From 1f87b16d926750866b058b89a57fc73fd60369be Mon Sep 17 00:00:00 2001 From: CoderDeltaLAN Date: Mon, 15 Jun 2026 23:17:49 +0100 Subject: [PATCH] release: cut v0.2.0 metadata --- CHANGELOG.md | 12 +++- docs/V0.2.0-RELEASE-NOTES-DRAFT.md | 98 ++++++++++++++++++++++++++++++ pyproject.toml | 4 +- src/agent_rules_kit/__init__.py | 2 +- tests/test_cli.py | 2 +- 5 files changed, 112 insertions(+), 6 deletions(-) create mode 100644 docs/V0.2.0-RELEASE-NOTES-DRAFT.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a16770..f0c3825 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,20 +6,26 @@ This project has no stable public release yet. ## [Unreleased] +No unreleased changes yet. + +## [0.2.0] - 2026-06-15 + ### Added - Documented the v0.2 product direction toward local-first AI agent instruction governance. - Added the v0.2 governance rules specification for conservative, deterministic instruction-file diagnostics. -- Added unreleased governance findings for unsupported security or maturity claims, review or CI bypass guidance, unsafe command execution guidance, runtime network or LLM dependency guidance, missing secret-handling boundaries, and missing instruction scope or authority. +- Added governance findings for unsupported security or maturity claims, review or CI bypass guidance, unsafe command execution guidance, runtime network or LLM dependency guidance, missing secret-handling boundaries, and missing instruction scope or authority. - Added governance finding coverage across console, JSON, and Markdown output paths. - Added golden contract coverage for current governance console, JSON, and Markdown output behavior. - Added structured finding evidence for line-based governance findings. - Added regression coverage for redacting secret-like values from finding evidence in JSON output. +- Added v0.2 release-readiness, packaging dry-run, and governance-boundaries evidence documents. ### Changed - Updated GitHub Actions workflow actions to Node 24-compatible major versions. -- Preserved the published `v0.1.0` pre-release while documenting unreleased v0.2 governance behavior on `main`. +- Preserved the published `v0.1.0` pre-release while preparing v0.2.0 metadata. +- Updated package metadata from `0.1.0` to `0.2.0`. ### Security @@ -27,6 +33,8 @@ This project has no stable public release yet. - Preserved the runtime boundary: read-only by default, no runtime network calls, no runtime LLM calls, and no execution of commands from analyzed repositories. - Redacted secret-like values in finding message, path, and evidence payload fields before emitting supported output. - Documented that governance findings are not proof that a repository is safe and do not replace maintainer review. +- Captured branch protection, required status check, admin enforcement, force-push prevention, deletion prevention, solo-maintainer review profile, and private vulnerability reporting evidence for v0.2 release preparation. +- Documented that private vulnerability reporting is currently verified as disabled and must not be claimed as enabled. ## [0.1.0] - 2026-06-09 diff --git a/docs/V0.2.0-RELEASE-NOTES-DRAFT.md b/docs/V0.2.0-RELEASE-NOTES-DRAFT.md new file mode 100644 index 0000000..c65fcb1 --- /dev/null +++ b/docs/V0.2.0-RELEASE-NOTES-DRAFT.md @@ -0,0 +1,98 @@ +# v0.2.0 Release Notes Draft + +Status: draft only. Do not publish yet. + +Date prepared: 2026-06-15. + +Target version: `0.2.0`. + +This document is a release notes draft for the future `v0.2.0` GitHub Release. + +It is not a tag, not a GitHub Release, not an artifact manifest, and not a PyPI publication. + +## Release summary draft + +`agent-rules-kit` v0.2.0 moves the project from a basic AI-agent instruction-file diagnostic CLI toward a conservative local-first governance diagnostic tool for AI agent instructions. + +The release keeps the original product boundary: + +- local CLI; +- read-only by default; +- no runtime network calls; +- no runtime LLM calls; +- no execution of commands from analyzed repositories; +- no security-scanner claim; +- no proof-of-safety claim. + +## Main changes + +v0.2.0 is expected to include: + +- governance diagnostics for unsupported security, production-readiness, or maturity claims; +- governance diagnostics for review or CI bypass guidance; +- governance