docs: v0.6.1 changelog

[Gradata]

Summary

• Adds v0.6.1 entry to docs/changelog.md covering all changes merged to main since v0.6.0
• Key callout: gradata.patterns deprecated in v0.6.1, removal target v0.8.0
• Covers Meta-Harness A–D, multi-tenant SDK, BM25 JIT, gradata seed/mine CLI, rule_verifier, security hardening, and ruff-violation cleanup

Test plan

• Verify docs/changelog.md renders correctly in GitHub preview
• No code changes — docs-only PR, no tests needed

Generated with Gradata

[greptile-apps]

Gradata has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 37674247-4c7c-4e04-b492-743e3d0e6c85

📥 Commits

Reviewing files that changed from the base of the PR and between 2c3e9ed and def3b37.

📒 Files selected for processing (1)

• docs/changelog.md

---

📝 Walkthrough

• New CLI commands: gradata seed and gradata mine for data pipeline operations.
• BM25 JIT ranking: BM25-based context relevance for JIT rule ranking; Beta lower-bound default increased to 0.85.
• Deprecation: gradata.patterns now emits a DeprecationWarning on first import; removal targeted for v0.8.0.
• API / public surface changes: Alert canonicalized to gradata.enhancements.quality_monitoring; integrations/ collapsed under middleware/ with compatibility shims.
• Multi-tenant SDK: schema additions (tenant_id, visibility, cluster, sync_state) and an opt-in hook daemon.
• Rule verification wiring: rule_verifier integration gated by GRADATA_RULE_VERIFIER (note: GRADATA_* env centralization still makes an exception for GRADATA_RULE_VERIFIER).
• Reliability: RetainOrchestrator support with dedup-safe emit() writes.
• Security fixes / hardening: HTTPS boundary enforcement, removal of cloud→local rule injection vector, lesson text sanitization, and resolution of pen-test findings.
• Bug fixes & quality: scope leakage and graduation confidence-math fixes, Windows-safe atomic append (msvcrt.locking), large ruff remediation and expanded test coverage.
• Docs-only change: adds v0.6.1 entry to docs/changelog.md (37 lines added); no code changes.

Walkthrough

Changelog updated with a v0.6.1 (2026-04-19) entry documenting new CLI commands, BM25-based JIT ranking, multi-tenant SDK schema fields, module reorganizations and deprecations, refactors, bug fixes, and security hardening.

Changes

Cohort / File(s)

Summary

Documentation docs/changelog.md

Added v0.6.1 release notes (+37/-0) covering new CLI commands (gradata seed, gradata mine), BM25 context scoring and beta bound change, Meta‑Harness features, multi‑tenant SDK schema additions (tenant_id, visibility, cluster, sync_state), opt‑in hook daemon, rule_verifier integration flag, RetainOrchestrator emit dedup behavior, module reorganizations and deprecations (e.g., gradata.patterns deprecation, integrations → middleware), split/refactor notes, test coverage updates, and security/bug fix entries.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• docs: v0.6.1 changelog #115 — Adds the same v0.6.1 changelog entry (documentation-only overlap).

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding a v0.6.1 changelog entry to the documentation.
Description check	✅ Passed	The description is directly related to the changeset, providing context about the v0.6.1 changelog entry and its key contents.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/v0.6.1-changelog

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/changelog.md`:
- Line 14: Changelog claims GRADATA_* env var access is centralized in _env.py
but GRADATA_RULE_VERIFIER is still read directly; either add
GRADATA_RULE_VERIFIER to _env.py (e.g., as GRADATA_RULE_VERIFIER =
bool_from_env("GRADATA_RULE_VERIFIER", default=...)) and replace direct
os.environ.get(...) uses in rule_pipeline.py (where GRADATA_RULE_VERIFIER is
referenced) to import and use the centralized symbol from _env, or change the
changelog line to explicitly exclude GRADATA_RULE_VERIFIER from the
centralization claim.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 61d5c164-0939-4d65-99d2-3409c90f5253

📥 Commits

Reviewing files that changed from the base of the PR and between 2b1172f and 2c3e9ed.

📒 Files selected for processing (1)

• docs/changelog.md

📜 Review details

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Gradata
Repo: Gradata/gradata PR: 0
File: :0-0
Timestamp: 2026-04-17T17:18:07.417Z
Learning: In PR `#102` (gradata/gradata), Round 2 addressed: cli.py env-first brain resolution (GRADATA_BRAIN > --brain-dir > cwd), _tenant.py corrupt .tenant_id overwrite, _env_int default clamping to minimum, and _events.py tenant-scoped fallback SELECT for dedup. All ruff and 99 tests green after these fixes.

📚 Learning: 2026-04-17T17:18:07.417Z

Learnt from: Gradata
Repo: Gradata/gradata PR: 0
File: :0-0
Timestamp: 2026-04-17T17:18:07.417Z
Learning: In PR `#102` (gradata/gradata), Round 2 addressed: cli.py env-first brain resolution (GRADATA_BRAIN > --brain-dir > cwd), _tenant.py corrupt .tenant_id overwrite, _env_int default clamping to minimum, and _events.py tenant-scoped fallback SELECT for dedup. All ruff and 99 tests green after these fixes.

Applied to files:

• docs/changelog.md

🔇 Additional comments (6)

docs/changelog.md (6)

5-6: LGTM!

Version header follows standard changelog format and the date matches the PR creation timestamp.

---

9-9: LGTM!

Both CLI commands are confirmed to be implemented in the codebase. Based on relevant code snippets, cmd_seed and cmd_mine functions exist in src/gradata/cli.py.

---

20-20: LGTM!

The deprecation is correctly implemented with a DeprecationWarning and migration path clearly documented. Based on relevant code snippets, src/gradata/patterns/__init__.py includes the deprecation warning and delegates to the new locations.

---

22-22: LGTM!

The integrations-to-middleware migration is properly implemented with backward-compatible shims. Based on relevant code snippets, src/gradata/integrations/__init__.py includes deprecation documentation and lazy-loading adapters for the old import paths.

---

32-32: LGTM!

Ruff violation fixes are confirmed by retrieved learnings referencing PR #102 where "All ruff and 99 tests green after these fixes."

---

35-40: Security section is appropriately detailed.

The security improvements are documented at the right level of detail - specific enough to be meaningful without revealing vulnerability details. While the provided context doesn't include code snippets to verify these claims, this is expected for a documentation-only PR that aggregates changes from multiple previous PRs.

[greptile-apps]

Gradata has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.