Releases: ChingEnLin/CacheLens
v1.1.0
v1.1.0 (2026-06-12)
This release is published under the MIT License.
Build System
- deps: Bump actions/checkout from 4 to 6 (
1752f8f)
Bumps actions/checkout from 4 to 6.
updated-dependencies:
- dependency-name: actions/checkout dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
- deps: Bump actions/setup-python from 5 to 6 (
75be19d)
Bumps actions/setup-python from 5 to 6.
updated-dependencies:
- dependency-name: actions/setup-python dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
- deps: Bump python-semantic-release/python-semantic-release (
a73316b)
Bumps python-semantic-release/python-semantic-release from 0b9bc98db4143ecf7df57025ad69056fa4f1b2c1 to 0dc72ac9058a62054a45f6344c83a423d7f906a8. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: python-semantic-release/python-semantic-release dependency-version: 0dc72ac9058a62054a45f6344c83a423d7f906a8
dependency-type: direct:production ...
Signed-off-by: dependabot[bot] support@github.com
Continuous Integration
- Gate release on tests; add lint, type-check, and min-versions jobs (
2a42482)
The release workflow previously published whenever semantic-release cut a version, regardless of test status. It now needs a green matrix first. CI gains ruff + mypy and a job that installs every extra at its declared minimum version so dependency-floor drift fails in CI instead of on users.
Co-Authored-By: Claude Fable 5 noreply@anthropic.com
- Push releases via deploy key to satisfy branch ruleset (
3568b4a)
The main ruleset (PRs required, no direct pushes) rejects semantic-release's version-bump push with GITHUB_TOKEN, and the GitHub Actions app cannot be a ruleset bypass actor on a personal repo. Check out the release job with the RELEASE_DEPLOY_KEY secret instead: pushes go over SSH using a write deploy key, which is on the ruleset bypass list — automated releases work again while humans still go through pull requests.
Co-Authored-By: Claude Fable 5 noreply@anthropic.com
- Run semantic-release CLI on runner and push via SSH remote (
c2f51cd)
The PSR docker action rewrites the push URL with GITHUB_TOKEN, so the deploy-key SSH remote from checkout was never used and the main ruleset kept rejecting the version-bump push (GH013). Run the PSR CLI directly on the runner (where checkout's SSH config is visible) and set remote.ignore_token_for_push so the push goes through the deploy-key bypass; the token is still used for the GitHub Release API.
Co-Authored-By: Claude Fable 5 noreply@anthropic.com
Documentation
- Add improvement plan, privacy section, and capture semantics (
95c219e)
README documents what is captured/retained/exported (content-free by default), session-scoped pricing, async/streaming status, and unwrap(); architecture.md describes hash+length capture; docs/improvement-plan.md records the audit-derived roadmap and what this PR implements.
Co-Authored-By: Claude Fable 5 noreply@anthropic.com
Features
- Harden instrumentation per audit improvement plan (
e17dca6)
Implements the P0-P1 (and P3 hardening) items from docs/improvement-plan.md:
- otel: require opentelemetry-sdk>=1.23 (Meter.create_gauge did not exist on the previously declared 1.20 floor and crashed emit()); use a private MeterProvider instead of hijacking the process-global one - wrapper: isolate every output sink in _flush so a sink failure can never reach the caller; async clients (AsyncAnthropic/AsyncOpenAI/ generate_content_async) are now instrumented; streaming calls are counted and surfaced as skipped instead of silently dropped or zero-recorded - capture: content-free by default — segments keep (role, sha256, length) only, bounding memory and keeping prompt text out of the heap; capture_content=True opts back into full text - pricing: per-session Registry so pricing= overrides no longer mutate the process-global table; module-level API unchanged - report: latency p50/p95, distinct-models list with mixed-model tip, skipped_calls accounting - json export: whitelisted path-template substitution (rejects {model.class}-style traversal), backslash
sanitised in model names - proxy: functools.wraps on intercepted methods, unwrap() escape hatch - version now derived from package metadata (was frozen at 1.0.0) - cli: cache-lens run exits 2 with guidance instead of raising NotImplementedError; classifier moved to Beta - semantic-release changelog switched to update mode with insertion flag so released sections stop being regenerated/dropped
Co-Authored-By: Claude Fable 5 noreply@anthropic.com
Detailed Changes: v1.0.5...v1.1.0
v1.0.5
v1.0.5 (2026-06-10)
This release is published under the MIT License.
Bug Fixes
- Drop Python 3.8 support (
e500d31)
google-generativeai (the gemini extra) has no distribution for Python 3.8, so cachelens[gemini]/[all] was already broken there. Python 3.8 is also EOL. Raise requires-python to >=3.9 and update the CI matrix accordingly.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Documentation
- Restore v1.0.0 changelog details and tidy pyproject.toml (
6a7fa3b)
The semantic-release version_toml writer drops the v1.0.0 changelog section and accumulates blank lines in pyproject.toml on each run.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Detailed Changes: v1.0.4...v1.0.5
v1.0.4
v1.0.4 (2026-06-10)
This release is published under the MIT License.
Bug Fixes
- Enable verbose output for PyPI publish step (
ce84b90)
Restore v1.0.0 changelog details dropped by the earlier release misfires, and turn on verbose logging in the PyPI publish step for easier troubleshooting.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Detailed Changes: v1.0.3...v1.0.4
v1.0.3
v1.0.3 (2026-06-10)
This release is published under the MIT License.
Bug Fixes
- Stop semantic-release from pre-building dist/ before CI build (
46a9a87)
semantic-release's build_command ran inside its container and wrote dist/*.tar.gz as root, causing a permission error when the workflow's own build step tried to overwrite it. The workflow already builds and publishes the package itself, so this command is unnecessary. Also restore v1.0.0 changelog details dropped by the earlier release.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Detailed Changes: v1.0.2...v1.0.3
v1.0.2
v1.0.2 (2026-06-10)
This release is published under the MIT License.
Bug Fixes
- Publish to PyPI in the same job that creates the release (
0a64e39)
The separate publish.yml never ran because GitHub Actions doesn't trigger workflows from events created by the default GITHUB_TOKEN (release.yml created v1.0.1 but it was never published to PyPI). Build and publish to PyPI directly in release.yml when semantic-release creates a new release. Drop the deprecated/broken upload-to-gh-release step. Restore v1.0.0 changelog details lost by the earlier release misfire.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Detailed Changes: v1.0.1...v1.0.2
v1.0.1
v1.0.1 (2026-06-10)
This release is published under the MIT License.
Bug Fixes
- Pin third-party GitHub Actions to commit SHAs (
9e0058b)
Pin python-semantic-release, upload-to-gh-release, and gh-action-pypi-publish to immutable commit SHAs to mitigate supply-chain risk from mutable tags. Add Dependabot config to keep the pins updated.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Detailed Changes: v1.0.0...v1.0.1