Skip to content

qa: add post-release audit script #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CoderDeltaLAN merged 1 commit into from
Jun 19, 2026
Merged

qa: add post-release audit script #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ This project has a published GitHub Release line, but no stable support or API g

### Added

- Added a local post-release audit script for repeatable maintainer verification.
- Documented the v0.3.0 post-release audit findings and v0.3.1 maintenance hardening target.

### Changed
Expand Down
66 changes: 66 additions & 0 deletions scripts/post-release-audit.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env sh
set -eu

require_file() {
if [ ! -f "$1" ]; then
printf 'ERROR missing required file: %s\n' "$1"
return 1
fi
}

require_contains() {
file_name="$1"
pattern="$2"
if ! grep -Eq "$pattern" "$file_name"; then
printf 'ERROR expected pattern not found in %s: %s\n' "$file_name" "$pattern"
return 1
fi
}

require_absent() {
file_name="$1"
pattern="$2"
if grep -Eq "$pattern" "$file_name"; then
printf 'ERROR unexpected stale pattern found in %s: %s\n' "$file_name" "$pattern"
return 1
fi
}

printf '\n== post-release audit ==\n'
printf 'mode: local tracked-file audit; no GitHub, PyPI, tag, release, or branch mutation\n'

printf '\n== required files ==\n'
require_file pyproject.toml
require_file README.md
require_file CHANGELOG.md
require_file SECURITY.md
require_file docs/THREAT-MODEL.md
require_file docs/V0.3.0-POST-RELEASE-AUDIT.md
require_file scripts/check.sh
printf 'OK: required files present.\n'

printf '\n== git state ==\n'
if git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
printf 'branch: %s\n' "$(git branch --show-current)"
printf 'head: %s\n' "$(git rev-parse HEAD)"
git status --short --branch
if [ -n "$(git status --short --untracked-files=all)" ]; then
printf 'ERROR working tree is not clean.\n'
false
fi
else
printf 'ERROR not inside a git work tree.\n'
false
fi

printf '\n== local checks ==\n'
./scripts/check.sh

printf '\n== v0.3.0 documentation sanity ==\n'
require_absent README.md 'doctor\.py'
require_absent docs/THREAT-MODEL.md 'v0\.2\.0 release line|post-v0\.2\.0 main state'
require_contains docs/THREAT-MODEL.md 'v0\.3\.0 doctor, budget, and explain command surface'
require_contains docs/V0.3.0-POST-RELEASE-AUDIT.md 'v0\.3\.0'
printf 'OK: v0.3.0 documentation sanity checks passed.\n'

printf '\nOK: post-release audit passed.\n'