iam-policy-validator 1.14.6__tar.gz → 1.14.7__tar.gz

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.github/workflows/ci.yml

@@ -26,7 +26,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 
@@ -56,7 +56,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 
@@ -80,7 +80,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 
@@ -104,7 +104,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.github/workflows/codeql.yml

@@ -29,15 +29,15 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           languages: ${{ matrix.language }}
           queries: security-extended,security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           category: "/language:${{matrix.language}}"

iam_policy_validator-1.14.7/.github/workflows/docs.yml

@@ -0,0 +1,82 @@
+# Deploy documentation to GitHub Pages
+# This workflow builds and deploys the MkDocs documentation site
+name: Deploy Documentation
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+      - "iam_validator/**" # Rebuild on source changes for API docs
+      - ".github/workflows/docs.yml"
+  pull_request:
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+  workflow_dispatch: # Allow manual trigger
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # actions/checkout v6.0.1
+      - name: Checkout repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0 # Fetch all history for git info
+
+      # actions/setup-python v5.6.0
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: "3.12"
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install --upgrade pip
+          pip install mkdocs-material mkdocstrings[python] mkdocs-gen-files mkdocs-literate-nav
+
+      - name: Build documentation
+        run: mkdocs build --strict
+
+      # actions/configure-pages v5.0.0
+      - name: Setup Pages
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+
+      # actions/upload-pages-artifact v3.0.1
+      - name: Upload artifact
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+        with:
+          path: ./site
+
+  # Deployment job
+  deploy:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      # actions/deploy-pages v4.0.5
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.github/workflows/pre-release.yml

@@ -80,7 +80,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.github/workflows/release.yml

@@ -31,7 +31,7 @@ jobs:
           python-version: ${{ env.PYTHON_VERSION }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
         with:
           enable-cache: true
 

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.github/workflows/scorecard.yml

@@ -48,7 +48,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -57,6 +57,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           sarif_file: results.sarif

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/.gitignore

@@ -1,6 +1,3 @@
-# AI stuff
-.claude/
-
 # Cache
 .cache/
 *.cache
@@ -69,5 +66,21 @@ dmypy.json
 *.temp
 temp/
 tmp/
+
+# Claude Code
 CLAUDE.md
 plan.md
+.claude/
+
+# uv
+.python-version
+
+# Coverage reports
+coverage.xml
+*.lcov
+
+# Jupyter
+.ipynb_checkpoints/
+
+# AWS service definitions (download with: iam-validator download-services)
+aws_services/

