Release 2.1.1

Summary

Release 2.1.1 is a maintenance release focused on NuGet.org README compatibility.

Fixed

• Updated the package README image markup so NuGet.org renders the project preview image correctly.
• Replaced unsupported HTML image/alignment tags with standard Markdown image syntax.
• Updated the README image reference to use a NuGet-compatible hosted image URL.

No package API or runtime behavior changes are included in this release.

Release 2.1.0

Summary

2.1.0 is a compatible minor release for the stable 2.1.x AsiBackbone package family.

This release preserves the 2.0.0 public package and namespace boundary while adding backward-compatible policy-pipeline ergonomics, audit-residue construction helpers, benchmark guidance, custom decision-policy examples, documentation alignment, and in-memory outbox hardening.

Highlights

• Added optional policy evaluator fast-abort support through AsiBackbonePolicyEvaluatorOptions.ShortCircuitOnFirstDenial.
• Added ASP.NET Core endpoint metadata support for optional first-denial fast-abort preference.
• Added AuditResidueBuilder for fluent construction of complex audit residue values.
• Added a benchmark console project under benchmarks/AsiBackbone.Benchmarks.
• Added custom decision-policy examples for strict deny-wins composition, warning preservation, regional overlays, acknowledgment-required outcomes, gateway readiness checks, and latency-sensitive orchestration.
• Hardened in-memory governance outbox transition behavior so terminal records are not accidentally overwritten.
• Updated release metadata, documentation, README, DocFX navigation, release validation guidance, API compatibility notes, changelog, citation metadata, Zenodo metadata, and Source Link validation defaults for 2.1.0.

Compatibility

Existing stable 2.0.0, 2.0.1, and 2.0.2 consumers should be able to upgrade to 2.1.0 without required source-code changes for existing APIs.

No package ID or namespace changes are included.

No public API removals or renamed public APIs are intended.

AssemblyVersion remains 2.0.0.0 for the compatible stable 2.x line. Package Version, FileVersion, and InformationalVersion move to 2.1.0.

Package family

The stable package set remains:

AsiBackbone.Core
AsiBackbone.DependencyInjection
AsiBackbone.Storage.InMemory
AsiBackbone.EntityFrameworkCore
AsiBackbone.AspNetCore
AsiBackbone.Testing
AsiBackbone.Templates
AsiBackbone.Analyzers
AsiBackbone.OpenTelemetry
AsiBackbone.Signing.LocalDevelopment
AsiBackbone.Signing.ManagedKey

Install

dotnet add package AsiBackbone.Core --version 2.1.0
dotnet add package AsiBackbone.AspNetCore --version 2.1.0

Install only the packages needed by the consuming host.

Release boundary

AsiBackbone remains Accountable Systems Infrastructure for governed .NET decision flow: a governance spine, not an intelligence engine.

Event Hubs, Purview, Azure-specific SDK adapters, Aspire runtime packages, robotics, immutable-storage, and additional provider packages remain outside the stable package contract unless separately reviewed and released.

Validation

Release validation should pass through the repository release gates before publication, including CI restore/build/test, formatting, DocFX build, package creation, generated NuGet metadata validation, package SBOM generation, template package smoke validation, external consumer smoke tests, stable package integration smoke tests, and version consistency validation for 2.1.0.

After NuGet packages are visible, validate Source Link repository commit metadata with:

./scripts/Validate-Source-Link-commit-metadata.ps1 -Version 2.1.0

Release 2.0.2

Summary

2.0.2 is a compatible patch release for the stable 2.0.x AsiBackbone package family.

This release corrects the package-facing icon presentation issue discovered after 2.0.1. The previous package icon asset could render incompletely in package-list and package-detail contexts. 2.0.2 preserves the 2.0.0 public package and namespace boundary while aligning release metadata and documentation for the corrected package presentation release.

Release summary

2.0.2 keeps the simplified AsiBackbone.* package and namespace identity established in 2.0.0.

This is a patch release focused on package/repository presentation assets, release metadata, changelog alignment, and documentation updates.

No runtime behavior changes are included.

No public API expansion is included.

No package ID or namespace changes are included.

