Skip to content

v2.5.0

Choose a tag to compare

@rolandpg rolandpg released this 25 Apr 16:17
4be6c5d

[2.5.0] - 2026-04-25

Compliance-driven minor release. Closes every CRITICAL and HIGH audit
finding except H-3 (mypy strict) and the ANN slice of H-1, both of
which need per-module ratchet plans. Also adds two new optional LLM
backends, a Presidio PII detector, and supply-chain hardening.

Added

  • RFC-011 — Local LLM backend selection (#104). New local_backend
    config knob picks between llama-cpp-python (GGUF) and
    onnxruntime-genai (ONNX) at runtime. Both ship as optional extras
    (pip install zettelforge[local] or [local-onnx]).
  • RFC-012 — LiteLLM unified provider (#108). Routes to 100+
    upstream LLM providers via the LiteLLM SDK. Optional extra
    (pip install zettelforge[litellm]); the base package never imports
    it unless the SDK is present.
  • RFC-013 — Microsoft Presidio PII detection (#118). Optional PII
    validator with three policies (log / redact / block),
    configurable via governance.pii.*. CTI allowlist excludes
    IP_ADDRESS / URL / DOMAIN_NAME from detection so legitimate
    threat-intel indicators flow through unmodified. Soft dependency —
    pip install zettelforge[pii] to activate; the base package never
    imports presidio_analyzer unless the SDK is present.
  • GOV-009 Snyk SCA + SAST declared in controls.yaml (#114). The
    spec-drift validator now walks every .github/workflows/*.yml so
    controls whose CI step lives outside ci.yml (Snyk's separate
    workflow) can be honestly declared.
  • GOV-006 solo-maintainer compensating controls (#117). New
    controls.yaml entry pins the existing CI gates (lint, tests,
    governance spec-drift) as compensating controls for the GOV-006
    two-person review rule that cannot be physically satisfied with one
    human maintainer. CODEOWNERS updated with explanatory comment.
  • SECURITY.md + CODEOWNERS added to the repo root for vulnerability
    disclosure and review attribution.

Changed

  • All GitHub Actions are now SHA-pinned (audit H-5 hardening). Every
    uses: org/repo@vX reference replaced with uses: org/repo@<full-sha> # vX.Y.Z
    to prevent supply-chain attacks via tag rewrites.
  • Ruff rule set ratcheted to GOV-003 §"Tooling and Automation" minus
    ANN
    (#106 + #107 + #109 + #111 + #113). Active select list:
    {E, F, I, W, N, T20, B, UP, SIM, RUF, S}. Per-line # noqa: SXXX
    annotations document each accepted exception (best-effort fallbacks,
    non-crypto RNG, ?-bound SQL with constant column lists).
    RUF002/RUF003 ignored globally for stylistic en-dash and ×.
  • CI install-step shell precedence fixed (#112). The
    pip install -e ".[dev]" || pip install -e "." && pip install pytest...
    chain parsed as (A || B) && C, so the pytest install ran on
    every success path including when [dev] already provided pytest.
    Wrapped the fallback in parentheses.
  • CONTRIBUTING.md accuracy (#115). Documents ruff format
    (project hasn't used black for a while) and lists what CI actually
    enforces so new contributors have a green-build target.

Compliance audit closure (tasks/compliance-audit-2026-04-25.md)

Severity Finding Status
CRITICAL C-1 branch protection CLOSED (with required status checks)
CRITICAL C-2 fabricated no_hardcoded_secrets claim CLOSED (#100)
HIGH H-1 ruff full select per GOV-003 CLOSED for {E,F,I,W,N,T20,B,UP,SIM,RUF,S}; ANN ratcheting per-module
HIGH H-2 coverage threshold not enforced CLOSED (#100)
HIGH H-4 GOV-006 / CODEOWNERS solo-maintainer CLOSED on the zettelforge side (#117); GOV-006 doc amendment in rolandpg/governance repo is separate scope
HIGH H-5 SCA gate + SHA-pinned actions CLOSED (#102 + #114 + SHA-pin commit)
MEDIUM M-1 bare except: in production CLOSED (#100)
MEDIUM M-3 OCSF timezone_offset field CLOSED (#100)
LOW L-4 CI install-step shell precedence CLOSED (#112)

Outstanding: H-3 (mypy --strict in CI; needs per-module ratchet plan
for 393 errors across 38 files), M-2 (rewrite GOV-016 to match the
YAML-frontmatter practice already in use), M-4 (lock file), H-1 ANN
ratchet (121 findings across 38 files).