iam_policy_validator-1.14.7/CHANGELOG.md

@@ -0,0 +1,310 @@
+# Changelog
+
+All notable changes to IAM Policy Validator are documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Planned
+- NotAction/NotResource validation support
+- Enhanced PR comment management with configurable limits
+
+---
+
+## [1.14.6] - 2025-12-15
+
+### Fixed
+- Separate security findings from validity errors in PR comments
+- Respect ignored findings when managing PR labels and review state
+
+---
+
+## [1.14.5] - 2025-12-15
+
+### Fixed
+- Respect ignored findings when managing PR labels and review state
+
+---
+
+## [1.14.4] - 2025-12-12
+
+### Fixed
+- Show pass status and list ignored findings in summary when all blocking issues are ignored
+
+---
+
+## [1.14.3] - 2025-12-12
+
+### Fixed
+- Add pattern matching for service-specific condition keys with tag validation
+
+---
+
+## [1.14.2] - 2025-12-12
+
+### Fixed
+- Use APPROVE review event when validation passes to dismiss REQUEST_CHANGES
+
+---
+
+## [1.14.1] - 2025-12-11
+
+### Fixed
+- Enhanced SARIF formatter with dynamic rules and rich context
+- Improved finding fingerprints for better PR comment deduplication
+
+### Changed
+- Updated dependencies (setup-uv, actions/checkout, codeql-action)
+
+---
+
+## [1.14.0] - 2024-12-10
+
+### Added
+- Enhanced PR comments with fingerprint-based matching
+- Finding ignore system via PR comment replies
+- Improved review comment deduplication
+
+### Changed
+- Better production readiness for GitHub Action integration
+
+---
+
+## [1.13.1] - 2024-12
+
+### Fixed
+- Bug fixes and stability improvements
+
+---
+
+## [1.13.0] - 2024-12
+
+### Added
+- Query command for exploring AWS service definitions
+- Shell completion support (bash, zsh, fish)
+
+---
+
+## [1.12.0] - 2024-11
+
+### Added
+- Trust policy validation check
+- Enhanced condition type mismatch detection
+
+### Changed
+- Improved AWS service fetcher performance
+
+---
+
+## [1.11.0] - 2024-11
+
+### Added
+- Action-resource matching validation
+- Set operator validation for conditions (ForAllValues/ForAnyValue)
+
+### Changed
+- Expanded sensitive actions database (490+ actions)
+
+---
+
+## [1.10.0] - 2024-10
+
+### Added
+- MFA condition check for sensitive operations
+- Condition key validation improvements
+
+### Changed
+- Better error messages for validation failures
+
+---
+
+## [1.9.0] - 2024-10
+
+### Added
+- GitHub PR review comments (inline comments on changed lines)
+- Multiple output formats (JSON, SARIF, CSV, HTML, Markdown)
+
+---
+
+## [1.8.0] - 2024-09
+
+### Added
+- AWS Access Analyzer integration
+- Offline validation mode with pre-downloaded service definitions
+
+---
+
+## [1.7.0] - 2024-09
+
+### Added
+- Custom checks support via `--custom-checks-dir`
+- Configuration file support (`iam-validator.yaml`)
+
+### Changed
+- Modular check architecture
+
+---
+
+## [1.6.0] - 2024-08
+
+### Added
+- Service Control Policy (SCP) validation
+- Principal validation for resource policies
+
+---
+
+## [1.5.0] - 2024-08
+
+### Added
+- Modular Python configuration system (5-10x faster startup)
+- Split security checks into individual modules:
+  - `wildcard_action` - Wildcard actions (Action: "*")
+  - `wildcard_resource` - Wildcard resources (Resource: "*")
+  - `service_wildcard` - Service-level wildcards (e.g., "s3:*")
+  - `sensitive_action` - Sensitive actions without conditions
+  - `full_wildcard` - Action:* + Resource:* (critical)
+- GitHub Action RESOURCE_CONTROL_POLICY support
+- GitHub Actions job summary output
+
+### Changed
+- Comprehensive documentation overhaul
+
+---
+
+## [1.4.0] - 2024-07
+
+### Added
+- Resource Control Policy (RCP) support with 8 validation checks
+- Enhanced principal validation:
+  - Blocked principals (e.g., public access "*")
+  - Allowed principals whitelist
+  - Required conditions for specific principals
+  - Service principal validation
+- SID format validation
+- Policy type validation for all 4 policy types
+
+---
+
+## [1.3.0] - 2024-06
+
+### Added
+- Modular Python configuration system
+- Condition requirement templates
+- Action condition enforcement check
+
+---
+
+## [1.2.0] - 2024-05
+
+### Added
+- Smart IAM policy detection and filtering
+- YAML policy support
+- Streaming mode for large policy sets
+
+---
+
+## [1.1.0] - 2024-04
+
+### Added
+- Split security checks into individual modules
+- Configurable check system
+- Per-check severity overrides
+
+---
+
+## [1.0.0] - 2024-03
+
+### Added
+- Initial release
+- Core IAM policy validation engine
+- AWS service definition fetching with caching
+- GitHub Action for CI/CD integration
+- CLI tool with rich console output
+- Python library API
+
+---
+
+## Versioning Policy
+
+This project follows [Semantic Versioning](https://semver.org/):
+
+- **MAJOR** (X.0.0): Breaking changes to CLI, configuration, or library API
+- **MINOR** (0.X.0): New features, new checks, backwards-compatible enhancements
+- **PATCH** (0.0.X): Bug fixes, documentation updates, dependency updates
+
+### Supported Versions
+
+| Version | Support Status        |
+| ------- | --------------------- |
+| 1.14.x  | ✅ Active development  |
+| 1.13.x  | ⚠️ Critical fixes only |
+| < 1.13  | ❌ End of life         |
+
+### Deprecation Policy
+
+- Deprecated features are announced at least one minor version before removal
+- Deprecated features emit warnings when used
+- Breaking changes are documented in the MAJOR version release notes
+
+---
+
+## Migration Guides
+
+### Migrating to v1.5.0+
+
+The modular configuration system introduced in v1.5.0 changed how checks are configured:
+
+**Before (v1.4.x):**
+```yaml
+checks:
+  wildcard: high
+  sensitive_actions: medium
+```
+
+**After (v1.5.0+):**
+```yaml
+wildcard_action:
+  enabled: true
+  severity: high
+
+sensitive_action:
+  enabled: true
+  severity: medium
+```
+
+### Migrating to v1.4.0+
+
+Resource Control Policy (RCP) support requires specifying policy type:
+
+```bash
+# Explicit policy type for RCPs
+iam-validator validate --policy-type RESOURCE_CONTROL_POLICY policies/
+```
+
+---
+
+[Unreleased]: https://github.com/boogy/iam-policy-validator/compare/v1.14.6...HEAD
+[1.14.6]: https://github.com/boogy/iam-policy-validator/compare/v1.14.5...v1.14.6
+[1.14.5]: https://github.com/boogy/iam-policy-validator/compare/v1.14.4...v1.14.5
+[1.14.4]: https://github.com/boogy/iam-policy-validator/compare/v1.14.3...v1.14.4
+[1.14.3]: https://github.com/boogy/iam-policy-validator/compare/v1.14.2...v1.14.3
+[1.14.2]: https://github.com/boogy/iam-policy-validator/compare/v1.14.1...v1.14.2
+[1.14.1]: https://github.com/boogy/iam-policy-validator/compare/v1.14.0...v1.14.1
+[1.14.0]: https://github.com/boogy/iam-policy-validator/compare/v1.13.1...v1.14.0
+[1.13.1]: https://github.com/boogy/iam-policy-validator/compare/v1.13.0...v1.13.1
+[1.13.0]: https://github.com/boogy/iam-policy-validator/compare/v1.12.0...v1.13.0
+[1.12.0]: https://github.com/boogy/iam-policy-validator/compare/v1.11.0...v1.12.0
+[1.11.0]: https://github.com/boogy/iam-policy-validator/compare/v1.10.0...v1.11.0
+[1.10.0]: https://github.com/boogy/iam-policy-validator/compare/v1.9.0...v1.10.0
+[1.9.0]: https://github.com/boogy/iam-policy-validator/compare/v1.8.0...v1.9.0
+[1.8.0]: https://github.com/boogy/iam-policy-validator/compare/v1.7.0...v1.8.0
+[1.7.0]: https://github.com/boogy/iam-policy-validator/compare/v1.6.0...v1.7.0
+[1.6.0]: https://github.com/boogy/iam-policy-validator/compare/v1.5.0...v1.6.0
+[1.5.0]: https://github.com/boogy/iam-policy-validator/compare/v1.4.0...v1.5.0
+[1.4.0]: https://github.com/boogy/iam-policy-validator/compare/v1.3.0...v1.4.0
+[1.3.0]: https://github.com/boogy/iam-policy-validator/compare/v1.2.0...v1.3.0
+[1.2.0]: https://github.com/boogy/iam-policy-validator/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/boogy/iam-policy-validator/compare/v1.0.0...v1.1.0
+[1.0.0]: https://github.com/boogy/iam-policy-validator/releases/tag/v1.0.0