What changed

• Corrected the package icon asset used for NuGet and repository/package presentation.
• Rebuilt PACKAGE-ICON.png from the source SVG so the icon renders as a complete image rather than an incomplete or partially rendered PNG.
• Promoted central package metadata from 2.0.1 to 2.0.2.
• Kept AssemblyVersion fixed at 2.0.0.0 for the compatible stable 2.x line.
• Updated FileVersion to 2.0.2.0.
• Updated CITATION.cff and .zenodo.json for the 2.0.2 release.
• Updated the Source Link validation script default package version to 2.0.2.
• Added 2.0.2 release notes.
• Added a 2.0.2 release readiness record.
• Added missing root CHANGELOG.md entries for both 2.0.1 and 2.0.2.
• Updated README, documentation home, article index, DocFX article navigation, release validation guidance, and API compatibility / SemVer guidance for the 2.0.2 release posture.

Compatibility

Existing 2.0.0 and 2.0.1 consumers should be able to upgrade to 2.0.2 without required source-code changes.

2.0.2 does not expand the stable package surface.

The stable package family remains:

AsiBackbone.Core
AsiBackbone.DependencyInjection
AsiBackbone.Storage.InMemory
AsiBackbone.EntityFrameworkCore
AsiBackbone.AspNetCore
AsiBackbone.Testing
AsiBackbone.Templates
AsiBackbone.Analyzers
AsiBackbone.OpenTelemetry
AsiBackbone.Signing.LocalDevelopment
AsiBackbone.Signing.ManagedKey

Release boundary

AsiBackbone remains Accountable Systems Infrastructure for governed .NET decision flow.

This release does not change AsiBackbone into an intelligence engine, compliance product, robot controller, signing appliance, immutable ledger, or operational enforcement system. Hosts remain responsible for authentication, authorization, execution, persistence, key management, privacy review, operational monitoring, and legal/compliance interpretation.

Validation

Before publishing, the release candidate should pass the repository release gates, including:

• CI restore, build, formatting, tests, and coverage gates.
• Stable Release Validation.
• DocFX documentation build.
• Package creation.
• Generated NuGet metadata validation.
• Package SBOM generation.
• Template package smoke validation.
• External consumer smoke tests.
• Version consistency validation for 2.0.2.
• Package/SBOM provenance handling where supported by the workflow event.

Before publishing, generated package artifacts should also be inspected to confirm PACKAGE-ICON.png is included and renders correctly in NuGet/package contexts.

After packages are published and visible on NuGet, validate Source Link repository commit metadata with:

./scripts/Validate-Source-Link-commit-metadata.ps1 -Version 2.0.2

Release 2.0.1

Summary

2.0.1 is a compatible patch release for the stable 2.0.x AsiBackbone package family.

This release preserves the 2.0.0 public package and namespace boundary while tightening post-2.0.0 documentation alignment, release-path SBOM/provenance handling, repository/package icon metadata, and release-facing version metadata.

Release summary

2.0.1 keeps the simplified AsiBackbone.* package and namespace identity established in 2.0.0.

This is a patch release focused on release readiness and project/package metadata rather than runtime behavior or public API expansion.

What changed

• Promoted central package metadata from 2.0.0 to 2.0.1.
• Kept AssemblyVersion fixed at 2.0.0.0 for the compatible stable 2.x line.
• Updated FileVersion to 2.0.1.0.
• Updated CITATION.cff and .zenodo.json for the 2.0.1 software release.
• Updated the Source Link validation default package version to 2.0.1.
• Added 2.0.1 release notes.
• Added a 2.0.1 release readiness record.
• Updated README, documentation home, article index, DocFX article navigation, release validation guidance, and API compatibility / SemVer guidance for the 2.0.1 release posture.
• Preserved documentation boundaries around Accountable Systems Infrastructure, host-owned execution, package-signing status, and non-claims.
• Carried forward package SBOM/provenance release-path hardening from the post-2.0.0 work.

Compatibility

This release is intended to be compatible with 2.0.0.

Existing 2.0.0 consumers should be able to upgrade to 2.0.1 without required source-code changes.

No intentional runtime behavior changes are included.

No public API expansion is claimed.

No package ID or namespace changes are included.

