Skip to content

dorian v1.0.2

Choose a tag to compare

View all tags
@ajaysurya1221 ajaysurya1221 released this 17 Jun 09:41
· 11 commits to main since this release
v1.0.2
8790329
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

dorian 1.0.2

An announcement-readiness hotfix on top of 1.0.1. No breaking changes: the warrant format,
checker grammar, exit codes, and trust semantics are unchanged. The point of this release is
public-facing coherence — one version across PyPI, README, the Action docs, and the GitHub
release — plus two edge-case bug fixes, a real SCA-scope fix, and CI credential hardening.

It resolves the post-1.0.1 use-and-see validation findings (Codex GPT-5.5 HOTFIX_BEFORE_ANNOUNCE).

Why this release exists

1.0.1 was real on GitHub but pip install dorian-vwp still served 1.0.0, while the README
documented 1.0.1-only commands (suggest-claims, export --in-toto). 1.0.2 is published to
PyPI so the documented install path and command surface agree with the package a new user gets.

Public-trust fixes

  • PyPI coherence (FINDING-01) — 1.0.2 is published to PyPI via the Trusted-Publisher
    workflow, so pip install dorian-vwp provides the documented command surface. README,
    release docs, and install examples point to one coherent version.
  • Immutable Action ref (FINDING-02) — the README Getting-Started snippet pinned
    dorian/action@main (a moving target). It and the action docs now use @v1.0.2. A new
    version-sync guard fails CI if dorian/action@main reappears in public copy-paste.
  • SCA audits the project, not the tool (FINDING-03)security.yml ran uvx pip-audit,
    which audited pip-audit's own isolated environment, not dorian's dependencies. It now
    exports the resolved project set (uv export --all-extras --dev --no-emit-project) and audits
    that, with a step that asserts the project deps (duckdb/anthropic/pytest) are actually present.
  • Checkout credential hardening (FINDING-04) — every actions/checkout step now sets
    persist-credentials: false; none of these workflows perform authenticated git operations
    (the release/publish lanes mint short-lived OIDC tokens, not git credentials).
  • Release-gate determinism — the release-gate test job disables the uv cache
    (enable-cache: false) so release validation runs from a clean resolve.

Bug fixes

  • export of an artifact literally named *.warrant (FINDING-05)dorian export
    unconditionally stripped a .warrant suffix, so dorian export foo.warrant looked for the
    wrong sidecar and failed. It now prefers reading the input as the artifact (so foo.warrant
    exports its own foo.warrant.warrant sidecar) and only treats a .warrant-suffixed input as
    a sidecar path when the artifact has no sidecar of its own. Regression-tested.
  • suggest-claims on PEP 263 (non-UTF8) Python (FINDING-06) — the file was read with a
    hardcoded UTF-8 decode, so valid Python declaring e.g. # -*- coding: latin-1 -*- was
    rejected. It now parses the file's bytes so the encoding cookie is honored; an unknown/declared-
    wrong codec surfaces as a clear usage error, not a traceback. Regression-tested.
  • symbol_index non-git robustnesspyproject_script_definers reached git ls-files
    unguarded, so with a precomputed definer map plus a [project.scripts] table a non-git
    checkout raised GitError instead of degrading to {} (breaking the documented "non-git
    yields {}" contract of claim_symbol_watch_paths). The git call is now guarded; the symbol
    binding is preserved, only the git-dependent script-target resolution degrades. Regression-tested.

Docs / guards

  • Attestation-interop example (FINDING-07) — the in-toto example pinned a fixed
    "dorianVersion": "1.0.0"; it is now version-neutral, with a guard against a hardcoded value.
  • Stronger determinism test (FINDING-08) — the in-toto determinism test now asserts both
    CLI invocations succeed before comparing output bytes.
  • Stale-wording guard (FINDING-09) — the version-sync guard now also catches "until the PyPI
    release" (the narrower variant that slipped past the "first PyPI release" family).

Tests & gates

Full suite green at 1.0.2 (874 tracked tests, +5 new regression tests for the fixes above), ruff
clean, bandit clean, project-scope pip-audit clean, wheel/sdist build + twine check pass.
Both reproducible benchmark suites were re-run at 1.0.2 and reproduce the 1.0.1 figures
exactly (large-mutation P=R=0.93; binding-lifecycle to the same content-derived run_id), so
the hotfix touches no checker numeric behavior. The documented encode/httpx real catch was
independently reproduced on this build (verify exit 0 → revalidate exit 4 → REVOKED,
httpx-python-floor-38 BROKEN).

Honest scope (unchanged)

dorian has one documented, reproduced real cross-PR catch on frozen public SHAs — not broad
real-world validation. The benchmark suites are reproducibility evidence on frozen fixtures only.
--deny-exec/--deny-shell are fail-closed policies, not sandboxes; checker_trust: base
is a checker-source trust root, not a sandbox. suggest-claims checks existence/value, not
behavior (a gutted body keeps a symbol: claim green); the in-toto export is experimental and
not a registered in-toto predicate. A warrant id is content-addressed and tamper-evident, but
its body includes the seal timestamp, so a fresh seal yields a different id — what reproduces is
the outcome, not the id.

Install

pip install dorian-vwp        # 1.0.2 on PyPI
Assets 2
Loading