agentflow-runtime 1.2.0__tar.gz → 1.4.0__tar.gz

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/CHANGELOG.md

@@ -4,6 +4,249 @@ All notable changes to AgentFlow are documented in this file.
 
 ## [Unreleased]
 
+## [1.4.0] - 2026-05-25
+
+Maintenance release. No runtime API changes; bundles documentation,
+CI hardening, repo hygiene, type-stub adoption, and Dependabot Tier A
+wave 2 dependency bumps that landed in sessions 11–19.
+
+### Documentation
+
+- Top-level [`docs/SESSION_HANDOFF.md`](docs/SESSION_HANDOFF.md) — the
+  entry point for picking up the project cold. Includes the four
+  orientation commands to run first, the priority-tiered open work
+  (Tier A actionable Dependabot PRs, Tier B externally user-gated
+  A04/A05/A03, Tier C forward backlog), a compressed view of sessions
+  11 → 17, and the load-bearing lessons from session 17's regression
+  (Contract Tests path filter, Dependabot cascade transitive
+  conflicts, memory-staleness check before recommending). README
+  surfaces it at the top of the Documentation index.
+
+### Fixed
+
+- Dependency resolver clash after the Dependabot merge cascade
+  (`#13 schemathesis 4.10 → 4.19` + `#22 pytest <9 → <10`). schemathesis
+  4.19 requires `pytest>=9`; `pytest-asyncio>=0.24,<1` capped pytest at
+  `<9` so the `contract` extra became unresolvable. Bumped to
+  `pytest-asyncio>=0.24,<2` so pytest-asyncio 1.3.0 (which supports
+  `pytest>=8.2,<10`) is installable. Same change was queued in
+  Dependabot PR #18; landing it directly here unblocks the Contract
+  Tests gate immediately.
+
+### Added
+
+- `.github/dependabot.yml` covering seven ecosystems on a Monday 06:00
+  Europe/Moscow weekly schedule: pip (root runtime, SDK, integrations),
+  npm (`sdk-ts/`), Docker (`Dockerfile.api`), GitHub Actions
+  (workflow pins), and Terraform (`infrastructure/terraform/`). Minor
+  and patch updates are grouped per ecosystem to keep the PR queue
+  reviewable; majors stay individual. `langchain-core`,
+  `langchain-text-splitters`, `langsmith`, and `dagster` have explicit
+  CVE-driven floors in `pyproject.toml`, so major bumps for those are
+  ignored (Dependabot still opens advisory PRs immediately for
+  GitHub-reported vulnerabilities regardless of group/interval).
+  Commit prefixes match `CONTRIBUTING.md` (`chore(deps,<scope>)`).
+- `.editorconfig` at the repo root pinning UTF-8 + LF + trailing-whitespace
+  trim across the tree, with per-language overrides (Python 4-space /
+  100-col, JS/TS/JSON/YAML/TOML 2-space, Markdown keeps trailing
+  whitespace for hard-wrap line breaks, Makefile tabs). Aligns the
+  cross-editor behavior with what `ruff format` / `prettier` already
+  enforce in CI; aimed at contributors whose editor does not auto-pick
+  up `pyproject.toml` / `package.json` formatter config.
+
+### Documentation
+
+- Public-repo hygiene files added: `SECURITY.md` (private vulnerability
+  reporting policy, supported-versions table, scope/out-of-scope, 90-day
+  coordinated-disclosure default), structured `.github/ISSUE_TEMPLATE/`
+  forms (`bug_report.yml`, `feature_request.yml`, `config.yml` that
+  disables blank issues and routes reporters to security/runbook links),
+  and a `.github/PULL_REQUEST_TEMPLATE.md` with summary / type-of-change
+  / testing / checklist sections aligned to `CONTRIBUTING.md`. All
+  cross-link to the existing on-call runbooks and CONTRIBUTING guide
+  rather than restating their contents.
+
+### Changed
+
+- `sdk/README.md` (the PyPI project page bundled into every published
+  wheel) made version-agnostic: dropped the hardcoded `1.1.0 on PyPI`
+  line that went stale at every release in favour of a CHANGELOG link
+  pinned to `main`. PyPI keeps showing the README from the bundled wheel
+  until the next publish, so this fix is forward-looking — future
+  releases will not need an SDK README touch-up just to keep the version
+  reference current.
+- `helm/agentflow` chart aligned to current release line:
+  `Chart.yaml` `appVersion` bumped `1.0.0` → `1.3.0`, default
+  `values.yaml` `image.tag` bumped `1.1.0` → `1.3.0`, and
+  `docs/helm-deployment.md` examples follow. Helm contract tests +
+  helm lint pass; operators who pin their own registry/tag via
+  `image.repository` / `image.tag` overrides are unaffected.
+
+### Changed
+
+- Dependabot Tier A wave 2 — seven majors merged in session 18 (commits
+  `e2a8288 → 2333104`): `mypy <2 → <3` (dev), `hashicorp/aws ~> 5.60 →
+  ~> 6.46` (Terraform), `typescript 5.9.3 → 6.0.3` (sdk-ts),
+  `actions/github-script v7 → v9` (CI), `actions/download-artifact v4 →
+  v8` (CI), `docs/build-push-action v6 → v7` (CI; included a
+  `tests/unit/test_container_attestation_workflow.py` pin bump to match
+  the new action version), `vitest 3.2.4 → 4.1.7` (sdk-ts dev). Local
+  resolver smoke (`pip install --dry-run -e ".[dev,cloud,contract]"`)
+  green on each step. Two Dependabot PRs remain intentionally deferred:
+  `apache-flink 1.x → 2.x` (pyflink datastream API break in
+  `src/processing/flink_jobs/`) and `python:3.11-slim → 3.14-slim`
+  (Docker build is not part of CI, ecosystem compat uneven).
+
+### CI
+
+- `contract.yml` `paths:` filter broadened to also trigger on
+  `pyproject.toml`, `sdk/pyproject.toml`, and `.github/workflows/**`.
+  This closes the session 16-17 "silent deps cascade" gap (a
+  `pyproject.toml`-only commit used to leave Contract Tests on the
+  previous, stale SHA) and the session 18 "workflow-only PR cannot
+  satisfy required contract check" gap (any workflow bump now
+  re-validates the contract suite). Terraform, sdk-ts, and Dockerfile
+  paths were left out deliberately — the contract suite is python
+  schemathesis and does not exercise those paths, so triggering it
+  there would burn CI minutes for no signal. For PRs that touch only
+  those files, the documented workaround is `gh pr merge --admin
+  --squash` after a manual `gh workflow run contract.yml --ref
+  <branch>` SUCCESS.
+- `dora.yml` now passes `--branch origin/main` to
+  `scripts/dora_metrics.py`. Previously the script defaulted to
+  `--branch main`, which works on the `push` / `schedule` /
+  `workflow_dispatch` events but fails on `pull_request` because
+  `actions/checkout` lands in detached HEAD with no local `main`.
+  Every Dependabot PR therefore showed `dora-report: FAILURE` as
+  triage noise even though the report is not a required check. With
+  `origin/main` the ref resolves correctly in all four event
+  contexts.
+
+### Repo settings
+
+- Auto-merge and auto-delete-branch-on-merge enabled on