Stable package family

The stable package set remains:

AsiBackbone.Core
AsiBackbone.DependencyInjection
AsiBackbone.Storage.InMemory
AsiBackbone.EntityFrameworkCore
AsiBackbone.AspNetCore
AsiBackbone.Testing
AsiBackbone.Templates
AsiBackbone.Analyzers
AsiBackbone.OpenTelemetry
AsiBackbone.Signing.LocalDevelopment
AsiBackbone.Signing.ManagedKey

Release boundary

AsiBackbone remains Accountable Systems Infrastructure for governed .NET decision flow.

This release does not change AsiBackbone into an intelligence engine, compliance product, robot controller, signing appliance, immutable ledger, or operational enforcement system. Hosts remain responsible for authentication, authorization, execution, persistence, key management, privacy review, operational monitoring, and legal/compliance interpretation.

Validation

Before publishing, the release candidate should pass the repository release gates, including:

• CI restore, build, formatting, tests, and coverage gates.
• Stable Release Validation.
• DocFX documentation build.
• Package creation.
• Generated NuGet metadata validation.
• Package SBOM generation.
• Template package smoke validation.
• External consumer smoke tests.
• Version consistency validation for 2.0.1.
• Package/SBOM provenance handling where supported by the workflow event.

After packages are published and visible on NuGet, validate Source Link repository commit metadata with:

./scripts/Validate-Source-Link-commit-metadata.ps1 -Version 2.0.1

Release 2.0.0

Summary

AsiBackbone 2.0.0 is a major release that establishes the simplified AsiBackbone.* package and namespace identity.

This release continues the project’s role as Accountable Systems Infrastructure for governed .NET decision flow, while cleaning up the public package and namespace naming after the earlier CDCavell.AsiBackbone.* line.

Breaking Changes

This is a breaking release.

Consumers migrating from the previous package line must update package references and namespaces.

Package reference migration

Replace package references such as:

<PackageReference Include="CDCavell.AsiBackbone.Core" Version="1.x.x" />

with:

<PackageReference Include="AsiBackbone.Core" Version="2.0.0" />

Namespace migration

Replace namespace imports such as:

using CDCavell.AsiBackbone.Core;

with:

using AsiBackbone.Core;

Repeat this migration for each referenced AsiBackbone package and namespace.

Changed

• Renamed public NuGet package IDs to the simplified AsiBackbone.* package family.
• Renamed public namespaces to the simplified AsiBackbone.* namespace family.
• Promoted central version metadata to 2.0.0.
• Updated AssemblyVersion to 2.0.0.0 for the new compatible 2.x binary line.
• Updated FileVersion to 2.0.0.0.
• Updated CITATION.cff and .zenodo.json metadata for 2.0.0.
• Updated README and documentation to identify stable 2.0.x as the current release line.
• Added 2.0.0 release notes and release readiness documentation.
• Updated release validation and Source Link validation guidance for 2.0.0.
• Updated the template identity to AsiBackbone.Templates.WebApi.
• Updated the security policy to identify 2.x as the current supported stable line.

Stable Package Set

The 2.0.0 release includes the following package family:

AsiBackbone.Core
AsiBackbone.DependencyInjection
AsiBackbone.Storage.InMemory
AsiBackbone.EntityFrameworkCore
AsiBackbone.AspNetCore
AsiBackbone.Testing
AsiBackbone.Templates
AsiBackbone.Analyzers
AsiBackbone.OpenTelemetry
AsiBackbone.Signing.LocalDevelopment
AsiBackbone.Signing.ManagedKey

Compatibility Notes

• 2.0.0 is a major release because package IDs and public namespaces changed.
• Existing 1.x consumers must update package references and using statements.
• The 2.x line should preserve AssemblyVersion 2.0.0.0 for future compatible minor and patch releases.
• Future Event Hubs, Purview, Azure-specific SDK adapters, Aspire runtime packages, robotics, immutable-storage, and additional provider packages remain outside the stable package contract unless separately reviewed and released.

Post-Publish Validation

After packages are published and visible on NuGet, validate Source Link repository metadata with:

./scripts/Validate-Source-Link-commit-metadata.ps1 -Version 2.0.0

NuGet Follow-Up

After the AsiBackbone.* packages are published, the previous CDCavell.AsiBackbone.* package line should be deprecated on NuGet with alternate package guidance pointing to the corresponding AsiBackbone.* replacements.

Release 1.2.1

Summary

1.2.1 is a compatible patch release for the stable 1.2.x AsiBackbone package family.

