chore(release): prepare 0.1.5 — version bump + CHANGELOG date#127
Merged
chore(release): prepare 0.1.5 — version bump + CHANGELOG date#127
Conversation
Pre-tag preparation for the v0.1.5 cut. - Workspace version 0.1.4 → 0.1.5 in `Cargo.toml` (`[workspace.package].version` plus the `evidence-core` internal-crate dependency line). The publish workflow's tag-vs-version assert will match `v0.1.5` after merge. - `Cargo.lock` rewritten with the new version stamps for the three workspace crates (3 lines). - `CHANGELOG.md` gains a `[0.1.5] — 2026-05-04` section covering the seven PRs since v0.1.4 (#120 derived.toml debut, #121 retire LlrEntry.derived legacy, #122 CI override-line tolerance, #123 doctor untracked-hint, #124 public surface trim + schema_version policy doc, #125 HMAC → ed25519 signing rewrite, #126 keygen subcommand + default key paths + signing.pub anchor consistency). What's in 0.1.5 The signing-and-honesty release. Three tracks land together: - **Signing rewrite.** HMAC-SHA256 envelope replaced by ed25519 detached signature; SYS-001's "HMAC + public signing key" internal contradiction fixed; `cargo evidence keygen` lifecycle subcommand with refuse-overwrite + `--rotate --reason <text>`; default key paths + env-var hooks; `signing.pub` anchor consistency check at generate to defend against silent re-key forks. Layered integrity model documented (content / metadata / provenance) with DO-178C §7 SCM and FIPS 198-1 citations in `cert/QUALIFICATION.md`. - **Trace data model evolution.** `cert/trace/derived.toml` debuts as the explicit channel for derived requirements; `LlrEntry.derived` legacy field retired; architectural HLRs gain analysis-method declarations. - **Public-surface trim + ergonomics.** `evidence-core` curated public API (~36 stable items, ~38 doc-hidden impl-detail leaves); `schema_version` documented as informational during pre-1.0; doctor untracked-hint; CI override-line tolerance for markdown decoration; `MCP_VERSION_SKEW` dogfood note in CONTRIBUTING. Floor deltas + breaking-change migration notes for 0.1.4 consumers live in the `[0.1.5]` CHANGELOG section. After-merge tag flow ``` git tag -a v0.1.5 -m "v0.1.5" git push origin v0.1.5 ``` triggers the existing `publish` workflow. Tag step is manual and stays with the maintainer (cross-session risky action). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pre-tag preparation for the v0.1.5 cut.
Cargo.toml([workspace.package].versionplus theevidence-coreinternal-crate dependency line). The publish workflow's tag-vs-version assert will matchv0.1.5after merge.Cargo.lockrewritten with the new version stamps for the three workspace crates (3 lines).CHANGELOG.mdgains a[0.1.5] — 2026-05-04section covering the seven PRs since v0.1.4.What's in 0.1.5
The signing-and-honesty release. Three tracks land together:
Signing rewrite
cert/QUALIFICATION.md.cargo evidence keygenlifecycle subcommand with refuse-overwrite +--rotate --reason <text>; appends tocert/KEY-ROTATION-LOG.cert/signing.{key,pub}) + env-var hooks (EVIDENCE_SIGNING_KEY_PATH,EVIDENCE_VERIFY_KEY_PATH,EVIDENCE_PUBKEY_ANCHOR).signing.pubanchor consistency check at generate (SIGN_PUBKEY_ANCHOR_MISMATCH) — silent re-key fork defense.cert/signing.pubcommitted,cert/signing.keygitignored.Trace data model evolution
cert/trace/derived.tomldebuts as the explicit channel for derived requirements.LlrEntry.derivedlegacy field retired.Public-surface trim + ergonomics
evidence-corecurated public API (~36 stable items, ~38 doc-hidden impl-detail leaves).schema_versiondocumented as informational during pre-1.0.DOCTOR_FLOORS_SLACKhint pointing at untracked.rsfiles.pull_request: types: [edited]retrigger.Breaking changes for 0.1.4 consumers
BUNDLE.sig(HMAC, 64 hex) is byte-incompatible with 0.1.5 (ed25519, 128 hex). Re-sign withcargo evidence keygen+cargo evidence generate --signing-key.cargo evidence keygen.--sign-key→--signing-key. Update CI scripts.Per-item details and the floor-deltas table live in the
[0.1.5]CHANGELOG.mdsection.After-merge tag flow
triggers the existing
publishworkflow. Tag step is manual and stays with the maintainer (cross-session risky action).Test plan
cargo fmt --checkcargo clippy --workspace --all-targets -- -D warningscargo test --workspace --all-targets(all green; 65 test groups)RUSTDOCFLAGS='-D missing_docs -D rustdoc::broken_intra_doc_links' cargo doc --workspace --no-depscargo evidence trace --validate→TRACE_OKcargo evidence floors --format=jsonl→FLOORS_OK(13 dimensions)cargo evidence doctor→ all checks green🤖 Generated with Claude Code
Override-Deterministic-Baseline: workspace version bump 0.1.4 → 0.1.5 rotates cargo_lock_hash. No dep / toolchain / RUSTFLAGS change otherwise.