dorian 1.0.0
dorian 1.0.0 includes deterministic, token-free claim revalidation for trusted repositories; structural checkers including py-signature:, py-const:, code:, and config-value:; a public micro-benchmark with machine-derived structural claims reproduced on named repositories pinned at frozen SHAs; and release provenance through GitHub artifact attestations.
The public benchmark is reproducibility evidence on frozen SHAs only, not a general real-world validation claim. Trigger and truth layers are reported separately, and ERROR is not BROKEN. --deny-exec and --deny-shell are fail-closed policies, not sandboxes. trusted-base is a checker-source trust root, not a sandbox.
Artifacts from the successful release gate (build + 3.11/3.12/3.13 test matrix + SHA-256 + Sigstore build-provenance attestation):
dorian_vwp-1.0.0-py3-none-any.whldorian_vwp-1.0.0.tar.gzSHA256SUMS
PyPI publishing is separate and is not performed by the GitHub Release step.