This release preserves the existing 1.2.0 package/API boundary while tightening release metadata, documentation alignment, Source Link validation guidance, package-signing wording, and release-readiness checks.

No breaking public API changes are intended.

Highlights

• Promotes package metadata from 1.2.0 to 1.2.1
• Keeps AssemblyVersion fixed at 1.0.0.0 for the compatible stable 1.x line
• Updates FileVersion, package versioning, citation metadata, and Zenodo metadata for 1.2.1
• Adds / updates 1.2.1 release notes, release readiness documentation, and CHANGELOG coverage
• Aligns README, documentation home, article index, TOC, release validation, API compatibility / SemVer guidance, template package documentation, and quality posture
• Clarifies historical alpha, 1.0.0, and 1.1.0 documentation as historical or transition context while pointing current-facing guidance to the 1.2.x package family
• Clarifies OpenTelemetry as the released governance-emission provider
• Clarifies that Azure Monitor is reached through host-configured OpenTelemetry exporters
• Preserves Event Hubs, Purview, SIEM, robotics, immutable storage, and similar areas as host-owned, strategy-only, design-only, future-provider, or separately reviewed work unless explicitly released as stable packages
• Clarifies signing boundaries around signing-ready Core metadata, local-development signing, managed-key adapter surfaces, production key custody, tamper-evidence, immutability, legal non-repudiation, and compliance certification
• Aligns Source Link validation guidance and script defaults with 1.2.1

Compatibility

1.2.1 is intended as a compatible patch release on the 1.2.0 minor-release boundary.

Existing stable 1.2.0 consumers should be able to upgrade to 1.2.1 without required source-code changes.

AssemblyVersion remains 1.0.0.0.

Validation guidance

Before tagging or publishing, the release candidate should pass the standard release-validation path, including:

• CI
• Stable Release Validation
• DocFX documentation build / publish validation
• Version consistency validation for 1.2.1
• NuGet package metadata validation
• Template package smoke validation
• External consumer smoke test
• Stable package integration smoke test
• Post-publish Source Link repository commit metadata validation

After packages are published and visible on NuGet, Source Link repository commit metadata can be checked with:

./scripts/Validate-Source-Link-commit-metadata.ps1 -Version 1.2.1

Upgrade guidance

Consumers already using 1.2.0 can upgrade to 1.2.1 as a patch update.

No source-code migration is expected for stable 1.2.0 consumers.

Boundary reminder

In this repository, ASI means Accountable Systems Infrastructure.

AsiBackbone provides governance-oriented .NET building blocks for accountable decision flow. It is not an artificial superintelligence implementation, AI model host, legal-compliance guarantee, signing appliance, observability backend, or robot controller.

Release 1.2.0

Summary

1.2.0 is a compatible minor release for the stable 1.x AsiBackbone package family.

This release prepares the project for the current 1.2.x stable line by aligning release metadata, NuGet package metadata, documentation, template behavior, release validation guidance, and public project wording around the current package family.

No breaking public API changes are intended.

In this software project, ASI means Accountable Systems Infrastructure. AsiBackbone remains a governance-spine package family for accountable .NET decision flow; it is not an artificial superintelligence implementation, AI model host, robot controller, compliance guarantee, immutable ledger, or production tamper-evidence provider by itself.

Highlights

• Promoted release metadata from 1.1.1 to 1.2.0.
• Preserved AssemblyVersion as 1.0.0.0 for the compatible stable 1.x line.
• Updated package Version, FileVersion, and InformationalVersion for 1.2.0.
• Added dedicated 1.2.0 release notes.
• Added a 1.2.0 release readiness record.
• Updated README, documentation home, article index, DocFX navigation, API compatibility guidance, release validation guidance, quality documentation, citation metadata, and Zenodo metadata for the 1.2.x package family.
• Updated template package references for 1.2.0.
• Fixed release-validation issues around template content packing, template content compilation, DocFX metadata inspection, and NuGet README metadata validation.

