@intentsolutions/audit-harness 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,31 @@ _Nothing yet._
|
|
|
10
10
|
|
|
11
11
|
- **OTel event-name polish (iah-E07b/c).** The `agent.rollout.gate.evaluated` and `gate.decision.emitted` event names are already locked + tested on main (PRs #78, #81 per NORMATIVE `intent-eval-lab/000-docs/067-AT-SPEC`). Any further attribute-schema polish on those events is deferred to a routine v2.1 release rather than headlined here — it is additive telemetry refinement, not a 1.2.0 capability boundary.
|
|
12
12
|
|
|
13
|
+
## [1.2.1] - 2026-06-16
|
|
14
|
+
|
|
15
|
+
A patch release: release-pipeline supply-chain hardening (polyglot signing) plus
|
|
16
|
+
dev-dependency bumps. No CLI surface, runtime behavior, or API boundary changes —
|
|
17
|
+
the published artifacts are byte-identical in behavior to 1.2.0; only the release
|
|
18
|
+
machinery and dev tooling moved.
|
|
19
|
+
|
|
20
|
+
### Changed — polyglot release signing wired into the publish pipeline (#90)
|
|
21
|
+
|
|
22
|
+
- **crates.io build-provenance attestation.** The `publish-crates` leg now emits a
|
|
23
|
+
GitHub build-provenance attestation for the published crate artifact, extending the
|
|
24
|
+
signed-supply-chain guarantee to the Rust distribution.
|
|
25
|
+
- **sigstore-python wheel + sdist signing.** The `publish-pypi` leg now signs the built
|
|
26
|
+
wheel and sdist with `sigstore-python` (keyless Fulcio OIDC + Rekor), so the PyPI
|
|
27
|
+
distribution carries verifiable provenance alongside the existing npm sigstore path.
|
|
28
|
+
- **crates.io publish is now active.** With `CARGO_REGISTRY_TOKEN` provisioned as a
|
|
29
|
+
repository secret, the `publish-crates` leg goes live on this tag — closing the
|
|
30
|
+
polyglot publish loop (npm + PyPI + crates.io all publish + sign from one tag).
|
|
31
|
+
|
|
32
|
+
### Changed — dev-dependency bumps
|
|
33
|
+
|
|
34
|
+
- Bump `eslint` from 9.39.4 to 10.5.0 (#71).
|
|
35
|
+
- Bump `jeremylongshore/intent-rollout-gate` GitHub Action pin (#86).
|
|
36
|
+
- Bump `crate-ci/typos` from 1.29.4 to 1.47.2 (#87).
|
|
37
|
+
|
|
13
38
|
## [1.2.0] - 2026-06-15
|
|
14
39
|
|
|
15
40
|
A minor release: the read-only "comprehensive audit, on any repo" brain (`classify` → `conform` → `audit` → `scan` → `currency`), the kernel-emitting evidence path (`emit-evidence` Evidence Bundle, E04), the provider credential gate (`cred-gate`, E08), shared vendorable lint configs (#85), and a golden-master fitness function — all additive, with the zero-runtime-dependency guarantee preserved.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@intentsolutions/audit-harness",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.1",
|
|
4
4
|
"description": "Deterministic test-enforcement harness — escape-scan, hash-pinning, CRAP, architecture checks, bias detection, Gherkin lint. Companion to the audit-tests and implement-tests Claude Code skills.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "Jeremy Longshore <jeremy@intentsolutions.io>",
|
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
48
|
"@eslint/js": "^9.39.4",
|
|
49
|
-
"eslint": "^
|
|
49
|
+
"eslint": "^10.5.0",
|
|
50
50
|
"lefthook": "^1.13.6"
|
|
51
51
|
},
|
|
52
52
|
"publishConfig": {
|