CoderDeltaLAN · CoderDeltaLAN · Jun 16, 2026 · Jun 16, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,22 @@ This project has a published GitHub Release line, but no stable support or API g
 
 ## [Unreleased]
 
-No unreleased changes yet.
+### Fixed
+
+- Tightened governance regex coverage for review/CI bypass, unsafe command guidance, and runtime network or LLM dependency findings.
+- Expanded secret-like token redaction coverage.
+- Added context-aware governance finding suppression so nearby negative guidance can avoid false positives.
+- Added final runtime API phrase parity coverage for GOV005-style local-first boundary checks.
+
+### Changed
+
+- Synced support, security, README, and release-truth documentation after the published `v0.2.0` GitHub Release.
+- Added CLI output examples and governance rules reference documentation after the `v0.2.0` tag.
+
+### Release notes
+
+- These changes are present on `main` after `v0.2.0` and are not part of the published `v0.2.0` release artifacts.
+- The next release should be cut as a new patch release instead of moving the existing `v0.2.0` tag.
 
 ## [0.2.0] - 2026-06-15
 

diff --git a/README.md b/README.md
@@ -118,7 +118,9 @@ The default behavior is read-only.
 
 ## What This Project Does
 
-The published `v0.2.0` GitHub Release includes:
+Current `main` includes the published `v0.2.0` baseline plus unreleased post-release fixes intended for a future patch release.
+
+The implemented behavior includes:
 
 - discovers supported AI agent instruction files;
 - reports repository-relative paths;
@@ -131,15 +133,15 @@ The published `v0.2.0` GitHub Release includes:
 - avoids LLM calls;
 - avoids executing commands from analyzed repositories.
 
-The `v0.2.0` release also includes governance diagnostics.
+Governance diagnostics were introduced in `v0.2.0` and have received post-release fixes on `main`.
 
 These diagnostics are heuristic findings for instruction-file governance. They are meant to flag review-worthy instruction patterns, not to prove that a repository is safe.
 
 ---
 
 ## Governance Findings
 
-The `v0.2.0` release includes the following governance finding rules, in stable evaluation order:
+Current `main` evaluates the following governance finding rules, in stable evaluation order:
 
 | Rule | Severity | Purpose |
 | --- | --- | --- |
@@ -152,7 +154,7 @@ The `v0.2.0` release includes the following governance finding rules, in stable
 
 Governance findings are intentionally conservative and pattern-based. They may produce false positives or false negatives, and they are not a substitute for maintainer review.
 
-This v0.2 governance behavior is published in the `v0.2.0` GitHub Release.
+The `v0.2.0` GitHub Release introduced this governance rule set. Current `main` may include unreleased fixes and coverage improvements after that tag.
 
 For detailed rule purpose, evidence, limits, and false-positive notes, see `docs/RULES.md`.
 
@@ -365,15 +367,16 @@ The required status check for `main` is:
 Current status:
 
 - `v0.2.0` is published as a GitHub Release;
+- `main` contains unreleased post-`v0.2.0` fixes and documentation updates intended for a future patch release;
 - no stable support or API guarantee yet;
 - release tag `v0.2.0` points to the verified release SHA;
 - wheel and sdist artifacts are attached to the `v0.2.0` GitHub Release;
 - release assets were downloaded, checksum-verified, installed, and smoke-tested;
 - local CLI behavior implemented;
-- v0.2 governance diagnostics, structured finding evidence, and evidence redaction are published in `v0.2.0`;
+- governance diagnostics, structured finding evidence, and evidence redaction are implemented;
 - CI active;
-- branch protection active;
-- README describes the published `v0.2.0` release state and keeps PyPI marked as not published;
+- branch protection was documented in prior release-governance evidence and must be re-verified before the next release;
+- README distinguishes the published `v0.2.0` release from unreleased `main` state and keeps PyPI marked as not published;
 - security boundaries documented;
 - threat model documented.
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -8,6 +8,8 @@ It is not a security scanner, provides no security guarantees, and must not be d
 
 `v0.2.0` is published as a GitHub Release.
 
+Current `main` contains unreleased post-`v0.2.0` fixes intended for a future patch release.
+
 The project is still maintained on a best-effort basis. There is no commercial SLA, no guaranteed response time, and no guarantee that every security-relevant issue will be found or fixed.
 
 | Version | Status |

diff --git a/SUPPORT.md b/SUPPORT.md
@@ -1,6 +1,6 @@
 # Support Policy
 
-agent-rules-kit has a published `v0.2.0` GitHub Release line, but no stable support or API guarantee yet.
+agent-rules-kit has a published `v0.2.0` GitHub Release line and unreleased post-`v0.2.0` fixes on `main`, but no stable support or API guarantee yet.
 
 There is no guaranteed support response time.
 
@@ -11,6 +11,7 @@ This project is maintained on a best-effort basis.
 At this stage:
 
 - `v0.2.0` is the current published GitHub Release line;
+- `main` contains unreleased post-`v0.2.0` fixes intended for a future patch release;
 - no stable support or API guarantee exists;
 - no commercial SLA exists;
 - no support response time is promised;

diff --git a/docs/OUTPUTS.md b/docs/OUTPUTS.md
@@ -1,6 +1,8 @@
 # Output Examples
 
-This document shows representative `agent-rules-kit` v0.2.0 CLI outputs generated from fixtures in this repository.
+This document shows representative `agent-rules-kit` CLI outputs generated from fixtures in the current repository state.
+
+`v0.2.0` release artifacts may differ from unreleased `main` if post-release fixes have not yet been cut into a new release.
 
 The examples document output shape, exit codes, and redaction expectations. They are not a claim that the analyzed repository is safe, complete, production-ready, compliant, or free of secrets.
 

diff --git a/docs/RULES.md b/docs/RULES.md
@@ -1,6 +1,8 @@
 # Governance Rules Reference
 
-This document describes the governance finding rules published in `agent-rules-kit` v0.2.0.
+This document describes the current governance finding rules on `main`.
+
+`v0.2.0` introduced the governance rule set. Current `main` may include unreleased fixes and coverage improvements after that tag.
 
 The rules are conservative, deterministic, pattern-based diagnostics for supported AI agent instruction files. They are designed to flag review-worthy instruction patterns, not to prove that a repository is safe, compliant, production-ready, or free of secrets.
 
@@ -19,7 +21,7 @@ Governance findings do not execute repository commands, call external APIs, call
 
 ## Stable rule order
 
-`v0.2.0` evaluates governance findings in this order:
+Current `main` evaluates governance findings in this order:
 
 1. `AIRK-GOV006` — unsupported security or maturity claim.
 2. `AIRK-GOV003` — review or CI bypass guidance.