+  `brownjuly2003-code/agentflow`. `gh pr merge <N> --auto --squash`
+  is now supported, and Dependabot branches are removed
+  automatically once their PR squash-merges. The earlier session 18
+  flow (admin-merge per PR, manual `--delete-branch` flag) becomes
+  unnecessary for the common case where required checks pass on the
+  rebased SHA.
+
+### Types
+
+- `types-PyYAML` added to the dev extra. 16
+  `# type: ignore[import-untyped]` annotations on `import yaml` lines
+  across `src/` retired; the five remaining `# type: ignore[assignment]`
+  annotations are on the `yaml = None` fallback line inside the
+  optional-pyyaml `try/except ImportError` blocks (PyYAML is currently
+  a hard runtime dependency, but the JSON-fallback machinery in
+  `webhook_dispatcher.py`, `slo.py`, `alerts/dispatcher.py` etc. is
+  intentionally kept available — see SESSION_HANDOFF.md anti-tasks).
+- `types-redis` added to the dev extra. Two
+  `# type: ignore[import-untyped,unused-ignore]` annotations on
+  `import redis.asyncio as redis` retired in `src/serving/cache.py`
+  and `src/serving/api/rate_limiter.py`; the `redis = None` fallback
+  keeps its `assignment` ignore for the same reason as yaml.
+- Net change: total type-ignore count in `src/sdk` dropped 20 → 13,
+  with the `import-untyped` category eliminated entirely. `mypy src
+  sdk` still clean (0 errors, 105 files).
+
+### Documentation
+
+- README refreshed to `v1.3.0` reality: release-gate badge bumped, the
+  Highlights section reflects the `v1.1` → `v1.3` arc and the DV2 demo
+  triptych, the Status block summarizes what landed in each of the three
+  releases and what external gates remain, and the Documentation index
+  now links to `docs/runbooks/` alongside the existing single-page
+  `docs/runbook.md` (the singular file remains the local-dev
+  quick-reference; the plural directory is the on-call incident
+  playbooks).
+- On-call production incident runbooks in `docs/runbooks/`: index plus five
+  symptom-keyed playbooks (`api-5xx-spike.md`, `auth-401-spike.md`,
+  `cdc-lag.md`, `load-test-regression.md`, `release-rollback.md`). Each
+  follows the eight-section format (Symptom / Severity / Owner / Detection /
+  Triage / Mitigation / Resolution / Postmortem trigger) and references real
+  signals already in the codebase: Load Test gates from
+  `tests/load/thresholds.py`, the fail-closed auth path from
+  `src/serving/api/auth/middleware.py`, the v1.3.0 release surfaces
+  (`docs/dv2-multi-branch/RELEASE_STATUS.md`,
+  `.github/workflows/publish-pypi.yml`, `.github/workflows/publish-npm.yml`),
+  and the production CDC onboarding decision record in
+  `docs/operations/cdc-production-onboarding.md`. Severity ladder aligns with
+  `docs/operations/chaos-runbook.md` so paging behavior stays consistent
+  across all incident types.
+
+## [1.3.0] - 2026-05-24
+
+### Added
+
+- A04 chart hardening: `helm/kafka-connect/` now ships NetworkPolicy +
+  PodDisruptionBudget + pod/container securityContext + `/tmp` memory
+  emptyDir (parity with `helm/agentflow`). All five primitives are
+  required by `values.schema.json` and off-by-default for backwards
+  compatibility on existing clusters; production switches them on via
+  `values-staging.yaml`-style overlays. See
+  `docs/operations/cdc-production-onboarding.md` § Chart hardening
+  baseline for the production switch-on recommendations.
+- A05 live-validation coverage extended: the
+  `tests/integration/test_helm_values_live_validation.py` suite is
+  now parametrized across both `helm/agentflow` and `helm/kafka-connect`
+  charts, running lint + install --dry-run against the live kind
+  cluster with valid + invalid value fixtures each.
+- A05 reuse-cluster mode: `conftest.kind_cluster` honours
+  `AGENTFLOW_LIVE_REUSE_CLUSTER=1` to skip the kind create/delete cycle
+  and validate against an active `KUBECONFIG` context. Lets the
+  schema gates run against managed staging clusters (EKS/GKE/AKS)
+  without provisioning a throwaway kind cluster.
+
+### Changed
+
+- A03 CI hardware-gap acceptance: Load Test gates raised to 1.3x the
+  2026-04-25 CI baseline (entity p99 750 → 900 ms, query/batch
+  1000 → 1200 ms). Local SLO p99 < 200 ms unchanged. Decision record
+  + alternatives considered: `docs/perf/ci-hardware-gap-2026-05-24.md`.
+
+### Documentation
+
+- DV2 web-UI screencast (`docs/dv2-multi-branch/demo_webui.mp4`,
+  ~60 s, 1.6 MB) — Playwright run through Argo workflow archive
+  (4× successful `dv2-refresh` runs + DAG drill-in on the latest) and
+  the MinIO `cold-tier` bucket browser (5 per-branch prefixes), with
+  a Russian TTS voice-over. Reproducer:
+  `docs/dv2-multi-branch/demo_webui.capture.py` plus the same
+  edge-tts + ffmpeg pipeline as the terminal cast.
+- DV2 dbt docs screencast (`docs/dv2-multi-branch/demo_dbt_docs.mp4`,
+  ~55 s, 1.7 MB) — Playwright walk-through of the auto-generated dbt
+  docs site: project tree → `customer_360` columns/description →
+  `branch_pnl` with the `rv.bv_order_canonical → branch_pnl` lineage
+  graph → `returns_velocity` with lineage. Companion Pod manifest
+  `infrastructure/dv2/dbt/dbt-docs-pod.yaml` runs `dbt docs generate`
+  + `dbt docs serve --port 8080 --host 0.0.0.0` against the in-cluster
+  ClickHouse. Reproducer: `demo_dbt_docs.capture.py` plus the same
+  TTS pipeline.
+- Cross-link `docs/plans/2026-04-debezium-kafka-connect-deployment-plan.md`
+  to `docs/operations/cdc-production-onboarding.md` (production source
+  onboarding still blocked on decision-record fill-in) and note that
+  the DV2 demo uses ClickHouse `MaterializedPostgreSQL` as a
+  single-node alternative, not a production replacement for
+  Debezium/Kafka Connect.
+- Exploration archive: `docs/exploration/2026-05/` collects three
+  stale May-6/7 docs-site drafts (`astro_prompt.md`, `kimi.md`,
+  `research.md`) that had been sitting untracked in the repo root.
+
+### Fixed
+
+- Typed `RetryPolicy.compute_delay()` intermediate `base` in
+  `sdk/agentflow/retry.py` so the function no longer returns
+  `Any`; SDK mypy is now strict-clean.
+- CI / release / packaging lessons-learned document
+  (`docs/lessons/ci-repair-sprint-2026-04.md`) — seven concrete
+  Lesson / Apply / Concrete-trace entries covering A06 dependency
+  profiles, single-run baseline anti-pattern, FastAPI version drift,
+  PyPI namespace pre-claim, required-check self-reference deadlock,
+  fail-closed auth + `/v1/health` exemption, and the DV2 voice-over
+  pipeline.
+
 ## [1.2.0] - 2026-05-23
 
