agent-rules-kit v0.2.0
agent-rules-kit v0.2.0
agent-rules-kit v0.2.0 moves the project from a basic AI-agent instruction-file diagnostic CLI toward a conservative local-first governance diagnostic tool for AI agent instructions.
This release keeps the original product boundary:
- local CLI;
- read-only by default;
- no runtime network calls;
- no runtime LLM calls;
- no execution of commands from analyzed repositories;
- no security-scanner claim;
- no proof-of-safety claim.
Main changes
- Added governance diagnostics for unsupported security, production-readiness, or maturity claims.
- Added governance diagnostics for review or CI bypass guidance.
- Added governance diagnostics for unsafe command execution guidance.
- Added governance diagnostics for runtime network or LLM dependency guidance.
- Added governance diagnostics for missing secret-handling boundaries.
- Added governance diagnostics for missing instruction scope or authority.
- Added structured finding evidence for line-based governance findings.
- Added redaction of secret-like values in finding messages, paths, and evidence payload fields.
- Added golden contract coverage for console, JSON, and Markdown output behavior.
- Updated GitHub Actions workflow actions to Node 24-compatible major versions.
- Added release-readiness, packaging dry-run, governance-boundaries, and release-notes evidence documents.
Verified release assets
The attached wheel, sdist, and SHA256SUMS were built from the release SHA and verified locally before publication.
Expected SHA256:
agent_rules_kit-0.2.0-py3-none-any.whl:d4782d01850c6faa7bd185dcc65df7e04d1080151f47750b9a3972fb2e960826agent_rules_kit-0.2.0.tar.gz:65ebbe0d2e1b95e6ee32684d6be0a463e6d13ccf6d1f4472d691b70d0499d4f6
Security and reporting notes
This project is not a security scanner and does not prove that a repository is safe.
Private vulnerability reporting was checked during release preparation and is currently documented as disabled. Sensitive issues should not be opened publicly with secrets, exploit details, private URLs, customer data, or sensitive repository contents.
Not included
v0.2.0 does not claim:
- stable public maturity;
- PyPI availability;
- complete governance coverage;
- LLM-based semantic analysis;
- security scanning;
- proof of repository safety;
- private vulnerability reporting enabled;
- complete secret scanning;
- runtime repository command execution.