundle Simulation Tests
  Added a new TestConstraintBundles class covering all five major bundles with both passing and failing candidates:

  • Lipinski
  • CNS
  • Cardiology
  • Core‐Safety
  • CardiAnx‐1 dual‐domain
    These tests validate that each bundle enforces its thresholds correctly and rejects out‐of‐window designs as expected.

• Pipelayer Authority Level Tests
  Added a new test for the RESTRICTED_OPERATION pathway, ensuring the governor correctly authorizes SAFE operation with precautionary flags (e.g., environmental penalties such as wind‐speed thresholds).
  This complements existing tests for FULL_CAPACITY, NORMAL_OPERATION, and SHUTDOWN.

• Grace Mechanism Validation
  Confirmed that borderline trust scores are promoted to SAFE when peer agreement is high, matching the intended AILEE behavior.

This expanded suite now exercises all constraint bundles and all pipelayer authority levels, strengthening confidence in the system’s deterministic behavior.

🛠️ Improvements

• Updated the README with instructions for Calculator Mode, AILEE integration, and deployment.
• Improved UI flow and layout within the Streamlit dashboard.
• Cleaned up code quality issues and improved internal consistency across constraint bundle selection.
• Ensured the internal trust‐score display aligns with the AILEE toggle semantics.

🌐 Deployment

• Added Render deployment configuration (render.yaml) to support cloud hosting of the Streamlit console.
  This allows CuraFrame to run in a reproducible, lightweight environment without local setup.

📦 Packaging

• Updated requirements.txt, packaging metadata, and supporting files to ensure compatibility with new UI features and deployment workflows.
• Added editable install (-e .) to ensure the cura_frame package is importable in clean environments.

Summary

This release focuses on resolving all identified bugs, improving code quality, and strengthening repository hygiene across the CuraFrame application. All fixes were implemented with minimal, targeted changes to preserve existing behavior and maintain code clarity.

Critical Bug Fixed

Streamlit Application Syntax Error

A major syntax error in apps/console_streamlit/app.py was caused by Markdown documentation being accidentally included as Python code after line 511. This prevented the Streamlit console application from running.
The invalid block has been removed, restoring full application functionality.

Code Quality Improvements

Unused Imports Removed

Unused imports were removed from the following files:

• cura_frame/core.py — ABC, abstractmethod
• cura_frame/constraints_library.py — selectivity_satisfied
• apps/console_streamlit/app.py — Dict, Any
• launch_console.py — os
• tests/test_core.py — within_range

Unused Variable Cleanup

In probabilistic_satisfaction (within cura_frame/comparators.py), the unused variable nominal was replaced with _ to indicate intentional non‐use.

Logging Performance Improvements

Six logging statements in cura_frame/core.py were converted from f‐strings to lazy % formatting to avoid unnecessary string interpolation.

Subprocess Error Handling

In launch_console.py, the subprocess.run() call was updated to include check=False for explicit error‐handling behavior.

Code Style and Formatting

Trailing whitespace was removed from all Python files to ensure full PEP 8 compliance.

Repository Hygiene

A .gitignore file was added to exclude build artifacts, cache directories, and other non‐source files.

Verification Results

• Tests: 37/37 passing
• Flake8: 0 errors
• Pylint: 10.00/10
• Code Review: No issues found
• Security Scan (CodeQL): 0 alerts

All validation steps confirm that the codebase is stable, clean, and free of security vulnerabilities.

Files Modified

A total of 9 files were updated across 3 commits:

• .gitignore (created)
• cura_frame/core.py
• cura_frame/comparators.py
• cura_frame/constraints_library.py
• apps/console_streamlit/app.py
• apps/__init__.py
• apps/__main__.py
• launch_console.py
• tests/test_core.py

Release type: Minor
Focus: Reproducible, scriptable evaluation without UI dependencies

Motivation

CuraFrame evaluations were previously accessible primarily through direct Python usage or the Streamlit UI. While powerful, this made it harder to:

• Run quick, scriptable evaluations in CI or local tooling
• Evaluate JSON-described candidates without embedding CuraFrame logic in external scripts
• Reuse named constraint bundles in a reproducible, machine-readable way

This release introduces a lightweight CLI and helper utilities to make CuraFrame easier to integrate into automated workflows while preserving all existing APIs and semantics.

What’s New

1. Command-Line Interface (CLI)

A new CLI has been added in cura_frame/cli.py that allows users to:

• Load a candidate from a JSON file
• Resolve a named constraint bundle
• Run evaluation via CuraFrame
• Emit results as human-readable text or structured JSON

This enables quick checks, scripting, and CI usage without requiring the Streamlit UI.

2. Named Constraint Bundles

The CLI registers a small, explicit set of reusable bundles:

• core-safety
• lipinski
• cns
• cardiology
• cardianx

Bundles are resolved from the shared BUNDLE_REGISTRY, ensuring consistent behavior across CLI, Python APIs, and UI usage.

3. CLI Helper Utilities

To support reuse and testing, the following helpers were added:

• available_bundles
• load_candidate_from_json
• evaluate_candidate
• serialize_result

These helpers allow programmatic access to the same logic used by the CLI, without shelling out to subprocesses.

4. Exported Entrypoint

The CLI entrypoint is exported as cli_main in cura_frame/__init__.py, making it easier to invoke from package imports or external tooling.

5. Documentation & Tests

• README.md now includes CLI usage examples
• Unit tests were extended in tests/test_core.py to cover:
  • Bundle listing
  • Candidate JSON loading
  • Evaluation via evaluate_candidate
  • Result serialization

Implementation Notes

• All changes are additive and backward-compatible
• No existing APIs, constraint semantics, or evaluation logic were modified
• The CLI is optional and does not affect library usage

Testing

• Ran pytest tests/test_core.py
• All tests passed successfully (37 passed)
• New CLI helpers are fully covered by unit tests

Why This Matters

• Makes CuraFrame usable in CI and automation pipelines
• Encourages reproducible, declarative evaluation workflows
• Separates evaluation logic from UI concerns
• Lowers integration friction while preserving correctness guarantees

This release expands CuraFrame’s usability surface without changing its core semantics, keeping the framework stable while making it easier to adopt in real-world workflows.