iam_policy_validator-1.14.7/CONTRIBUTING.md

@@ -0,0 +1,65 @@
+# Contributing to IAM Policy Validator
+
+Thank you for your interest in contributing! Full contribution documentation is available in the [docs/contributing/](docs/contributing/) directory.
+
+## Quick Start
+
+```bash
+# Clone and setup
+git clone https://github.com/boogy/iam-policy-validator.git
+cd iam-policy-validator
+uv sync --extra dev
+
+# Run quality checks
+make check
+
+# Run tests
+make test
+```
+
+## Development Workflow
+
+1. Fork and clone the repository
+2. Create a feature branch: `git checkout -b feature/your-feature`
+3. Make changes and add tests
+4. Run `make check` to verify
+5. Submit a pull request
+
+## Commit Convention
+
+Follow [Conventional Commits](https://www.conventionalcommits.org/):
+
+- `feat:` New feature
+- `fix:` Bug fix
+- `docs:` Documentation
+- `refactor:` Code refactoring
+- `test:` Test changes
+- `chore:` Maintenance
+
+## Documentation
+
+- [Development Setup](docs/contributing/development-setup.md) - Environment setup, dependencies
+- [Testing Guide](docs/contributing/testing.md) - Running tests, writing tests
+- [Releasing](docs/contributing/releasing.md) - Version bumps, publishing
+
+## Project Structure
+
+```
+iam_validator/
+├── checks/          # Built-in validation checks (19)
+├── commands/        # CLI commands (7)
+├── core/            # Validation engine, models, formatters
+├── integrations/    # GitHub, MS Teams
+└── sdk/             # Python SDK
+```
+
+## Adding New Features
+
+- **New Check**: See [Custom Checks Guide](docs/developer-guide/custom-checks/)
+- **New Command**: Add to `iam_validator/commands/`
+- **New Formatter**: Add to `iam_validator/core/formatters/`
+
+## Getting Help
+
+- [GitHub Issues](https://github.com/boogy/iam-policy-validator/issues)
+- [GitHub Discussions](https://github.com/boogy/iam-policy-validator/discussions)