 ### Documentation

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentflow-runtime
-Version: 1.2.0
+Version: 1.4.0
 Summary: Real-time data platform serving context to AI agents
 License: MIT
 License-File: LICENSE
@@ -17,7 +17,7 @@ Requires-Dist: opentelemetry-instrumentation-httpx<1,>=0.62b0
 Requires-Dist: opentelemetry-sdk<2,>=1.41
 Requires-Dist: pandera<1,>=0.20
 Requires-Dist: prometheus-client<1,>=0.21
-Requires-Dist: pyarrow<19,>=17
+Requires-Dist: pyarrow<25,>=17
 Requires-Dist: pydantic-settings<3,>=2.5
 Requires-Dist: pydantic<3,>=2.9
 Requires-Dist: pyyaml<7,>=6
@@ -28,19 +28,21 @@ Provides-Extra: cloud
 Requires-Dist: boto3<2,>=1.35; extra == 'cloud'
 Requires-Dist: pyiceberg[pyiceberg-core]<1,>=0.7; extra == 'cloud'
 Provides-Extra: contract
-Requires-Dist: schemathesis==4.10.2; extra == 'contract'
+Requires-Dist: schemathesis==4.19.0; extra == 'contract'
 Provides-Extra: dev
 Requires-Dist: bandit<2,>=1.9; extra == 'dev'
 Requires-Dist: build<2,>=1.2; extra == 'dev'
 Requires-Dist: hatchling<2,>=1.25; extra == 'dev'
 Requires-Dist: hypothesis<7,>=6; extra == 'dev'
 Requires-Dist: jsonschema<5,>=4; extra == 'dev'
-Requires-Dist: mypy<2,>=1.11; extra == 'dev'
-Requires-Dist: pytest-asyncio<1,>=0.24; extra == 'dev'
-Requires-Dist: pytest-cov<6,>=5; extra == 'dev'
-Requires-Dist: pytest<9,>=8.3; extra == 'dev'
+Requires-Dist: mypy<3,>=1.11; extra == 'dev'
+Requires-Dist: pytest-asyncio<2,>=0.24; extra == 'dev'
+Requires-Dist: pytest-cov<8,>=5; extra == 'dev'
+Requires-Dist: pytest<10,>=8.3; extra == 'dev'
 Requires-Dist: ruff<1,>=0.6; extra == 'dev'
 Requires-Dist: testcontainers[kafka]<5,>=4.9; extra == 'dev'
+Requires-Dist: types-pyyaml<7,>=6; extra == 'dev'
+Requires-Dist: types-redis<6,>=4.6; extra == 'dev'
 Provides-Extra: flink
 Requires-Dist: apache-flink==1.19.1; extra == 'flink'
 Provides-Extra: integrations
@@ -59,7 +61,7 @@ Description-Content-Type: text/markdown
 
 > Real-time data platform for AI agents. Live entity lookups, typed contracts, dual-language SDKs, and release-gated delivery.
 