Stable package family

The 1.2.0 release covers the following package family:

• CDCavell.AsiBackbone.Core
• CDCavell.AsiBackbone.DependencyInjection
• CDCavell.AsiBackbone.Storage.InMemory
• CDCavell.AsiBackbone.EntityFrameworkCore
• CDCavell.AsiBackbone.AspNetCore
• CDCavell.AsiBackbone.Testing
• CDCavell.AsiBackbone.Templates
• CDCavell.AsiBackbone.Analyzers
• CDCavell.AsiBackbone.OpenTelemetry
• CDCavell.AsiBackbone.Signing.LocalDevelopment
• CDCavell.AsiBackbone.Signing.ManagedKey

Compatibility notes

1.2.0 is a compatible minor release in the stable 1.x line.

Existing stable 1.x consumers should be able to upgrade without required source-code changes for existing APIs.

The release continues the project’s stable binary identity strategy:

• Package Version: 1.2.0
• AssemblyVersion: 1.0.0.0
• FileVersion: 1.2.0.0
• InformationalVersion: 1.2.0+...

Documentation updates

This release aligns the documentation set around the current stable 1.2.x package family, including:

• implementation-first adoption guidance;
• package-family boundaries;
• release validation process;
• API compatibility and SemVer guidance;
• template usage;
• quality posture;
• release readiness tracking;
• public wording and non-claim boundaries.

Template and validation fixes

This release also includes release-preparation fixes discovered during validation:

• Excluded inner template content projects from smoke-test package packing.
• Prevented template .cs scaffold files from compiling as part of the template package project.
• Allowed the inner template project to resolve local AsiBackbone project references when inspected inside the repository.
• Updated NuGet metadata validation so README package-family checks are derived from the expected release version instead of being hard-coded to 1.1.x.

Boundary notes

AsiBackbone remains Accountable Systems Infrastructure for governed .NET decision flow.

The host application remains responsible for:

• authentication and authorization;
• persistence provider selection;
• database migrations;
• execution behavior;
• DLP/classification implementation;
• signing provider selection;
• key custody;
• verification policy;
• storage immutability;
• telemetry exporter configuration;
• legal, compliance, and operational accountability.

Event Hubs, Purview, Azure-specific SDK adapters, robotics, immutable-storage, external anchoring, and additional provider packages remain outside the 1.2.0 stable package contract unless separately reviewed and released.

Validation

Release validation should include:

• CI
• Stable Release Validation
• Version Consistency
• DocFX documentation build
• Package creation
• Generated NuGet metadata validation
• Template package smoke validation
• External consumer smoke test
• Stable package integration smoke test

Related

• Issue: #315
• Release preparation PR: #336

Release 1.1.1

Summary

1.1.1 is a compatible patch release for the stable 1.1.x AsiBackbone package family.

This release focuses on post-1.1.0 hardening, release metadata cleanup, documentation clarity, endpoint-governance safety, telemetry bounds, allocation reduction, coverage enforcement, test expansion, and dependency/security hygiene.

No breaking public API changes are intended. Existing 1.1.0 consumers should be able to upgrade without required source-code changes.

Highlights

Release metadata

• Updates package release metadata to 1.1.1.
• Preserves AssemblyVersion as 1.0.0.0 for compatible stable 1.x binary identity.
• Updates FileVersion to 1.1.1.0.
• Updates citation/archive metadata for the 1.1.1 release.

Security and dependency hardening

• Pins SQLitePCLRaw.bundle_e_sqlite3 to the maintained 3.x package line through central package management.

• Adds explicit SQLitePCLRaw bundle references for SQLite-backed non-packable projects:

  • CDCavell.AsiBackbone.Samples.PlainAspNetCoreHost
  • CDCavell.AsiBackbone.EntityFrameworkCore.Tests

• Removes the vulnerable/deprecated SQLite native transitive restore path from sample and test restore flows.

• Preserves SQLite-backed EF Core sample behavior and SQLite test coverage.

• Keeps SQLite dependency hardening limited to sample/test usage and does not add SQLite as a required dependency for the stable runtime package surface.

Endpoint governance hardening

• Adds optional ASP.NET Core endpoint-governance strict mode through RequireGovernanceMetadata.
• Preserves existing opt-in/default endpoint-governance behavior for backward compatibility.
• Allows hosts to explicitly exclude known public endpoints when strict metadata enforcement is enabled.
• Clarifies that endpoint governance does not replace ASP.NET Core authentication, authorization, routing, middleware enforcement, persistence, UI, or host-owned execution controls.