diagnostics for unsafe command execution guidance; +- governance diagnostics for runtime network or LLM dependency guidance; +- governance diagnostics for missing secret-handling boundaries; +- governance diagnostics for missing instruction scope or authority; +- structured finding evidence for line-based governance findings; +- redaction of secret-like values in finding messages, paths, and evidence payload fields; +- golden contract coverage for console, JSON, and Markdown output behavior; +- Node 24-compatible GitHub Actions workflow actions; +- release-readiness, packaging dry-run, and governance-boundaries evidence documents. + +## Security and reporting notes + +This project is not a security scanner and does not prove that a repository is safe. + +Private vulnerability reporting has been checked and is currently verified as disabled. + +Do not claim private vulnerability reporting is enabled. + +Sensitive vulnerabilities should not be opened as public issues. If private reporting is unavailable, reporters should avoid publishing secrets, exploit details, private URLs, customer data, or sensitive repository contents. + +## Packaging notes + +A packaging dry-run was completed before the version cut, but final `v0.2.0` artifacts are still pending. + +Final release artifacts must be built after this metadata phase is merged and verified. + +The pre-version-cut dry-run checksums must not be reused as final `v0.2.0` release checksums. + +## Not included + +v0.2.0 must not claim: + +- stable public maturity; +- PyPI availability; +- complete governance coverage; +- LLM-based semantic analysis; +- security scanning; +- proof of repository safety; +- private vulnerability reporting enabled; +- complete secret scanning; +- runtime repository command execution. + +## Remaining release gates + +Before publishing a GitHub Release, the maintainer must still verify: + +- final release SHA; +- local checks on final release SHA; +- CI on final release SHA; +- final wheel and sdist build; +- final artifact SHA256 checksums; +- clean virtual environment install from wheel; +- clean virtual environment install from sdist; +- console script smoke test; +- `python -m agent_rules_kit.cli` smoke test; +- exact `v0.2.0` tag creation; +- GitHub Release creation; +- uploaded release assets; +- downloaded release assets install and smoke test; +- no PyPI claim unless PyPI publication is completed in a separate explicit phase. + +## Draft decision + +This draft may be used only after AIRK-REL021 is merged and verified on `main`. + +The next phase after this metadata cut should build and verify final `v0.2.0` artifacts before any tag or GitHub Release is created. diff --git a/pyproject.toml b/pyproject.toml index fdc2505..6bf280c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "agent-rules-kit" -version = "0.1.0" +version = "0.2.0" description = "Local read-only CLI to diagnose AGENTS.md, Claude Code, Gemini CLI, Cursor and Copilot instruction files." readme = "README.md" requires-python = ">=3.12" @@ -27,7 +27,7 @@ Repository = "https://github.com/CoderDeltaLAN/agent-rules-kit" Issues = "https://github.com/CoderDeltaLAN/agent-rules-kit/issues" Changelog = "https://github.com/CoderDeltaLAN/agent-rules-kit/blob/main/CHANGELOG.md" Security = "https://github.com/CoderDeltaLAN/agent-rules-kit/security/policy" -Release = "https://github.com/CoderDeltaLAN/agent-rules-kit/releases/tag/v0.1.0" +Release = "https://github.com/CoderDeltaLAN/agent-rules-kit/releases/tag/v0.2.0" [project.scripts] agent-rules-kit = "agent_rules_kit.cli:main" diff --git a/src/agent_rules_kit/__init__.py b/src/agent_rules_kit/__init__.py index b90f15a..9065f33 100644 --- a/src/agent_rules_kit/__init__.py +++ b/src/agent_rules_kit/__init__.py @@ -1,3 +1,3 @@ """agent-rules-kit package.""" -__version__ = "0.1.0" +__version__ = "0.2.0" diff --git a/tests/test_cli.py b/tests/test_cli.py index c6334be..bfd9ff5 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -20,7 +20,7 @@ def test_version_flag_prints_version(self) -> None: exit_code = main(["--version"]) self.assertEqual(exit_code, 0) - self.assertIn("agent-rules-kit 0.1.0", output.getvalue()) + self.assertIn("agent-rules-kit 0.2.0", output.getvalue()) def test_help_is_default(self) -> None: output = io.StringIO()