From 0d30f33e1b6974758209fb3e3469c03ab5136bfe Mon Sep 17 00:00:00 2001 From: CoderDeltaLAN Date: Tue, 16 Jun 2026 17:03:54 +0100 Subject: [PATCH] docs: distinguish v0.2.0 release from main state --- CHANGELOG.md | 17 ++++++++++++++++- README.md | 17 ++++++++++------- SECURITY.md | 2 ++ SUPPORT.md | 3 ++- docs/OUTPUTS.md | 4 +++- docs/RULES.md | 6 ++++-- 6 files changed, 37 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 054337b..6793766 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,22 @@ This project has a published GitHub Release line, but no stable support or API g ## [Unreleased] -No unreleased changes yet. +### Fixed + +- Tightened governance regex coverage for review/CI bypass, unsafe command guidance, and runtime network or LLM dependency findings. +- Expanded secret-like token redaction coverage. +- Added context-aware governance finding suppression so nearby negative guidance can avoid false positives. +- Added final runtime API phrase parity coverage for GOV005-style local-first boundary checks. + +### Changed + +- Synced support, security, README, and release-truth documentation after the published `v0.2.0` GitHub Release. +- Added CLI output examples and governance rules reference documentation after the `v0.2.0` tag. + +### Release notes + +- These changes are present on `main` after `v0.2.0` and are not part of the published `v0.2.0` release artifacts. +- The next release should be cut as a new patch release instead of moving the existing `v0.2.0` tag. ## [0.2.0] - 2026-06-15 diff --git a/README.md b/README.md index d83101c..a370049 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,9 @@ The default behavior is read-only. ## What This Project Does -The published `v0.2.0` GitHub Release includes: +Current `main` includes the published `v0.2.0` baseline plus unreleased post-release fixes intended for a future patch release. + +The implemented behavior includes: - discovers supported AI agent instruction files; - reports repository-relative paths; @@ -131,7 +133,7 @@ The published `v0.2.0` GitHub Release includes: - avoids LLM calls; - avoids executing commands from analyzed repositories. -The `v0.2.0` release also includes governance diagnostics. +Governance diagnostics were introduced in `v0.2.0` and have received post-release fixes on `main`. These diagnostics are heuristic findings for instruction-file governance. They are meant to flag review-worthy instruction patterns, not to prove that a repository is safe. @@ -139,7 +141,7 @@ These diagnostics are heuristic findings for instruction-file governance. They a ## Governance Findings -The `v0.2.0` release includes the following governance finding rules, in stable evaluation order: +Current `main` evaluates the following governance finding rules, in stable evaluation order: | Rule | Severity | Purpose | | --- | --- | --- | @@ -152,7 +154,7 @@ The `v0.2.0` release includes the following governance finding rules, in stable Governance findings are intentionally conservative and pattern-based. They may produce false positives or false negatives, and they are not a substitute for maintainer review. -This v0.2 governance behavior is published in the `v0.2.0` GitHub Release. +The `v0.2.0` GitHub Release introduced this governance rule set. Current `main` may include unreleased fixes and coverage improvements after that tag. For detailed rule purpose, evidence, limits, and false-positive notes, see `docs/RULES.md`. @@ -365,15 +367,16 @@ The required status check for `main` is: Current status: - `v0.2.0` is published as a GitHub Release; +- `main` contains unreleased post-`v0.2.0` fixes and documentation updates intended for a future patch release; - no stable support or API guarantee yet; - release tag `v0.2.0` points to the verified release SHA; - wheel and sdist artifacts are attached to the `v0.2.0` GitHub Release; - release assets were downloaded, checksum-verified, installed, and smoke-tested; - local CLI behavior implemented; -- v0.2 governance diagnostics, structured finding evidence, and evidence redaction are published in `v0.2.0`; +- governance diagnostics, structured finding evidence, and evidence redaction are implemented; - CI active; -- branch protection active; -- README describes the published `v0.2.0` release state and keeps PyPI marked as not published; +- branch protection was documented in prior release-governance evidence and must be re-verified before the next release; +- README distinguishes the published `v0.2.0` release from unreleased `main` state and keeps PyPI marked as not published; - security boundaries documented; - threat model documented. diff --git a/SECURITY.md b/SECURITY.md index d9320e9..06cd7c2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,8 @@ It is not a security scanner, provides no security guarantees, and must not be d `v0.2.0` is published as a GitHub Release. +Current `main` contains unreleased post-`v0.2.0` fixes intended for a future patch release. + The project is still maintained on a best-effort basis. There is no commercial SLA, no guaranteed response time, and no guarantee that every security-relevant issue will be found or fixed. | Version | Status | diff --git a/SUPPORT.md b/SUPPORT.md index f8de04f..7ff48c9 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -1,6 +1,6 @@ # Support Policy -agent-rules-kit has a published `v0.2.0` GitHub Release line, but no stable support or API guarantee yet. +agent-rules-kit has a published `v0.2.0` GitHub Release line and unreleased post-`v0.2.0` fixes on `main`, but no stable support or API guarantee yet. There is no guaranteed support response time. @@ -11,6 +11,7 @@ This project is maintained on a best-effort basis. At this stage: - `v0.2.0` is the current published GitHub Release line; +- `main` contains unreleased post-`v0.2.0` fixes intended for a future patch release; - no stable support or API guarantee exists; - no commercial SLA exists; - no support response time is promised; diff --git a/docs/OUTPUTS.md b/docs/OUTPUTS.md index ba33844..1a1db06 100644 --- a/docs/OUTPUTS.md +++ b/docs/OUTPUTS.md @@ -1,6 +1,8 @@ # Output Examples -This document shows representative `agent-rules-kit` v0.2.0 CLI outputs generated from fixtures in this repository. +This document shows representative `agent-rules-kit` CLI outputs generated from fixtures in the current repository state. + +`v0.2.0` release artifacts may differ from unreleased `main` if post-release fixes have not yet been cut into a new release. The examples document output shape, exit codes, and redaction expectations. They are not a claim that the analyzed repository is safe, complete, production-ready, compliant, or free of secrets. diff --git a/docs/RULES.md b/docs/RULES.md index 921359f..187c069 100644 --- a/docs/RULES.md +++ b/docs/RULES.md @@ -1,6 +1,8 @@ # Governance Rules Reference -This document describes the governance finding rules published in `agent-rules-kit` v0.2.0. +This document describes the current governance finding rules on `main`. + +`v0.2.0` introduced the governance rule set. Current `main` may include unreleased fixes and coverage improvements after that tag. The rules are conservative, deterministic, pattern-based diagnostics for supported AI agent instruction files. They are designed to flag review-worthy instruction patterns, not to prove that a repository is safe, compliant, production-ready, or free of secrets. @@ -19,7 +21,7 @@ Governance findings do not execute repository commands, call external APIs, call ## Stable rule order -`v0.2.0` evaluates governance findings in this order: +Current `main` evaluates governance findings in this order: 1. `AIRK-GOV006` — unsupported security or maturity claim. 2. `AIRK-GOV003` — review or CI bypass guidance.