v0.1.1
Patch release for the local AI/ML BOM CLI and composite GitHub Action.
Highlights:
- Adds manifest-gated output-set writes and stale/partial output cleanup from the preceding hardening commits.
- Adds Ruff lint validation in CI and local validation docs.
- Preserves CLI/config precedence when GitHub Action inputs omit format or warning policy.
- Applies recursive artifact exclude globs before hashing, including
.gitand__pycache__subtrees selected by broad include patterns. - Expands strict redaction coverage for common AWS, Slack, GitLab, Google API key, Bearer, and JWT-shaped values.
- Reports blank dataset
license_declaredvalues as missing license warnings. - Caps Git metadata reads so oversized packed refs resolve as warnings instead of unbounded reads.
Deferred:
- PyPI publishing remains deferred until package-registry policy is approved.
- Mutable major action tags such as
v0remain deferred. - GitHub Marketplace registration remains deferred.
Validation:
- Local validation passed:
uv sync --locked, compileall, Ruff, unittest,uv build, wheel verification, GitHub Action wrapper verification, CLI smoke, andgit diff --check. - GitHub Actions passed on commit
82e6534: CI run28926353328and Dependency Graph run28926356278.