Skip to content

ActionLineage v0.1.0a1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@Marq-Dev Marq-Dev released this 21 Jun 22:18
v0.1.0a1
34b3791
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ActionLineage v0.1.0a1

This is the first public alpha pre-release of ActionLineage, a vendor-neutral evidence and detection plane for tool-using agents.

Maturity

This release is intentionally labeled alpha. Core event, redaction, local journal, projection, source-neutral ingestion, deterministic demo, and contract validation surfaces are alpha-supported. MCP/service/exporter/cloud/deployment surfaces remain preview unless stated otherwise in the maturity docs.

Included Artifacts

  • Source distribution: actionlineage-0.1.0a1.tar.gz
  • Wheel: actionlineage-0.1.0a1-py3-none-any.whl
  • SBOM: actionlineage-sbom.json
  • Unsigned local provenance: actionlineage-provenance.json
  • Checksums: SHA256SUMS.txt

Artifacts are not signed in this alpha. Hosted/signed provenance remains external-validation-required.

Fresh Public Clone Verification

Validated from a fresh clone of public main at 34b3791:

uv sync --locked --all-extras
uv run actionlineage version
uv run actionlineage doctor
uv run actionlineage demo run --output-dir build/actionlineage-demo
uv run actionlineage journal verify build/actionlineage-demo/evidence.jsonl --expected-record-count 18 --expected-last-event-hash sha256:c51f29aadf75d59dd69813e0348f6fbfe2a4297a31051bbdb362017aac01b981
uv run actionlineage contract validate contracts/examples/outbound-http.json build/actionlineage-demo/evidence.jsonl
uv run ruff check .
uv run ruff format --check .
uv run mypy src
uv run pytest
uv run python scripts/check_claims_language.py .
uv run python scripts/secret_scan.py .
uv run pip-audit
uv build --out-dir /tmp/actionlineage-release-v0.1.0a1/dist
uv run python scripts/generate_sbom.py --output /tmp/actionlineage-release-v0.1.0a1/actionlineage-sbom.json
uv run python scripts/generate_release_provenance.py --dist-dir /tmp/actionlineage-release-v0.1.0a1/dist --output /tmp/actionlineage-release-v0.1.0a1/actionlineage-provenance.json

Results:

  • pytest: 239 passed, 1 FastAPI/Starlette deprecation warning.
  • pip-audit: no known third-party vulnerabilities; local unpublished actionlineage skipped.
  • Demo: 18 verified journal records; verified, unverified, conflicting, and not-dispatched outcomes covered.

Security/Repository Controls Confirmed

  • main branch protection enabled.
  • Required PR review before merge.
  • Required checks: python, container, CodeQL analysis, Dependency review.
  • Force pushes and branch deletion disabled for main.
  • Conversation resolution required.
  • Dependabot alerts/security updates enabled.
  • Secret scanning and push protection enabled.
  • Private vulnerability reporting enabled.
  • Code scanning ran successfully for the merged release-readiness PR.

Known Limitations

  • This is not a production/stable 1.0 release.
  • Release artifacts are unsigned.
  • PyPI and GHCR publication are deferred.
  • Optional service, deployment, cloud, exporter, and MCP runtime surfaces remain preview.
  • Independent external security review and production evaluation remain future validation items.
Assets 7
Loading