-[![Release gate](https://img.shields.io/badge/release_gate-v1.1_published-brightgreen)](docs/release-readiness.md)
+[![Release gate](https://img.shields.io/badge/release_gate-v1.3_published-brightgreen)](docs/dv2-multi-branch/RELEASE_STATUS.md)
 [![codecov](https://codecov.io/gh/brownjuly2003-code/agentflow/branch/main/graph/badge.svg)](https://codecov.io/gh/brownjuly2003-code/agentflow)
 [![Python](https://img.shields.io/badge/python-3.11+-blue)](pyproject.toml)
 [![License](https://img.shields.io/badge/license-MIT-blue)](LICENSE)
@@ -77,13 +79,14 @@ AgentFlow turns that problem into one serving boundary:
 
 ## Highlights
 
-- **Release-line gate:** 752 passed, 4 skipped on 2026-05-04; GitHub environments `staging` and `production` have required reviewers. The 2026-04-27 audit closure sprint (Codex p1–p9 + Opus) shipped six commits closing all P0/P1/P2 findings — see [docs/audits/2026-04-27/README.md](docs/audits/2026-04-27/README.md) and Release Readiness for the live status
-- **Sub-second entity lookups in the checked-in baseline**: entity p50 `38-55 ms`, entity p99 `290-320 ms`, aggregate p50 `56 ms` at `50` users for `60s`
-- **Historical performance remediation is documented**: the serving path moved from an original ~`26,000 ms` baseline to the current `43-55 ms` release range
-- **Dual SDK parity** for Python and TypeScript, including retry policies, circuit breakers, batching, pagination, and contract pinning
-- **Postgres/MySQL CDC path** through Debezium and Kafka Connect, with local compose, Helm manifests, and canonical CDC normalization
-- **Security hardening in the hot path**: parameterized queries, `sqlglot` AST validation for NL-to-SQL, and a Bandit baseline gate for new findings only
-- **Release workflow coverage**: chaos smoke on PRs, performance regression gate, contract drift checks, and a Terraform apply workflow with OIDC-ready auth
+- **Release line through `v1.3.0`** on PyPI (`agentflow-runtime`, `agentflow-client`) and npm (`@yuliaedomskikh/agentflow-client`), published via OIDC Trusted Publishers with SLSA provenance attestations on every artifact. Live registry table + re-verify recipe: [docs/dv2-multi-branch/RELEASE_STATUS.md](docs/dv2-multi-branch/RELEASE_STATUS.md)
+- **486 unit tests collected, full suite green on `main`**; CI runs 12 required status checks (lint, schema-check, test-unit, test-integration, helm-schema-live, perf-check, terraform-validate, bandit, safety, npm-audit, trivy, contract). Branch protection requires every one of them
+- **Sub-second entity lookups**: entity p50 `38-55 ms`, entity p99 `167 ms` on local hardware (–82% from the 2026-04-23 baseline after the PII masker + tenant qualification cache wins). CI runner thresholds are documented separately in [docs/perf/ci-hardware-gap-2026-05-24.md](docs/perf/ci-hardware-gap-2026-05-24.md)
+- **Dual SDK parity** for Python (`agentflow-client`) and TypeScript (`@yuliaedomskikh/agentflow-client`), including retry policies, circuit breakers, batching, pagination, contract pinning, idempotency keys, and `as_of` historical reads
+- **Two CDC paths**: production-grade Debezium + Kafka Connect (Helm chart hardened with NetworkPolicy + PDB + securityContext, schema-validated on every deploy), and a ClickHouse `MaterializedPostgreSQL` per-branch fan-out for the DV2 demo cluster
+- **Security hardening in the hot path**: tenant isolation across every read surface, parameterized queries, `sqlglot` AST validation for NL-to-SQL, fail-closed auth middleware, plaintext secret scrubbing, and a Bandit baseline gate for new findings only
+- **On-call playbooks for production incidents** in [docs/runbooks/](docs/runbooks/README.md): symptom-keyed runbooks for API 5xx spikes, auth fail-closed regressions, CDC lag, Load Test gate failures, and PyPI/npm release rollback
+- **DV2 demo triptych**: voice-narrated terminal cast ([demo_voiced.mp4](docs/dv2-multi-branch/demo_voiced.mp4), 92s) + web-UI screencast covering Argo Workflows and MinIO ([demo_webui.mp4](docs/dv2-multi-branch/demo_webui.mp4), 60s) + dbt docs lineage walk-through ([demo_dbt_docs.mp4](docs/dv2-multi-branch/demo_dbt_docs.mp4), 55s)
 
 ## Quick start
 
@@ -166,9 +169,11 @@ CDC source capture is standardized on Debezium/Kafka Connect; downstream consume
 
 ## Documentation
 
+- [Session Handoff](docs/SESSION_HANDOFF.md) - **start here when picking up the project cold** — current HEAD, open Dependabot PRs, externally user-gated items, recent lessons (Contract Tests path filter, Dependabot cascade conflicts)
 - [Interactive Technical Walkthrough](docs/index.md) - MkDocs Material guide with Mermaid architecture, API, SDK, deployment, observability, and troubleshooting pages
 - [Architecture](docs/architecture.md) - system context, data flow, failure modes
-- [Operational Runbook](docs/runbook.md) - local stack, CDC capture, incident response, and maintenance commands
+- [Operational Runbook](docs/runbook.md) - local stack, CDC capture, and maintenance commands
+- [On-Call Runbooks](docs/runbooks/README.md) - production-incident playbooks (API 5xx, auth break, CDC lag, Load Test regression, release rollback)
 - [API Reference](docs/api-reference.md) - endpoint-by-endpoint examples for curl, Python, and TypeScript
 - [Security Audit](docs/security-audit.md) - threat model, controls, and evidence
 - [Competitive Analysis](docs/competitive-analysis.md) - positioning and trade-offs
@@ -211,28 +216,55 @@ python scripts/bandit_diff.py .bandit-baseline.json .tmp/bandit-current.json
 
