Skip to content

v0.4.5

Choose a tag to compare

@github-actions github-actions released this 26 Apr 14:05

v0.4.5 is the S1-S6 bundle release for the v0.4 line. It adds parser-backed national phone recognition, ships manual audit retention purge, and hardens restore-path audit boundaries while keeping the release focused on Gaze's core contract: fail closed, preserve reversibility, and keep PII out of agent-visible surfaces.

TL;DR

German and US national phone numbers now have parser-backed validation in core-extended, gated by the phone-parser feature and composed with the existing structural phone recognizer. Audit operators get an explicit manual purge command plus a new compile-time audit_metadata_only gate that keeps restore-path code from importing audit metadata symbols. The release also lands the gaze-assembly module split, README catch-up, requirements docs, and the repository URL move to piinuts/gaze.

Highlights

DE and US national phone recognizers landed in PR #58. The recognizers use the phonenumber crate for E.164 region-aware validation, cooperate with the broader structural phone recognizer, and are available through the bundled core-extended rulepack.

Audit retention manual purge landed in PR #59. gaze audit purge --before <iso8601> [--dry-run | --count] deletes redaction-log rows older than the cutoff using calendar-aware ISO 8601 validation and a restricted DELETE clause. Malformed dates fail closed with the typed AuditPurgeIso8601 error; there is no policy-level retention default and no background auto-purge.

The audit_metadata_only xtask gate also landed in PR #59. It enforces that restore-path code does not import audit metadata symbols, covering file-scope use, nested modules, block-statement imports, glob imports, aliased crates, extern crate, and #[path]-resolved external modules.

The gaze-assembly crate was split by responsibility in PR #61. This keeps the CLI/shared assembly surface easier to audit without changing the runtime behavior expected by adopters.

Known limitations

The v0.4.5 audit_metadata_only gate is intentionally syntax-based. It covers natural-code escape routes that have caused drift risk in this codebase, but fully-qualified path references, include!, let-else diverge cases, and macro-emitted imports remain documented accepted-risk limitations for this release. See docs/architecture/xtask.md for the current coverage table and docs/research/v0.5-dylint-audit-gate.md for the planned v0.5 pivot to a dylint-based name-resolution lint (todo #181).

Adopter notes

core-extended no-policy locale activation changed in PR #58. When invoked without a policy via --rulepack-bundled core-extended, the bundle now activates phone.national.de, phone.national.us, postal.us, and postal.de. Adopters using the bundle without a policy may see additional tokenization for German/US national phone numbers and bare 5-digit numeric strings matching the postal recognizers. To restore prior behavior, pass --locale=global or use a policy with narrower locale gating.

The repository moved from Naoray/gaze to piinuts/gaze. Old GitHub URLs redirect today, but docs and release links now use the canonical piinuts/gaze location.

The Linux x86_64 binary continues to require glibc 2.39+ (Ubuntu 24.04, Debian 13, RHEL 10, or newer). Older Linux distributions should build from source.

Download

Full CHANGELOG

https://github.com/piinuts/gaze/blob/main/CHANGELOG.md#045