{iam_policy_validator-1.14.6 → iam_policy_validator-1.14.7}/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.14.6
+Version: 1.14.7
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
-Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
+Project-URL: Documentation, https://boogy.github.io/iam-policy-validator
 Project-URL: Repository, https://github.com/boogy/iam-policy-validator
 Project-URL: Issues, https://github.com/boogy/iam-policy-validator/issues
-Project-URL: Changelog, https://github.com/boogy/iam-policy-validator/blob/main/docs/CHANGELOG.md
+Project-URL: Changelog, https://github.com/boogy/iam-policy-validator/blob/main/CHANGELOG.md
 Author-email: boogy <0xboogy@gmail.com>
 License: MIT
 License-File: LICENSE
@@ -38,11 +38,17 @@ Requires-Dist: pytest>=7.0.0; extra == 'dev'
 Requires-Dist: ruff>=0.1.0; extra == 'dev'
 Requires-Dist: types-boto3; extra == 'dev'
 Requires-Dist: types-pyyaml; extra == 'dev'
+Provides-Extra: docs
+Requires-Dist: mkdocs-gen-files>=0.5.0; extra == 'docs'
+Requires-Dist: mkdocs-literate-nav>=0.6.0; extra == 'docs'
+Requires-Dist: mkdocs-material>=9.5.0; extra == 'docs'
+Requires-Dist: mkdocs>=1.6.0; extra == 'docs'
+Requires-Dist: mkdocstrings[python]>=0.24.0; extra == 'docs'
 Description-Content-Type: text/markdown
 
 # IAM Policy Validator
 
-**Catch IAM policy errors before they reach AWS** — Validate syntax, security misconfigurations, and dangerous permission combinations in CI/CD pipelines.
+**Stop IAM misconfigurations before they become breaches** — Catch overprivileged permissions, dangerous wildcards, and policy errors before deployment.
 
 [![GitHub Actions](https://img.shields.io/badge/GitHub%20Actions-Ready-blue)](https://github.com/marketplace/actions/iam-policy-validator)
 [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
@@ -120,7 +126,7 @@ iam-validator validate --path examples/quick-start/ --format enhanced
 ```
 ╭──────────────────────────────────────────────────────────────────────────────────────────────────╮
 │                                                                                                  │
-│                              IAM Policy Validation Report (v1.10.3)                              │
+│                              IAM Policy Validation Report (v1.14.1)                              │
 │                                                                                                  │
 ╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
 ───────────────────────────────────────── Detailed Results ─────────────────────────────────────────
@@ -294,7 +300,7 @@ sensitive_action:
       message: "CloudFormation + PassRole enables infrastructure privilege escalation"
 ```
 
-See [docs/privilege-escalation.md](docs/privilege-escalation.md) for all built-in patterns and custom configuration.
+See [Security Checks Documentation](docs/user-guide/checks/security-checks.md) for all built-in patterns and custom configuration.
 
 **Comparison:**
 
@@ -635,7 +641,7 @@ sensitive_action:
 
 For more details, see:
 
-- [docs/condition-requirements.md](docs/condition-requirements.md) - How to configure condition requirements
+- [Configuration Guide](docs/user-guide/configuration.md) - How to configure condition requirements
 - [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml) - Complete configuration reference
 
 ---
@@ -710,12 +716,12 @@ iam-validator analyze --path new-policy.json \
 
 **Guides:**
 
-- [Check Reference](docs/check-reference.md) - All 19 checks with examples
-- [Configuration Guide](docs/configuration.md) - Customize checks and behavior
-- [GitHub Actions Guide](docs/github-actions-workflows.md) - CI/CD integration
-- [Python Library Guide](docs/python-library-usage.md) - Use as Python package
-- [Trust Policy Guide](examples/trust-policies/README.md) - Trust policy validation
-- [Query Command](docs/query-command.md) - Query AWS service definitions
+- [Check Reference](docs/user-guide/checks/) - All checks with examples
+- [Configuration Guide](docs/user-guide/configuration.md) - Customize checks and behavior
+- [GitHub Actions Guide](docs/integrations/github-actions.md) - CI/CD integration
+- [Python Library Guide](docs/developer-guide/sdk/) - Use as Python package
+- [Trust Policy Examples](examples/trust-policies/) - Trust policy validation examples
+- [Changelog](CHANGELOG.md) - Version history and migration guides
 
 **Examples:**