Skip to content

Releases: EffortlessMetrics/uselesskey

v0.9.1

17 May 11:48
@github-actions github-actions
v0.9.1
fc69fb4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.9.1 Latest
Latest

What's Changed

🛠️ Maintenance

  • chore(deps): bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in #676
  • chore(deps): bump assert_cmd from 2.2.0 to 2.2.2 by @dependabot[bot] in #681
  • chore(deps): bump spin from 0.10.0 to 0.11.0 by @dependabot[bot] in #680
  • chore(deps): bump rcgen from 0.14.7 to 0.14.8 by @dependabot[bot] in #679
  • chore(deps): bump jsonwebtoken from 10.3.0 to 10.4.0 by @dependabot[bot] in #678
  • chore(deps): bump aws-lc-rs from 1.16.3 to 1.17.0 by @dependabot[bot] in #677

Other Changes

Full Changelog: v0.9.0...v0.9.1

Contributors

EffortlessSteven and dependabot
Assets 2
Loading

v0.9.0

15 May 00:52
@EffortlessSteven EffortlessSteven
v0.9.0
b03772d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.9.0

[0.9.0] - 2026-05-14

v0.9.0 is the command-backed fixture-platform release. It turns public
claims into runnable receipts, adds local PR evidence receipts, finishes the
no-panic new-debt cleanup, and ships the first post-TLS contract pack:
deterministic webhook verifier fixtures.

The public promise is still deliberately narrow: uselesskey provides
scanner-safe fixture material and proof receipts for tests. It does not claim
production secret management, production PKI, provider compatibility matrices,
or broad security assurance.

Added

  • Added the source-of-truth operating model: proposal/spec/ADR/plan indexes,
    active goal manifests, policy ledgers, closeout records, and standalone
    cargo xtask spec-check with strict and JSON output modes.
  • Added claim-backed verification surfaces: cargo xtask claim-report,
    claim-report --check-public-claims, contract-packs --check,
    claim-proof, metadata-only verification packs, and release-evidence claim
    receipts.
  • Added PR-lite evidence ergonomics through cargo xtask pr-lite receipts,
    heavy-evidence routing receipts, local validation guidance, and safe
    diff-scoped mutation fallback behavior.
  • Added the webhook contract pack: uselesskey bundle --profile webhook,
    deterministic HMAC verifier fixtures, webhook bundle proof, claim-proof
    coverage, verification-pack integration, and task-first webhook docs.
  • Added a v0.9.0 release evidence matrix for the command-backed claims,
    verification-pack receipts, PR-lite evidence, no-panic posture, and webhook
    contract-pack proof.

Changed

  • Minor release evidence now carries source-of-truth proof, claim reports,
    contract-pack registry receipts, claim-proof receipts, verification-pack
    summaries, and webhook bundle proof.
  • README, verification, and public-claim docs now route badge readers into
    command-backed reports and explicit claim boundaries instead of treating
    badges as a dashboard.
  • Contract packs are now registered product surfaces with specs, claims,
    proof commands, how-to docs, and release-evidence lanes.

Fixed

  • Cleaned up the no-panic-family new-debt surface and recorded the Stage A.5
    policy posture without resetting historical baseline debt.
  • Refreshed generated public badge endpoints through the existing
    command-backed badge path.
Loading

v0.8.0

12 May 21:32
@github-actions github-actions
v0.8.0
a8a32b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.8.0

uselesskey v0.8.0

TLS contract-pack and public crate-surface cleanup release.

What's new

TLS contract pack

  • uselesskey bundle --profile tls generates a deterministic chain
    fixture set with a valid intermediate-signed leaf plus four
    negative classes (expired leaf, not-yet-valid leaf, hostname
    mismatch, untrusted root). Per-fixture rejection expectations are
    documented in docs/release/v0.8.0-tls-profile-design.md.
  • cargo xtask bundle-proof --profile tls produces the release-
    evidence proof artifact for the TLS pack, mirroring the OIDC
    pattern.
  • Task-first how-to: docs/how-to/test-tls-chain-validation.md.