Telemetry and result hardening

• Bounds normalized GovernanceDecision correlation and trace identifiers to deterministic 256-character maximums.
• Preserves existing blank-to-null telemetry identifier behavior.
• Trims and truncates overlong telemetry identifiers safely and predictably.

Performance

• Reduces default ASP.NET Core middleware 403 allocation pressure by using a cached, bodyless forbidden result by default.
• Adds an opt-in forbidden-result factory so hosts can return richer safe responses when desired.
• Reduces avoidable Core allocation overhead in reason handling for GovernanceDecision, ConstraintEvaluationResult, and OperationResult.
• Snapshots policy evaluator constraints into an exact-sized private array to avoid repeated caller-owned collection wrapping.

Quality and tests

• Adds a Core-only branch coverage gate for CDCavell.AsiBackbone.Core.

• Expands branch and behavior coverage across:

  • capability grants and capability-token validation;
  • canonical payload construction and hashing;
  • signing and verification policy handling;
  • governance emission;
  • governance outbox behavior;
  • DLP/classification policy branches;
  • audit integrity verification;
  • operation and decision result behavior;
  • endpoint governance route-builder behavior.

Documentation

• Adds and refines documentation for:

  • progressive adoption and onboarding;
  • API-gating quickstart guidance;
  • host-owned execution enforcement;
  • DLP/classification scanner integration seams;
  • safe audit and telemetry data;
  • outbox drain reliability and alerting;
  • outbox multi-worker concurrency boundaries;
  • terminology mapping for .NET developers.

• Reframes alpha-era documents as historical records rather than current release guidance.

• Clarifies stable 1.x API compatibility and semantic versioning guidance.

• Clarifies design-only provider boundaries for Event Hubs, Purview, Azure-specific adapters, robotics, immutable storage, and future provider packages.

• Improves navigation across the README, documentation home page, article index, upgrade guide, and table of contents.

Compatibility notes

• This is a compatible patch release in the stable 1.x line.
• AssemblyVersion remains 1.0.0.0.
• Existing 1.1.0 consumers should be able to upgrade to 1.1.1 without required source-code changes.
• Endpoint-governance strict mode is opt-in.
• SQLite dependency hardening is limited to non-packable sample/test projects.
• Future provider directions documented in the repository do not imply those providers have shipped as stable NuGet packages unless separately released.

Release 1.1.0

Summary

AsiBackbone 1.1.0 is an additive minor release over 1.0.0 that expands the package family from the first stable governance foundation into a broader Accountable Systems Infrastructure release line.

This release keeps the project boundary clear: AsiBackbone remains governance infrastructure for accountable .NET decision flow. It does not implement artificial superintelligence, host AI models, control robots, certify compliance, or provide production tamper-evidence, immutability, or legal non-repudiation by default.

Highlights

• Promotes package version metadata to 1.1.0.
• Preserves AssemblyVersion as 1.0.0.0 for compatible 1.x binary identity.
• Expands the stable package family to include analyzers, OpenTelemetry projection, and signing-provider boundaries.
• Adds release validation improvements for version metadata, generated package versions, and NuGet package metadata.
• Updates README, changelog, citation metadata, Zenodo metadata, documentation index, getting started guidance, release validation guidance, and release readiness checklist.

Stable Package Family

The 1.1.0 release includes:

• CDCavell.AsiBackbone.Core
• CDCavell.AsiBackbone.Storage.InMemory
• CDCavell.AsiBackbone.EntityFrameworkCore
• CDCavell.AsiBackbone.AspNetCore
• CDCavell.AsiBackbone.Analyzers
• CDCavell.AsiBackbone.OpenTelemetry
• CDCavell.AsiBackbone.Signing.LocalDevelopment
• CDCavell.AsiBackbone.Signing.ManagedKey

Added

• Provider-neutral governance emission contracts and envelope/result/error primitives.
• Durable governance outbox and audit residue lifecycle release surfaces.
• CDCavell.AsiBackbone.OpenTelemetry as the first concrete governance emission provider package.
• CDCavell.AsiBackbone.Analyzers for Roslyn analyzer safety rails around governance persistence and continuation flows.
• Signing-ready receipt, canonical hashing/signing, and verification-policy seams.
• CDCavell.AsiBackbone.Signing.LocalDevelopment for local-development RSA signing and verification in tests, samples, and proof paths.
• CDCavell.AsiBackbone.Signing.ManagedKey as a provider-neutral managed-key signing adapter boundary.
• ASP.NET Core endpoint governance metadata and hosted outbox drain integration.

