Skip to content

Releases: CoderDeltaLAN/agent-rules-kit

agent-rules-kit v0.2.1

17 Jun 11:07
@CoderDeltaLAN CoderDeltaLAN
v0.2.1
3c1525a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
agent-rules-kit v0.2.1 Latest
Latest

[0.2.1] - 2026-06-17

Added

  • Added a PyPI Trusted Publishing workflow for the final v0.2.1 release path, triggered only by GitHub Release publication and configured for the pypi environment without static PyPI credentials.
  • Added discovery support for Claude Code project instructions stored at .claude/CLAUDE.md.
  • Added CI smoke checks for the installed agent-rules-kit console script and a minimal JSON check command.

Fixed

  • Scoped governance finding suppression to same-line negation or approval cues so adjacent safe guidance no longer hides unrelated risky instructions.
  • Reject symlinked supported instruction files and harden init --write temporary and backup paths against symlink escapes.
  • Report non-UTF-8 supported instruction files as AIRK-SYS001 findings instead of silently skipping governance analysis.
  • Updated generated AGENTS.md baseline content so init --write no longer creates instructions that fail the current governance scope or authority check.
  • Fixed secret redaction pattern order so Anthropic-style sk-ant- keys match the specific Anthropic pattern before the generic sk- pattern.
  • Tightened governance regex coverage for review/CI bypass, unsafe command guidance, and runtime network or LLM dependency findings.
  • Expanded secret-like token redaction coverage.
  • Added context-aware governance finding suppression so nearby negative guidance can avoid false positives.
  • Added final runtime API phrase parity coverage for GOV005-style local-first boundary checks.

Changed

  • Split the PyPI publishing workflow into separate build and publish jobs so distributions are built, checked, smoke-tested, uploaded as a short-lived workflow artifact, and published with OIDC id-token: write scoped only to the publish job.
  • Clarified packaging smoke documentation to distinguish console-script execution from python -m agent_rules_kit.cli module execution.
  • Clarified README installation, normal CLI usage, development virtual environment requirements, local checks, and next-release audit readiness.
  • Added Ruff linting to local checks and CI by installing project development dependencies before running ./scripts/check.sh.
  • Synced product strategy and threat model wording with the published v0.2.0 release line and unreleased post-v0.2.0 main state.
  • Synced support, security, README, and release-truth documentation after the published v0.2.0 GitHub Release.
  • Added CLI output examples and governance rules reference documentation after the v0.2.0 tag.

Release notes

  • These changes are present on main after v0.2.0 and are not part of the published v0.2.0 release artifacts.
  • The next release should be cut as a new patch release instead of moving the existing v0.2.0 tag.

Release target: 3c1525a
CI run: 27683266106
Publishing: GitHub Release published event triggers PyPI Trusted Publishing workflow.

Assets 5
Loading

agent-rules-kit v0.2.0

15 Jun 22:56
@CoderDeltaLAN CoderDeltaLAN
v0.2.0
c0f542e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
agent-rules-kit v0.2.0

agent-rules-kit v0.2.0

agent-rules-kit v0.2.0 moves the project from a basic AI-agent instruction-file diagnostic CLI toward a conservative local-first governance diagnostic tool for AI agent instructions.

This release keeps the original product boundary:

  • local CLI;
  • read-only by default;
  • no runtime network calls;
  • no runtime LLM calls;
  • no execution of commands from analyzed repositories;
  • no security-scanner claim;
  • no proof-of-safety claim.

Main changes

  • Added governance diagnostics for unsupported security, production-readiness, or maturity claims.
  • Added governance diagnostics for review or CI bypass guidance.
  • Added governance diagnostics for unsafe command execution guidance.
  • Added governance diagnostics for runtime network or LLM dependency guidance.
  • Added governance diagnostics for missing secret-handling boundaries.
  • Added governance diagnostics for missing instruction scope or authority.
  • Added structured finding evidence for line-based governance findings.
  • Added redaction of secret-like values in finding messages, paths, and evidence payload fields.
  • Added golden contract coverage for console, JSON, and Markdown output behavior.
  • Updated GitHub Actions workflow actions to Node 24-compatible major versions.
  • Added release-readiness, packaging dry-run, governance-boundaries, and release-notes evidence documents.

Verified release assets

The attached wheel, sdist, and SHA256SUMS were built from the release SHA and verified locally before publication.

Expected SHA256:

  • agent_rules_kit-0.2.0-py3-none-any.whl: d4782d01850c6faa7bd185dcc65df7e04d1080151f47750b9a3972fb2e960826
  • agent_rules_kit-0.2.0.tar.gz: 65ebbe0d2e1b95e6ee32684d6be0a463e6d13ccf6d1f4472d691b70d0499d4f6

Security and reporting notes

This project is not a security scanner and does not prove that a repository is safe.

Private vulnerability reporting was checked during release preparation and is currently documented as disabled. Sensitive issues should not be opened publicly with secrets, exploit details, private URLs, customer data, or sensitive repository contents.

Not included

v0.2.0 does not claim:

  • stable public maturity;
  • PyPI availability;
  • complete governance coverage;
  • LLM-based semantic analysis;
  • security scanning;
  • proof of repository safety;
  • private vulnerability reporting enabled;
  • complete secret scanning;
  • runtime repository command execution.
Loading

agent-rules-kit v0.1.0

09 Jun 11:17
@CoderDeltaLAN CoderDeltaLAN
v0.1.0
104697f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
agent-rules-kit v0.1.0 Pre-release
Pre-release

agent-rules-kit v0.1.0 is the first public pre-release of the local CLI for diagnosing baseline quality of AI agent instruction files in repositories.

Status:

  • Pre-release, not a stable release.
  • Local CLI behavior implemented.
  • No runtime network behavior.
  • No LLM dependency.
  • No execution of commands from analyzed repositories.
  • Read-only by default.
  • Explicit write behavior only through init --write.
  • Secret-like findings are redacted in supported output paths.

Validation before publishing:

  • ./scripts/check.sh passed with 56 tests.
  • CI on main passed for SHA 104697f.
  • sdist and wheel built from a clean temporary environment.
  • wheel install smoke passed.
  • sdist install smoke passed.
  • main branch protection verified.
  • no full literal secret patterns detected by release preflight.

Artifacts attached:

  • agent_rules_kit-0.1.0-py3-none-any.whl
  • agent_rules_kit-0.1.0.tar.gz

This release does not claim that a repository is secure. It is a diagnostic helper, not a security scanner.

Loading