Task-first user docs sweep

  • Five new how-to pages covering common downstream test workflows:
    Vault KV export, build.rs materialize, WebAuthn ceremony
    validation, PKCS#11 mock fixtures, and webhook signature
    validation. (#590-#594)

Public crate-surface cleanup

  • 29 published-internal shim crates removed. v0.7.0 folded their
    content into owner-crate srp::* modules; v0.7.x kept the shims
    as compatibility re-exports; v0.8.0 removes them entirely. The
    v0.7.x crate versions remain on crates.io as historical records.
  • Migration guide: docs/how-to/migrate-to-v0.8.md. Most users do
    not need to migrate.

Publish-system hardening

  • HMAC, rustls PKI, and PGP-native content moved from former compat
    crates into owner srp::* modules. (#595, #598, #599)
  • Rust 1.94/1.95 Clippy ratchets activated workspace-wide. (#505)

Toolchain

No MSRV change. v0.8.0 stays on Rust 1.95.

Claim boundary

uselesskey is a test-fixture layer. It is not production key
management, scanner evasion, or cryptographic assurance.

Evidence

  • target/release-evidence/summary.md
  • target/release-evidence/release-evidence.md
  • target/release-evidence/scanner-safe/scanner-safe-bundle-proof.md
  • target/release-evidence/oidc/oidc-contract-pack-proof.md
  • target/release-evidence/tls/tls-contract-pack-proof.md (new)
  • target/mutation/nightly-receipt.md
  • target/xtask/perf/latest.md

See CHANGELOG.md for the full v0.8.0 list.

Loading

v0.7.1

11 May 21:36
@github-actions github-actions
v0.7.1
4a758a3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.7.1

uselesskey v0.7.1

Release-hardening patch for the Rust 1.95 scanner-safe fixture platform.

What's new

Publish-system guardrails

  • cargo xtask publish-check now verifies PUBLISH_CRATES is in
    dependency-topological order at PR time (#572). Closes the
    PUBLISH_CRATES-drift bug class fixed inline during v0.7.0.
  • cargo xtask publish-preflight and publish-check reject
    workspace.dependencies entries with version = "..." pointing at
    publish = false crates (#578). Closes the test-helper dependency-leak
    class fixed inline during v0.7.0.

Scanner-safe reference verification

  • cargo xtask scanner-safe-reference --check (#577) byte-compares the
    regenerated scanner-safe bundle outputs against the committed
    examples/scanner-safe-bundle/expected/* files and asserts the encoded
    Kubernetes/Vault payloads are not committed.

External install smoke

  • cargo xtask cratesio-smoke --path . (pre-publish) and
    cargo xtask cratesio-smoke --version 0.7.1 (post-publish) (#580)
    prove the outside-user view: fresh project, cargo add, cargo check,
    CLI install, scanner-safe bundle workflow.

Patch release evidence

  • cargo xtask release-evidence --patch (#581) runs a focused gate set
    for patch releases without the full minor-release mutation/perf load.

Documentation

  • docs/release/v0.7.0-lessons-learned.md (#571) — the v0.7.0
    publish-lane retrospective.
  • docs/how-to/recover-partial-publish.md and
    docs/release/publish-recovery.md (#579) — partial-publish recovery
    procedure and registry-truth rules.
  • docs/how-to/migration.md install snippets bumped to 0.7.0 (#582).

Toolchain

No MSRV change. v0.7.1 stays on Rust 1.95.

Claim boundary

uselesskey is a test-fixture layer. It is not production key
management, scanner evasion, or cryptographic assurance.

Evidence

  • Release-evidence patch lane: target/release-evidence/release-evidence.md
  • Scanner-safe bundle proof: target/release-evidence/scanner-safe/scanner-safe-bundle-proof.md

See CHANGELOG.md for the full v0.7.1 list.

Loading

v0.7.0

11 May 15:20
@github-actions github-actions
v0.7.0
1a5b944
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.7.0

uselesskey v0.7.0

The Rust 1.95 scanner-safe fixture platform release.

What's new

Scanner-safe bundles, verification, inspection, and handoff

  • uselesskey bundle --profile scanner-safe produces a deterministic
    fixture directory with a manifest and per-artifact receipts.
  • uselesskey verify-bundle checks bundle outputs against the recorded
    manifest.json and receipts.
  • uselesskey inspect-bundle prints a human-readable summary without
    exposing fixture payloads.
  • uselesskey export k8s and uselesskey export vault-kv-json render
    Kubernetes and Vault payloads from a verified bundle.