Changed

• Updated central release metadata from 1.0.0 to 1.1.0.
• Updated FileVersion to 1.1.0.0.
• Updated CITATION.cff and .zenodo.json for the 1.1.0 release.
• Updated release-facing documentation to describe the expanded 1.1.0 package family.
• Updated NuGet metadata validation to expect all eight release package artifacts.
• Updated README validation anchors for the 1.1.0 stable package family.
• Updated release validation workflow to run version metadata checks before build and generated package-version checks after package creation.
• Expanded stable package integration smoke testing to reference all eight package artifacts.

Boundary Notes

The following remain outside the 1.1.0 stable package boundary unless separately reviewed and released:

• Event Hubs provider implementation
• Purview provider implementation
• Azure-specific SDK adapters
• Azure Key Vault or Managed HSM live integration
• Robotics or physical execution
• Immutable storage
• External anchoring
• Production tamper-evidence or non-repudiation guarantees

The managed-key signing adapter does not ship a live Azure Key Vault, Managed HSM, cloud KMS, HSM, certificate-store, or credential-provider implementation by default. The host supplies the actual managed-key client, credentials, key operations, verification path, monitoring, and operational policy.

Validation

Release validation should confirm:

• version metadata consistency;
• restore, build, format, and test pass;
• DocFX documentation builds;
• all package projects pack successfully;
• generated package versions match 1.1.0;
• NuGet package metadata validation passes;
• external consumer smoke test passes;
• stable package integration smoke test passes.

Release 1.0.0

ASIBackbone 1.0.0

ASIBackbone 1.0.0 is the first stable release of the ASIBackbone .NET package family.

In this project, ASI means Accountable Systems Infrastructure. ASIBackbone is governance infrastructure for accountable decision flow. It does not implement artificial superintelligence, host AI models, control robots, or guarantee legal or regulatory compliance.

Release identity

Field	Value
Package version	1.0.0
Release tag	v1.0.0
Assembly version	1.0.0.0
File version	1.0.0.0
Citation version	1.0.0
Zenodo metadata version	1.0.0

No preview or -alpha suffix is expected for the stable package artifacts.

Highlights

This release stabilizes the initial ASIBackbone package family around a practical governance spine:

Intent or request
  -> policy context
  -> constraint evaluation
  -> governance decision
  -> optional acknowledgment
  -> audit residue or ledger record
  -> optional capability boundary
  -> host-owned execution

The 1.0.0 release provides the initial stable foundation for:

• framework-neutral governance primitives;
• actor context modeling;
• constraint evaluation;
• governance decision outcomes;
• operation result handling;
• audit residue and ledger contracts;
• acknowledgment and responsibility-handshake workflows;
• capability-token abstractions;
• ASP.NET Core host integration;
• in-memory validation storage;
• EF Core host-owned persistence support.

Stable package family

Package	Stable role
CDCavell.AsiBackbone.Core	Framework-neutral governance primitives, decisions, constraints, audit contracts, acknowledgment contracts, capability-token abstractions, and operation results.
CDCavell.AsiBackbone.Storage.InMemory	Non-durable in-memory audit sink and ledger helpers for tests, samples, and local validation.
CDCavell.AsiBackbone.EntityFrameworkCore	EF Core model configuration and audit ledger persistence through a host-owned DbContext.
CDCavell.AsiBackbone.AspNetCore	Thin ASP.NET Core host adapters for actor context, request correlation, HTTP result mapping, and acknowledgment challenge support.

Future or provider-specific packages are not automatically part of the 1.0.0 stable contract unless they are explicitly released as stable.

What changed since the alpha line

Core governance primitives

The Core package now provides the shared public language for governed decision flow, including:

• actor context primitives for human, service, agent, system, and unknown actors;
• constraint evaluation contracts and result shapes;
• governance decision outcomes for allowed, warning, denied, deferred, acknowledgment-required, and escalation-recommended states;
• operation result primitives with reason codes and warnings;
• audit residue contracts and decision-derived audit residue helpers;
• audit ledger record shape and storage contract;
• acknowledgment and responsibility-handshake primitives;
• capability-token abstractions for scoped, time-bound permission boundaries;
• policy version, policy hash, correlation ID, trace ID, and schema-version fields where relevant.

