Skip to content

agent-rules-kit v0.4.0

Latest

Choose a tag to compare

@CoderDeltaLAN CoderDeltaLAN released this 21 Jun 09:11
f10faab

v0.4.0 Release Notes

Status: prepared release notes for the v0.4.0 GitHub Release and PyPI publication.

Version: 0.4.0.

GitHub Release: v0.4.0.

PyPI: agent-rules-kit==0.4.0.

Summary

agent-rules-kit v0.4.0 publishes the compatible command-surface additions that landed after v0.3.0.

The release keeps the project boundary unchanged:

  • local-first;
  • read-only by default;
  • no runtime network access;
  • no runtime LLM calls;
  • no execution of commands from analyzed repositories;
  • no security guarantees;
  • no stable public API guarantee before v1.0.

Added

  • dedupe: read-only duplicate instruction-line detection across supported instruction files.
  • conflicts: read-only contradictory-guidance detection using implemented deterministic pattern families.
  • Python 3.13 package metadata classifier and non-required CI compatibility coverage.
  • CodeQL workflow for Python code scanning.
  • Dependabot configuration for low-noise version update PRs.
  • Private vulnerability reporting documentation and supply-chain evaluation records.
  • GitHub Actions pinning policy decision record.

Changed

  • Expanded local checks, CI smoke, wheel smoke, and post-release audit coverage for dedupe and conflicts.
  • Synchronized README, SECURITY, SUPPORT, OUTPUTS, threat model, and product strategy wording with the v0.4.0 release boundary.
  • Kept GitHub Actions references on approved tags for this release; SHA pinning remains a separate future supply-chain phase.

Security and safety boundary

This release does not turn the project into a security scanner.

A clean report still means only that the implemented checks completed and did not report a supported issue. It is not proof of repository safety, completeness, compliance, or production readiness.

Verification required before closing the release

The release is not closed until exact-SHA CI, CodeQL review, local checks, build, Twine check, wheel smoke, GitHub Release, PyPI publish workflow, clean PyPI install smoke, and post-release audit are verified.