v2.5.0
[2.5.0] - 2026-04-25
Compliance-driven minor release. Closes every CRITICAL and HIGH audit
finding except H-3 (mypy strict) and the ANN slice of H-1, both of
which need per-module ratchet plans. Also adds two new optional LLM
backends, a Presidio PII detector, and supply-chain hardening.
Added
- RFC-011 — Local LLM backend selection (#104). New
local_backend
config knob picks betweenllama-cpp-python(GGUF) and
onnxruntime-genai(ONNX) at runtime. Both ship as optional extras
(pip install zettelforge[local]or[local-onnx]). - RFC-012 — LiteLLM unified provider (#108). Routes to 100+
upstream LLM providers via the LiteLLM SDK. Optional extra
(pip install zettelforge[litellm]); the base package never imports
it unless the SDK is present. - RFC-013 — Microsoft Presidio PII detection (#118). Optional PII
validator with three policies (log/redact/block),
configurable viagovernance.pii.*. CTI allowlist excludes
IP_ADDRESS/URL/DOMAIN_NAMEfrom detection so legitimate
threat-intel indicators flow through unmodified. Soft dependency —
pip install zettelforge[pii]to activate; the base package never
importspresidio_analyzerunless the SDK is present. - GOV-009 Snyk SCA + SAST declared in
controls.yaml(#114). The
spec-drift validator now walks every.github/workflows/*.ymlso
controls whose CI step lives outsideci.yml(Snyk's separate
workflow) can be honestly declared. - GOV-006 solo-maintainer compensating controls (#117). New
controls.yamlentry pins the existing CI gates (lint, tests,
governance spec-drift) as compensating controls for the GOV-006
two-person review rule that cannot be physically satisfied with one
human maintainer. CODEOWNERS updated with explanatory comment. SECURITY.md+ CODEOWNERS added to the repo root for vulnerability
disclosure and review attribution.
Changed
- All GitHub Actions are now SHA-pinned (audit H-5 hardening). Every
uses: org/repo@vXreference replaced withuses: org/repo@<full-sha> # vX.Y.Z
to prevent supply-chain attacks via tag rewrites. - Ruff rule set ratcheted to GOV-003 §"Tooling and Automation" minus
ANN (#106 + #107 + #109 + #111 + #113). Activeselectlist:
{E, F, I, W, N, T20, B, UP, SIM, RUF, S}. Per-line# noqa: SXXX
annotations document each accepted exception (best-effort fallbacks,
non-crypto RNG,?-bound SQL with constant column lists).
RUF002/RUF003ignored globally for stylistic en-dash and ×. - CI install-step shell precedence fixed (#112). The
pip install -e ".[dev]" || pip install -e "." && pip install pytest...
chain parsed as(A || B) && C, so the pytest install ran on
every success path including when[dev]already provided pytest.
Wrapped the fallback in parentheses. - CONTRIBUTING.md accuracy (#115). Documents
ruff format
(project hasn't used black for a while) and lists what CI actually
enforces so new contributors have a green-build target.
Compliance audit closure (tasks/compliance-audit-2026-04-25.md)
| Severity | Finding | Status |
|---|---|---|
| CRITICAL | C-1 branch protection | CLOSED (with required status checks) |
| CRITICAL | C-2 fabricated no_hardcoded_secrets claim |
CLOSED (#100) |
| HIGH | H-1 ruff full select per GOV-003 | CLOSED for {E,F,I,W,N,T20,B,UP,SIM,RUF,S}; ANN ratcheting per-module |
| HIGH | H-2 coverage threshold not enforced | CLOSED (#100) |
| HIGH | H-4 GOV-006 / CODEOWNERS solo-maintainer | CLOSED on the zettelforge side (#117); GOV-006 doc amendment in rolandpg/governance repo is separate scope |
| HIGH | H-5 SCA gate + SHA-pinned actions | CLOSED (#102 + #114 + SHA-pin commit) |
| MEDIUM | M-1 bare except: in production |
CLOSED (#100) |
| MEDIUM | M-3 OCSF timezone_offset field |
CLOSED (#100) |
| LOW | L-4 CI install-step shell precedence | CLOSED (#112) |
Outstanding: H-3 (mypy --strict in CI; needs per-module ratchet plan
for 393 errors across 38 files), M-2 (rewrite GOV-016 to match the
YAML-frontmatter practice already in use), M-4 (lock file), H-1 ANN
ratchet (121 findings across 38 files).