Policy evaluator pipeline

The default evaluator provides a framework-neutral way to compose constraint results into governance decisions.

Hosts can define their own constraints and optionally apply a decision policy after constraint composition. The evaluator remains independent of ASP.NET Core, EF Core, AI model packages, robotics packages, and host templates.

Storage and persistence

The package family includes two storage-related paths:

• CDCavell.AsiBackbone.Storage.InMemory for non-durable tests, samples, and local validation;
• CDCavell.AsiBackbone.EntityFrameworkCore for host-owned persistence using EF Core model configuration and ledger storage helpers.

The EF Core package does not own the host database. The host owns the DbContext, provider, connection string, migrations, deployment, retention, access controls, and operational lifecycle.

ASP.NET Core adapters

The ASP.NET Core package provides thin host adapters for web applications. It helps translate HTTP request context into Core-compatible governance context and translate Core outcomes into HTTP-friendly shapes when explicitly used by the host.

It does not register authentication, authorization, MVC, Razor Pages, Minimal API endpoints, EF Core, policy evaluators, persistence stores, middleware enforcement, UI rendering, or external execution behavior by default.

Validation

The 1.0.0 release path includes package-shaped validation intended to confirm downstream consumer readiness.

Validation includes:

• release package generation;
• package version consistency validation;
• generated .nupkg metadata validation;
• external consumer smoke-test validation;
• restore and package consumption from a local NuGet source;
• verification that a clean external xUnit project can consume the package family without repository project references.

This validation is a package-consumer confidence check. It is not a production host template.

Compatibility

After 1.0.0, stable packages are expected to follow Semantic Versioning:

• patch releases fix defects without intentionally breaking stable public APIs;
• minor releases may add compatible APIs, options, adapters, and behavior;
• major releases are reserved for breaking changes;
• preview packages or preview APIs may change before being promoted to stable.

The stable API surface includes public types, public members, documented extension points, documented service-registration methods, and stable persisted or serialized artifact shapes that are explicitly documented as stable.

Internal implementation details, samples, generated smoke-test hosts, local validation scripts, and preview provider packages are not part of the same compatibility promise unless they are explicitly documented as stable.

Privacy and signing boundaries

The 1.0.0 release includes signing-ready fields such as policy version, policy hash, schema version, timestamps, correlation IDs, and record IDs. These fields support future signing and verification providers, but they do not create cryptographic protection by themselves.

1.0.0 does not provide built-in signing, key management, tamper-evident storage, privacy classification, or compliance guarantees.

Consumers should review the project documentation before using audit records or metadata in production systems.

Known limitations

This first stable release intentionally keeps several responsibilities outside the package boundary:

• no built-in AI model hosting, training, inference, or orchestration;
• no robot or physical-system control implementation;
• no built-in signing provider or key-management provider;
• no built-in tamper-evident ledger or immutable storage provider;
• no package-owned database lifecycle or migrations;
• no automatic metadata classification, redaction, tokenization, encryption, or privacy scanning;
• no legal, regulatory, audit-framework, or compliance certification;
• no replacement for host authentication, authorization, claims transformation, or endpoint protection;
• no automatic enforcement middleware that executes or blocks host operations without host code;
• no guarantee that in-memory storage is durable or production-safe.

These are intentional boundaries. The package is designed to keep consequential execution and operational policy under host control.

Upgrade notes from alpha packages

Consumers moving from alpha versions should review:

• namespace and package references;
• documented public API names;
• host-owned EF Core setup and migrations;
• ASP.NET Core service registration and options;
• audit record schema-version expectations;
• metadata privacy and signing boundaries;
• external consumer smoke-test guidance.

Because alpha packages may have changed before 1.0.0, consumers should test upgrades in a development environment before using the stable package line in production.

Related documentation

• 1.0.0 Quickstart
• 1.0.0 Release Readiness Checklist
• API Compatibility and SemVer
• Schema Versioning
• Privacy and Signing Boundaries
• EF Core Host Ownership and Migrations
• ASP.NET Core Integration Boundary