dorian v1.0.1

dorian 1.0.1

A hardening, DX, and interop patch on top of 1.0.0. No breaking changes; the warrant format,
checker grammar, exit codes, and trust semantics are unchanged. The headline addition is the
first documented, reproducible cross-PR catch on a public repo.

Proof

• docs/REAL_CATCH_LOG.md — one documented catch on encode/httpx
  (BSD-3): a load-bearing claim sealed when requires-python was ">=3.8" was flipped
  WARRANTED → REVOKED (exit 4) by a real later upstream PR (#3592,
  "Drop Python 3.8 support") while httpx's own test suite stayed green and no stateless per-PR
  review would have re-opened the original claim. From-scratch reproduction included. This is
  one documented catch with honest scope, not a validation claim.

Security

• C4 hardening: a pytest: checker nodeid whose file part is empty or starts with -
  (e.g. pytest:-pevil, pytest:--collect-only) is now rejected as ERROR(bad_program)
  before any subprocess spawns — it can no longer reach pytest as an option. Red/green tested.
• C5 sqlite reconcile timeout: a pathological reconcile query (e.g. an infinite recursive
  CTE the read-only authorizer permits) is now bounded by a per-query wall-clock deadline and
  returns ERROR(query_timeout) instead of hanging the process — closing a DoS that survived
  --deny-exec (typed C5 reads are deliberately not exec-gated). Red/green tested.
• Supply chain: every third-party GitHub Action is pinned to an immutable commit SHA (each
  verified via git ls-remote); a new security.yml runs pip-audit (SCA) and bandit
  (SAST), and Dependabot keeps the pins and deps fresh. bandit excludes only dorian's
  documented, policy-gated execution primitives, with a reason per check.

Performance

• dorian verify now builds the whole-repo Python-symbol and config-key indexes once per
  run instead of 2×/3×; output is byte-identical (pinned by a call-count spy + the existing
  watch/read-set assertions).

Features (additive, opt-in)

• dorian suggest-claims <file.py> — a deterministic, zero-model C3 counterpart to
  suggest-data-checks. Proposes symbol: claims for non-private defs/classes and py-const:
  claims for literal module constants, runs each, and emits only the passing ones, so the
  {"claims": [...]} fragment seals unmodified. load_bearing defaults to false; ambiguous
  symbols are skipped. Scaffolding for review (existence/value, not behavior) — see
  docs/design/SUGGEST_CLAIMS.md.
• dorian export --in-toto <artifact> — project a sealed .warrant into an experimental
  in-toto ClaimVerification Statement (deterministic, no signing, no network, zero deps).
  Experimental interop — see docs/ATTESTATION_INTEROP.md.

Docs / DX

• The runnable "Try it in 30 seconds" demo is promoted above the fold and the Demo badge points
  at it; the illustrative /login story is clearly labeled.
• New: docs/WRITING_GOOD_CLAIMS.md (worked good/bad claim pairs + the gutted-body ceiling),
  docs/SECURITY_AND_SAFE_RUNNERS.md (one safe public-fork recipe), a sharpened
  docs/USE_WITH_CLAUDE_CODE.md, and the public benchmark protocol reconciled with what shipped.

Honest scope (unchanged from 1.0.0)

The public benchmark is reproducibility evidence on frozen SHAs only, not general real-world
validation. Trigger and truth layers are reported separately, and ERROR is not BROKEN.
--deny-exec/--deny-shell are fail-closed policies, not sandboxes; checker_trust: base
is a checker-source trust root, not a sandbox. suggest-claims checks existence/value, not
behavior (a gutted body keeps a symbol: claim green); the in-toto export is experimental.
A warrant id is content-addressed and tamper-evident, but its body includes the seal
timestamp, so a fresh seal yields a different id — what reproduces is the outcome, not the id.

Install

pip install dorian-vwp

PyPI publishing is a separate step and is not performed by this GitHub Release; pip will
serve 1.0.0 until 1.0.1 is published to PyPI via the Trusted Publisher workflow.