 ## Status
 
-**v1.1.0** is published to PyPI, npm, and GitHub.
-The 2026-04-27 audit closure sprint landed six commits on `main`
-that close all P0/P1/P2 findings from the Claude
-Opus + Codex p1–p9 audits: tenant isolation across the control plane,
-SQL guard centralization, entity allowlist enforcement on every read
-surface, secrets scrubbed and rotated, helm `runAsNonRoot` /
-NetworkPolicy / PodDisruptionBudget, npm lockfile + `npm audit` clean,
-vulnerable dep bumps (`dagster>=1.13.1`, `langchain-core>=1.2.22`),
-trivy pinned, OpenAPI drift gate, branch protection with 12 required
-status checks, GitHub Actions environment reviewers, and Python SDK
-alignment with the server v1 contract (F1–F10). Recent local full-suite
-verification: `752 passed, 4 skipped` on 2026-05-04 after clarifying the
-external-gate handoff. The post-v1.1 CDC operationalization
-for Debezium / Kafka Connect is checked in, while production source
-onboarding remains pending; see [docs/release-readiness.md](docs/release-readiness.md).
-Remaining external gates are AWS OIDC role setup for real Terraform apply,
-external immutable audit retention if claimed beyond local hash-chain evidence,
-production CDC source onboarding, real PMF/pricing evidence, public benchmark
-publication on production hardware, external pen-test attestation, and legacy
-npm `NPM_TOKEN` revocation after a successful new-package trusted-publish run.
-npm Trusted Publishing readback for the new package is complete. A project-local
-Pi skill for evidence intake lives at `.pi/skills/external-gate-evidence-intake`.
+**`v1.3.0` is the current release line** (PyPI `agentflow-runtime` /
+`agentflow-client`, npm `@yuliaedomskikh/agentflow-client`, all three
+published 2026-05-23 via OIDC Trusted Publishers with SLSA provenance
+attestations). Live registry table and re-verify recipe live in
+[docs/dv2-multi-branch/RELEASE_STATUS.md](docs/dv2-multi-branch/RELEASE_STATUS.md).
+
+The `v1.1.0` → `v1.3.0` arc landed in three increments on top of the
+2026-04-27 audit closure sprint:
+
+- **`v1.1.0`** — audit closure: tenant isolation across every read
+  surface, SQL guard centralization on `sqlglot`, entity allowlist
+  enforcement, fail-closed auth, secrets rotated, Helm hardening,
+  `npm audit` clean, vulnerable dep bumps, OpenAPI drift gate, 12
+  required status checks, Python SDK alignment with server v1
+  contract (F1–F10).
+- **`v1.2.0`** — DV2 multi-branch warehouse merged to `main`: 38 DV2.0
+  tables (8 hubs / 8 links / 22+ satellites), Argo Workflows
+  `dv2-refresh` template, dbt project with 3 mart models + 12 tests,
+  per-branch CDC fan-out via ClickHouse `MaterializedPostgreSQL`, and
+  the first voice-narrated terminal cast demo.
+- **`v1.3.0`** — `helm/kafka-connect` chart hardening matched to
+  `helm/agentflow` (NetworkPolicy + PDB + pod/container securityContext
+  + `/tmp` emptyDir, all schema-required and off-by-default), Helm live
+  validation parametrized across both charts, A03 CI hardware-gap
+  acceptance with Load Test gates raised to 1.3x baseline, and the DV2
+  demo triptych completed (terminal + web-UI + dbt docs screencasts).
+
+CI on `main` is fully green across all 12 required checks. Local
+hardware sustains entity p99 `167 ms` (the local SLO target); CI runner
+thresholds are intentionally divergent and documented in
+[docs/perf/ci-hardware-gap-2026-05-24.md](docs/perf/ci-hardware-gap-2026-05-24.md).
+
+**Remaining external gates** are unchanged from `v1.1` and require
+inputs outside this repository:
+
+- AWS OIDC role setup for real Terraform `apply`.
+- Production CDC source onboarding (hostnames, credentials, owners,
+  private network path) — runbook ready in
+  [docs/operations/cdc-production-onboarding.md](docs/operations/cdc-production-onboarding.md).
+- Real PMF / pricing evidence and a public benchmark on
+  production-grade hardware (`c8g.4xlarge+`).
+- External pen-test attestation.
+- Optional: paid larger GHA runner or self-hosted runner if the CI
+  hardware-gap thresholds need to be tightened.
+
+The project-local Pi skill at
+`.pi/skills/external-gate-evidence-intake` and the
+[External Gate Evidence Intake Checklist](docs/operations/external-gate-evidence-intake.md)
+codify what evidence must arrive before any of those gates close.
 
 ## Screenshots
 
@@ -252,4 +284,7 @@ MIT. See [LICENSE](LICENSE).
 
 ## Credits
 
-Built as a data-engineering reference project during the `2026-04-10` -> `2026-04-20` release cycle, with the full implementation trail preserved in `docs/plans/`.
+Built as a data-engineering reference project. Initial release cycle
+`2026-04-10` → `2026-04-20`, post-audit hardening and DV2 extension
+through `2026-05-23` (`v1.3.0`). Full implementation trail preserved in
+`docs/plans/`, `docs/codex-tasks/`, and `docs/lessons/`.

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/README.md

@@ -2,7 +2,7 @@
 
 > Real-time data platform for AI agents. Live entity lookups, typed contracts, dual-language SDKs, and release-gated delivery.
 