OIDC/JWKS contract pack

  • uselesskey bundle --profile oidc emits valid JWKS and JWT-shape
    fixtures plus duplicate-kid, missing-kid, alg: none, and
    bad-audience negatives for downstream validator tests.

Negative payload shapes

  • Scanner-safe negative JWK/JWKS and token-shape helpers in
    uselesskey-jwk and uselesskey-token.
  • A new facade example, negative_payload_shapes, demonstrates the
    failure-path workflow end-to-end.

Public surface and compatibility

  • A public-surface promise map separates supported public crates from
    published-internal implementation shards.
  • cargo xtask public-surface enforces the map.
  • Internal JWK, token, core, and X.509 shards have been folded into their
    owner crates; the former uselesskey-core-*, uselesskey-token-spec,
    and uselesskey-core-x509* crates remain published as compatibility
    shims for this release.

Evidence lanes

  • RIPR PR exposure, targeted PR mutation, nightly public-scope mutation,
    scheduled performance evidence, and a release-evidence runner with
    scanner-safe and OIDC bundle proofs.
  • Mutation survivor ledger and per-run receipts.

Documentation

  • Failure atlas covering protocol-shaped negative fixtures.
  • Scanner-safe bundle reference and OIDC/JWT validator how-tos.
  • Release category notes, evidence matrix, checklist issue map, and
    post-release audit checklist.

Toolchain change

This release raises MSRV from Rust 1.92 to Rust 1.95 and enables the
Rust 1.95 compiler/Clippy lint floor. Downstreams pinned to 1.92 should
remain on v0.6.x or upgrade their toolchain.

Claim boundary

uselesskey is a test-fixture layer. It is not production key
management, scanner evasion, or cryptographic assurance.

Evidence

  • target/release-evidence/summary.md
  • target/release-evidence/release-evidence.md
  • target/release-evidence/scanner-safe/scanner-safe-bundle-proof.md
  • target/release-evidence/oidc/oidc-contract-pack-proof.md
  • target/mutation/nightly-receipt.md
  • target/xtask/perf/latest.md

See CHANGELOG.md for the full v0.7.0 list.

Loading

v0.6.0

09 Apr 01:41
@EffortlessSteven EffortlessSteven
v0.6.0
52375d7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.6.0

Highlights

  • Added the cheap entropy lane.
  • Published uselesskey-cli with materialize and verify workflows.
  • Split build-time materialization into materialize-shape and materialize-rsa lanes.
  • Added cargo xtask economics and cargo xtask audit-surface receipts.
  • Updated docs to lead with lane choice and downstream fixture policy.

Lane economics

lane deps status
entropy 58 common-lane-clean
token 87 common-lane-clean
materialize-shape 81 common-lane-clean
materialize-rsa 120 specialized-lane

Notes

  • This release ships the work merged in PR #405.
  • Publish order for the new surface was uselesskey-entropy, then uselesskey-cli, then uselesskey.
Loading

v0.5.1

28 Mar 10:00
@github-actions github-actions
v0.5.1
449adfa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.1

What's Changed

🛠️ Maintenance

  • chore(deps): bump toml from 1.0.7+spec-1.1.0 to 1.1.0+spec-1.1.0 by @dependabot[bot] in #310
  • chore(deps): bump insta from 1.46.3 to 1.47.0 by @dependabot[bot] in #313
  • chore(deps): bump sha2 from 0.11.0-rc.5 to 0.11.0 by @dependabot[bot] in #312

Other Changes

Full Changelog: v0.5.0...v0.5.1

Contributors

EffortlessSteven and dependabot
Loading

v0.5.0

27 Mar 05:54
@github-actions github-actions
v0.5.0
f326c43
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.0

What's Changed

🛠️ Maintenance

  • chore(deps): bump aws-lc-rs from 1.16.1 to 1.16.2 by @dependabot[bot] in #286

Other Changes

Full Changelog: v0.4.1...v0.5.0

Contributors

EffortlessSteven and dependabot
Loading

v0.4.1

19 Mar 03:55
@github-actions github-actions
v0.4.1
08475b3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.4.1

What's Changed

Full Changelog: v0.4.0...v0.4.1

Contributors

EffortlessSteven and dependabot
Loading

v0.4.0

13 Mar 07:31
@github-actions github-actions
v0.4.0
c5eab06
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.4.0

What's Changed

Full Changelog: v0.3.0...v0.4.0

Contributors

EffortlessSteven
Loading