diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a186c6..4a0ff24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,20 @@ This project has a published GitHub Release line, but no stable support or API g ## [Unreleased] +No unreleased changes. + +## [0.2.2] - 2026-06-18 + ### Changed -- Documented the published `v0.2.1` GitHub Release and PyPI package state on `main`. -- Synced public security, README, and changelog wording after `v0.2.1` publication, PyPI availability, and GitHub Release assets were verified. +- Released a documentation-only patch for the public `v0.2.2` GitHub Release and PyPI package line. +- Synced SECURITY.md, README.md, CHANGELOG.md, package metadata, and release references so the published package no longer points users at stale `v0.2.1` public-truth wording. +- Preserved the existing runtime behavior, governance diagnostics, CI workflow, PyPI Trusted Publishing workflow, and previous release tags. + +### Release notes + +- No runtime code or behavior changes are included in this patch release. +- The existing `v0.2.1` tag was not moved; `v0.2.2` is cut as a new docs-only patch release. ## [0.2.1] - 2026-06-17 @@ -37,7 +47,7 @@ This project has a published GitHub Release line, but no stable support or API g - Clarified packaging smoke documentation to distinguish console-script execution from `python -m agent_rules_kit.cli` module execution. - Clarified README installation, normal CLI usage, development virtual environment requirements, local checks, and next-release audit readiness. - Added Ruff linting to local checks and CI by installing project development dependencies before running `./scripts/check.sh`. -- Synced product strategy and threat model wording with the published `v0.2.0` release line and unreleased post-`v0.2.0` main state. +- Synced product strategy and threat model wording with the published `v0.2.0` release line and the pre-`v0.2.1` main state. - Synced support, security, README, and release-truth documentation after the published `v0.2.0` GitHub Release. - Added CLI output examples and governance rules reference documentation after the `v0.2.0` tag. diff --git a/README.md b/README.md index 8d140fc..6588bb7 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ The default behavior is read-only. ## What This Project Does -`v0.2.1` is published as a GitHub Release and as the first PyPI package line for `agent-rules-kit`. Current `main` reflects that published state and may include later documentation or maintenance updates. +`v0.2.2` is published as a GitHub Release and PyPI package for `agent-rules-kit`. Current `main` reflects that published state and may include later documentation or maintenance updates. The implemented behavior includes: @@ -150,7 +150,7 @@ The implemented behavior includes: - avoids LLM calls; - avoids executing commands from analyzed repositories. -Governance diagnostics were introduced in `v0.2.0` and hardened through the published `v0.2.1` release. +Governance diagnostics were introduced in `v0.2.0` and hardened through the published `v0.2.1` release. `v0.2.2` is a documentation-only public-truth patch. These diagnostics are heuristic findings for instruction-file governance. They are meant to flag review-worthy instruction patterns, not to prove that a repository is safe. @@ -173,7 +173,7 @@ Current `main` evaluates the following governance finding rules, in stable evalu Governance findings are intentionally conservative and pattern-based. They may produce false positives or false negatives, and they are not a substitute for maintainer review. -The `v0.2.0` GitHub Release introduced this governance rule set. The published `v0.2.1` release includes subsequent governance hardening, coverage expansion, and release/PyPI documentation sync without moving the `v0.2.0` tag. +The `v0.2.0` GitHub Release introduced this governance rule set. The published `v0.2.1` release includes subsequent governance hardening and coverage expansion without moving the `v0.2.0` tag. The published `v0.2.2` release syncs public release, PyPI, and security documentation without runtime behavior changes. For detailed rule purpose, evidence, limits, and false-positive notes, see `docs/RULES.md`. @@ -204,7 +204,7 @@ A clean report means only that the implemented checks did not find a supported i ## Installation -`v0.2.1` is published as a GitHub Release and PyPI package. +`v0.2.2` is published as a GitHub Release and PyPI package. The published package can be installed from PyPI. Release publication uses PyPI Trusted Publishing from the GitHub Release workflow. @@ -216,10 +216,10 @@ Requirements for using a published CLI release: - a Python virtual environment; - a published PyPI release of `agent-rules-kit`. -Install `v0.2.1` in a virtual environment: +Install `v0.2.2` in a virtual environment: python -m venv .venv - .venv/bin/python -m pip install agent-rules-kit==0.2.1 + .venv/bin/python -m pip install agent-rules-kit==0.2.2 .venv/bin/agent-rules-kit --version .venv/bin/agent-rules-kit check /path/to/repository --format console @@ -249,7 +249,7 @@ The source tree can also be used directly for quick CLI inspection: ## Release and PyPI Publishing -The `v0.2.1` release was published through PyPI Trusted Publishing. +The `v0.2.2` release was published through PyPI Trusted Publishing. Release publishing is handled by: @@ -267,11 +267,11 @@ The workflow is intentionally limited: - it grants `id-token: write` only to the publish job; - it does not use a static PyPI token, username, or password. -The published `v0.2.1` package must remain verifiable by: +The published `v0.2.2` package must remain verifiable by: - the GitHub Release tag pointing to the verified release SHA; - a successful PyPI publish workflow run; -- a clean virtual environment installing and running `agent-rules-kit==0.2.1` from PyPI. +- a clean virtual environment installing and running `agent-rules-kit==0.2.2` from PyPI. --- @@ -465,17 +465,17 @@ The required status check for `main` is: Current status: -- `v0.2.1` is published as a GitHub Release and PyPI package; -- `v0.2.0` remains the previous published GitHub Release baseline; -- `main` may include post-`v0.2.1` documentation or maintenance updates; +- `v0.2.2` is published as a GitHub Release and PyPI package; +- `v0.2.1` remains the previous published GitHub Release and PyPI package baseline; +- `main` may include post-`v0.2.2` documentation or maintenance updates; - no stable support or API guarantee yet; -- release tag `v0.2.1` points to the verified release SHA; +- release tag `v0.2.2` points to the verified release SHA; - local CLI behavior implemented; - governance diagnostics, structured finding evidence, and evidence redaction are implemented; - CI active; - branch protection is active with the required `local-checks / Python 3.12` status check; - the `pypi` GitHub environment exists for the release publishing workflow; -- `.github/workflows/publish-pypi.yml` published `v0.2.1` through PyPI Trusted Publishing and remains the release publishing workflow; +- `.github/workflows/publish-pypi.yml` published `v0.2.2` through PyPI Trusted Publishing and remains the release publishing workflow; - README screenshots are generated from real local CLI commands; - security boundaries documented; - threat model documented. diff --git a/SECURITY.md b/SECURITY.md index d992358..1bda0bc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ It is not a security scanner, provides no security guarantees, and must not be d ## Supported versions -`v0.2.1` is published as a GitHub Release and PyPI package. +`v0.2.2` is published as a GitHub Release and PyPI package. -Current `main` may include post-`v0.2.1` documentation or maintenance updates after the published package. +Current `main` may include post-`v0.2.2` documentation or maintenance updates after the published package. The project is still maintained on a best-effort basis. There is no commercial SLA, no guaranteed response time, and no guarantee that every security-relevant issue will be found or fixed. @@ -18,7 +18,7 @@ The project is still maintained on a best-effort basis. There is no commercial S | 0.1.x | Historical pre-release line / not supported | | < 0.1 | Not supported | -`agent-rules-kit==0.2.1` is published on PyPI. Future PyPI availability claims must be verified per release before updating this policy. +`agent-rules-kit==0.2.2` is published on PyPI. Future PyPI availability claims must be verified per release before updating this policy. ## Security boundaries diff --git a/pyproject.toml b/pyproject.toml index 33821cc..3155f71 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "agent-rules-kit" -version = "0.2.1" +version = "0.2.2" description = "Local read-only CLI to diagnose AGENTS.md, Claude Code, Gemini CLI, Cursor and Copilot instruction files." readme = "README.md" requires-python = ">=3.12" @@ -32,7 +32,7 @@ Repository = "https://github.com/CoderDeltaLAN/agent-rules-kit" Issues = "https://github.com/CoderDeltaLAN/agent-rules-kit/issues" Changelog = "https://github.com/CoderDeltaLAN/agent-rules-kit/blob/main/CHANGELOG.md" Security = "https://github.com/CoderDeltaLAN/agent-rules-kit/security/policy" -Release = "https://github.com/CoderDeltaLAN/agent-rules-kit/releases/tag/v0.2.1" +Release = "https://github.com/CoderDeltaLAN/agent-rules-kit/releases/tag/v0.2.2" [project.scripts] agent-rules-kit = "agent_rules_kit.cli:main" diff --git a/src/agent_rules_kit/__init__.py b/src/agent_rules_kit/__init__.py index 061c561..4e7a49e 100644 --- a/src/agent_rules_kit/__init__.py +++ b/src/agent_rules_kit/__init__.py @@ -1,3 +1,3 @@ """agent-rules-kit package.""" -__version__ = "0.2.1" +__version__ = "0.2.2"