-[![Release gate](https://img.shields.io/badge/release_gate-v1.1_published-brightgreen)](docs/release-readiness.md)
+[![Release gate](https://img.shields.io/badge/release_gate-v1.3_published-brightgreen)](docs/dv2-multi-branch/RELEASE_STATUS.md)
 [![codecov](https://codecov.io/gh/brownjuly2003-code/agentflow/branch/main/graph/badge.svg)](https://codecov.io/gh/brownjuly2003-code/agentflow)
 [![Python](https://img.shields.io/badge/python-3.11+-blue)](pyproject.toml)
 [![License](https://img.shields.io/badge/license-MIT-blue)](LICENSE)
@@ -20,13 +20,14 @@ AgentFlow turns that problem into one serving boundary:
 
 ## Highlights
 
-- **Release-line gate:** 752 passed, 4 skipped on 2026-05-04; GitHub environments `staging` and `production` have required reviewers. The 2026-04-27 audit closure sprint (Codex p1–p9 + Opus) shipped six commits closing all P0/P1/P2 findings — see [docs/audits/2026-04-27/README.md](docs/audits/2026-04-27/README.md) and Release Readiness for the live status
-- **Sub-second entity lookups in the checked-in baseline**: entity p50 `38-55 ms`, entity p99 `290-320 ms`, aggregate p50 `56 ms` at `50` users for `60s`
-- **Historical performance remediation is documented**: the serving path moved from an original ~`26,000 ms` baseline to the current `43-55 ms` release range
-- **Dual SDK parity** for Python and TypeScript, including retry policies, circuit breakers, batching, pagination, and contract pinning
-- **Postgres/MySQL CDC path** through Debezium and Kafka Connect, with local compose, Helm manifests, and canonical CDC normalization
-- **Security hardening in the hot path**: parameterized queries, `sqlglot` AST validation for NL-to-SQL, and a Bandit baseline gate for new findings only
-- **Release workflow coverage**: chaos smoke on PRs, performance regression gate, contract drift checks, and a Terraform apply workflow with OIDC-ready auth
+- **Release line through `v1.3.0`** on PyPI (`agentflow-runtime`, `agentflow-client`) and npm (`@yuliaedomskikh/agentflow-client`), published via OIDC Trusted Publishers with SLSA provenance attestations on every artifact. Live registry table + re-verify recipe: [docs/dv2-multi-branch/RELEASE_STATUS.md](docs/dv2-multi-branch/RELEASE_STATUS.md)
+- **486 unit tests collected, full suite green on `main`**; CI runs 12 required status checks (lint, schema-check, test-unit, test-integration, helm-schema-live, perf-check, terraform-validate, bandit, safety, npm-audit, trivy, contract). Branch protection requires every one of them
+- **Sub-second entity lookups**: entity p50 `38-55 ms`, entity p99 `167 ms` on local hardware (–82% from the 2026-04-23 baseline after the PII masker + tenant qualification cache wins). CI runner thresholds are documented separately in [docs/perf/ci-hardware-gap-2026-05-24.md](docs/perf/ci-hardware-gap-2026-05-24.md)
+- **Dual SDK parity** for Python (`agentflow-client`) and TypeScript (`@yuliaedomskikh/agentflow-client`), including retry policies, circuit breakers, batching, pagination, contract pinning, idempotency keys, and `as_of` historical reads
+- **Two CDC paths**: production-grade Debezium + Kafka Connect (Helm chart hardened with NetworkPolicy + PDB + securityContext, schema-validated on every deploy), and a ClickHouse `MaterializedPostgreSQL` per-branch fan-out for the DV2 demo cluster
+- **Security hardening in the hot path**: tenant isolation across every read surface, parameterized queries, `sqlglot` AST validation for NL-to-SQL, fail-closed auth middleware, plaintext secret scrubbing, and a Bandit baseline gate for new findings only
+- **On-call playbooks for production incidents** in [docs/runbooks/](docs/runbooks/README.md): symptom-keyed runbooks for API 5xx spikes, auth fail-closed regressions, CDC lag, Load Test gate failures, and PyPI/npm release rollback
+- **DV2 demo triptych**: voice-narrated terminal cast ([demo_voiced.mp4](docs/dv2-multi-branch/demo_voiced.mp4), 92s) + web-UI screencast covering Argo Workflows and MinIO ([demo_webui.mp4](docs/dv2-multi-branch/demo_webui.mp4), 60s) + dbt docs lineage walk-through ([demo_dbt_docs.mp4](docs/dv2-multi-branch/demo_dbt_docs.mp4), 55s)
 
 ## Quick start
 
@@ -109,9 +110,11 @@ CDC source capture is standardized on Debezium/Kafka Connect; downstream consume
 
 ## Documentation
 
+- [Session Handoff](docs/SESSION_HANDOFF.md) - **start here when picking up the project cold** — current HEAD, open Dependabot PRs, externally user-gated items, recent lessons (Contract Tests path filter, Dependabot cascade conflicts)
 - [Interactive Technical Walkthrough](docs/index.md) - MkDocs Material guide with Mermaid architecture, API, SDK, deployment, observability, and troubleshooting pages
 - [Architecture](docs/architecture.md) - system context, data flow, failure modes
-- [Operational Runbook](docs/runbook.md) - local stack, CDC capture, incident response, and maintenance commands
+- [Operational Runbook](docs/runbook.md) - local stack, CDC capture, and maintenance commands
+- [On-Call Runbooks](docs/runbooks/README.md) - production-incident playbooks (API 5xx, auth break, CDC lag, Load Test regression, release rollback)
 - [API Reference](docs/api-reference.md) - endpoint-by-endpoint examples for curl, Python, and TypeScript
 - [Security Audit](docs/security-audit.md) - threat model, controls, and evidence
 - [Competitive Analysis](docs/competitive-analysis.md) - positioning and trade-offs
@@ -154,28 +157,55 @@ python scripts/bandit_diff.py .bandit-baseline.json .tmp/bandit-current.json
 
 ## Status
 
-**v1.1.0** is published to PyPI, npm, and GitHub.
-The 2026-04-27 audit closure sprint landed six commits on `main`
-that close all P0/P1/P2 findings from the Claude
-Opus + Codex p1–p9 audits: tenant isolation across the control plane,
-SQL guard centralization, entity allowlist enforcement on every read
-surface, secrets scrubbed and rotated, helm `runAsNonRoot` /
-NetworkPolicy / PodDisruptionBudget, npm lockfile + `npm audit` clean,
-vulnerable dep bumps (`dagster>=1.13.1`, `langchain-core>=1.2.22`),
-trivy pinned, OpenAPI drift gate, branch protection with 12 required
-status checks, GitHub Actions environment reviewers, and Python SDK
-alignment with the server v1 contract (F1–F10). Recent local full-suite
-verification: `752 passed, 4 skipped` on 2026-05-04 after clarifying the
-external-gate handoff. The post-v1.1 CDC operationalization
-for Debezium / Kafka Connect is checked in, while production source
-onboarding remains pending; see [docs/release-readiness.md](docs/release-readiness.md).
-Remaining external gates are AWS OIDC role setup for real Terraform apply,
-external immutable audit retention if claimed beyond local hash-chain evidence,
-production CDC source onboarding, real PMF/pricing evidence, public benchmark
-publication on production hardware, external pen-test attestation, and legacy
-npm `NPM_TOKEN` revocation after a successful new-package trusted-publish run.
-npm Trusted Publishing readback for the new package is complete. A project-local
-Pi skill for evidence intake lives at `.pi/skills/external-gate-evidence-intake`.
+**`v1.3.0` is the current release line** (PyPI `agentflow-runtime` /
+`agentflow-client`, npm `@yuliaedomskikh/agentflow-client`, all three
+published 2026-05-23 via OIDC Trusted Publishers with SLSA provenance
+attestations). Live registry table and re-verify recipe live in
+[docs/dv2-multi-branch/RELEASE_STATUS.md](docs/dv2-multi-branch/RELEASE_STATUS.md).
+
+The `v1.1.0` → `v1.3.0` arc landed in three increments on top of the
+2026-04-27 audit closure sprint:
+
+- **`v1.1.0`** — audit closure: tenant isolation across every read
+  surface, SQL guard centralization on `sqlglot`, entity allowlist
+  enforcement, fail-closed auth, secrets rotated, Helm hardening,
+  `npm audit` clean, vulnerable dep bumps, OpenAPI drift gate, 12
+  required status checks, Python SDK alignment with server v1
+  contract (F1–F10).
+- **`v1.2.0`** — DV2 multi-branch warehouse merged to `main`: 38 DV2.0
+  tables (8 hubs / 8 links / 22+ satellites), Argo Workflows
+  `dv2-refresh` template, dbt project with 3 mart models + 12 tests,
+  per-branch CDC fan-out via ClickHouse `MaterializedPostgreSQL`, and
+  the first voice-narrated terminal cast demo.
+- **`v1.3.0`** — `helm/kafka-connect` chart hardening matched to
+  `helm/agentflow` (NetworkPolicy + PDB + pod/container securityContext
+  + `/tmp` emptyDir, all schema-required and off-by-default), Helm live
+  validation parametrized across both charts, A03 CI hardware-gap
+  acceptance with Load Test gates raised to 1.3x baseline, and the DV2
+  demo triptych completed (terminal + web-UI + dbt docs screencasts).
+
+CI on `main` is fully green across all 12 required checks. Local
+hardware sustains entity p99 `167 ms` (the local SLO target); CI runner
+thresholds are intentionally divergent and documented in
+[docs/perf/ci-hardware-gap-2026-05-24.md](docs/perf/ci-hardware-gap-2026-05-24.md).
+
+**Remaining external gates** are unchanged from `v1.1` and require
+inputs outside this repository:
+
+- AWS OIDC role setup for real Terraform `apply`.
+- Production CDC source onboarding (hostnames, credentials, owners,
+  private network path) — runbook ready in
+  [docs/operations/cdc-production-onboarding.md](docs/operations/cdc-production-onboarding.md).
+- Real PMF / pricing evidence and a public benchmark on
+  production-grade hardware (`c8g.4xlarge+`).
+- External pen-test attestation.
+- Optional: paid larger GHA runner or self-hosted runner if the CI
+  hardware-gap thresholds need to be tightened.
+
+The project-local Pi skill at
+`.pi/skills/external-gate-evidence-intake` and the
+[External Gate Evidence Intake Checklist](docs/operations/external-gate-evidence-intake.md)
+codify what evidence must arrive before any of those gates close.
 
 ## Screenshots
 
@@ -195,4 +225,7 @@ MIT. See [LICENSE](LICENSE).
 
 ## Credits
 
-Built as a data-engineering reference project during the `2026-04-10` -> `2026-04-20` release cycle, with the full implementation trail preserved in `docs/plans/`.
+Built as a data-engineering reference project. Initial release cycle
+`2026-04-10` → `2026-04-20`, post-audit hardening and DV2 extension
+through `2026-05-23` (`v1.3.0`). Full implementation trail preserved in
+`docs/plans/`, `docs/codex-tasks/`, and `docs/lessons/`.

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "agentflow-runtime"
-version = "1.2.0"
+version = "1.4.0"
 description = "Real-time data platform serving context to AI agents"
 readme = "README.md"
 requires-python = ">=3.11"
@@ -20,7 +20,7 @@ dependencies = [
     "opentelemetry-sdk>=1.41,<2",
     "pandera>=0.20,<1",
     "prometheus-client>=0.21,<1",
-    "pyarrow>=17,<19",
+    "pyarrow>=17,<25",
     "pydantic>=2.9,<3",
     "pydantic-settings>=2.5,<3",
     "pyyaml>=6,<7",
@@ -55,7 +55,7 @@ integrations = [
     "llama-index-core>=0.12,<1",
 ]
 contract = [
-    "schemathesis==4.10.2",
+    "schemathesis==4.19.0",
 ]
 dev = [
     "bandit>=1.9,<2",
@@ -63,12 +63,14 @@ dev = [
     "hatchling>=1.25,<2",
     "hypothesis>=6,<7",
     "jsonschema>=4,<5",
-    "pytest>=8.3,<9",
-    "pytest-asyncio>=0.24,<1",
-    "pytest-cov>=5,<6",
+    "pytest>=8.3,<10",
+    "pytest-asyncio>=0.24,<2",
+    "pytest-cov>=5,<8",
     "testcontainers[kafka]>=4.9,<5",
     "ruff>=0.6,<1",
-    "mypy>=1.11,<2",
+    "mypy>=1.11,<3",
+    "types-PyYAML>=6,<7",
+    "types-redis>=4.6,<6",
 ]
 
 [build-system]

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/ingestion/tenant_router.py

@@ -7,9 +7,9 @@ from pathlib import Path
 from pydantic import BaseModel, Field
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 
 def default_tenants_config_path() -> Path:

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/processing/iceberg_sink.py

@@ -7,7 +7,7 @@ from pathlib import Path
 from typing import Any
 
 import pyarrow as pa
-import yaml  # type: ignore[import-untyped]
+import yaml
 from pyiceberg.catalog import load_catalog
 from pyiceberg.partitioning import PartitionField, PartitionSpec
 from pyiceberg.schema import Schema

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/processing/local_pipeline.py

@@ -18,7 +18,7 @@ from pathlib import Path
 
 import duckdb
 import structlog
-import yaml  # type: ignore[import-untyped]
+import yaml
 from pyiceberg.exceptions import NoSuchPropertyException, RESTError, ValidationError
 
 from src.ingestion.producers.event_producer import (

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/quality/monitors/metrics_collector.py

@@ -13,7 +13,7 @@ from pathlib import Path
 import duckdb
 import httpx
 import structlog
-import yaml  # type: ignore[import-untyped]
+import yaml
 from confluent_kafka import KafkaException
 from prometheus_client import Gauge
 from pyiceberg.exceptions import NoSuchPropertyException, RESTError, ValidationError

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/alerts/dispatcher.py

@@ -12,9 +12,9 @@ from typing import Literal
 from pydantic import BaseModel, Field, model_validator
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 DEFAULT_ALERTS_CONFIG_PATH = Path(os.getenv("AGENTFLOW_ALERTS_FILE", "config/alerts.yaml"))
 

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/auth/key_rotation.py

@@ -10,9 +10,9 @@ from datetime import UTC, datetime, timedelta
 import duckdb
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 from src.serving.api.security import hash_api_key
 from src.serving.duckdb_connection import connect_duckdb

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/auth/manager.py

@@ -23,9 +23,9 @@ from src.constants import (
 )
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 from src.serving.api.rate_limiter import RateLimiter
 from src.serving.api.security import (

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/rate_limiter.py

@@ -11,7 +11,7 @@ from src.constants import DEFAULT_RATE_LIMIT_WINDOW_SECONDS
 logger = structlog.get_logger()
 
 try:
-    import redis.asyncio as redis  # type: ignore[import-untyped,unused-ignore]
+    import redis.asyncio as redis
 except ImportError:  # pragma: no cover
     redis = None  # type: ignore[assignment]
 

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/routers/slo.py

@@ -9,9 +9,9 @@ from fastapi import APIRouter, HTTPException, Request
 from pydantic import BaseModel, Field
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 router = APIRouter(prefix="/v1/slo", tags=["slo"])
 

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/security.py

@@ -10,9 +10,9 @@ from fastapi.responses import JSONResponse
 from pydantic import BaseModel, Field
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 SECURITY_HEADERS = {
     "X-Content-Type-Options": "nosniff",

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/versioning.py

@@ -13,9 +13,9 @@ from fastapi import Request, Response
 from fastapi.responses import JSONResponse
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 
 def default_api_versions_path() -> Path:

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/api/webhook_dispatcher.py

@@ -17,9 +17,9 @@ import structlog
 from pydantic import BaseModel, Field
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 logger = structlog.get_logger()
 

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/backends/__init__.py

@@ -7,9 +7,9 @@ from pathlib import Path
 from typing import TYPE_CHECKING, Any
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 if TYPE_CHECKING:
     from src.serving.backends.duckdb_backend import DuckDBBackend

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/cache.py

@@ -12,7 +12,7 @@ logger = structlog.get_logger()
 ENTITY_TTL_SECONDS = 5
 
 try:
-    import redis.asyncio as redis  # type: ignore[import-untyped,unused-ignore]
+    import redis.asyncio as redis
 except ImportError:  # pragma: no cover
     redis = None  # type: ignore[assignment]
 

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/masking.py

@@ -7,9 +7,9 @@ import sqlglot
 from sqlglot import exp
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 
 class PiiMasker:

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/semantic_layer/contract_registry.py

@@ -7,9 +7,9 @@ from pathlib import Path
 from typing import Any
 
 try:
-    import yaml  # type: ignore[import-untyped]
+    import yaml
 except ImportError:  # pragma: no cover
-    yaml = None
+    yaml = None  # type: ignore[assignment]
 
 
 def _default_contracts_dir() -> Path:

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/semantic_layer/entity_type_registry.py

@@ -19,7 +19,7 @@ import os
 from pathlib import Path
 from typing import TYPE_CHECKING
 
-import yaml  # type: ignore[import-untyped]
+import yaml
 
 if TYPE_CHECKING:  # pragma: no cover - typing only
     from src.serving.semantic_layer.catalog import EntityDefinition as EntityDefinitionT

{agentflow_runtime-1.2.0 → agentflow_runtime-1.4.0}/src/serving/semantic_layer/schema_evolution.py

@@ -4,7 +4,7 @@ from dataclasses import dataclass
 from pathlib import Path
 from typing import Any
 
-import yaml  # type: ignore[import-untyped]
+import yaml
 
 BREAKING_CHANGES = [
     "field_removed",