Skip to content

v0.1.215

Choose a tag to compare

View all tags
@github-actions github-actions released this 01 Jun 16:03
· 15 commits to main since this release
v0.1.215
This tag was signed with the committer’s verified signature.
lhassa8
SSH Key Fingerprint: WmM2DTKXbVq8E+hq1kYumoFw7q9To8gUeMsSg8k2SJU
Verified
Learn about vigilant mode.
4c92321
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new in v0.1.215

[0.1.215] — 2026-06-01

Critical: cap python-hcl2 <6 — fresh installs were scanning ~1 evidence record instead of ~20.

The python-hcl2>=4.3,<9 constraint let a fresh pip / uv / pipx install resolve python-hcl2 8.1.2, whose changed parser-output shape silently broke every detector's resource matching: efterlev scan / quickstart / studio --live reported ~1 detector firing instead of ~17 on the same IaC, making the headline demo look empty. CI never caught it because it runs against the pinned uv.lock (5.1.1); only a real fresh install resolved the newer line. Surfaced by a maintainer's fresh-Mac test the day before launch.

Fixed

  • pyproject.tomlpython-hcl2>=4.3,<9>=4.3,<6 (the tested/locked 5.x line). A fresh install now scans the full ~20 evidence records again. uv.lock unchanged (already 5.1.1).

Added

  • tests/test_dependency_pins.py — source-level pin asserting the python-hcl2 cap stays <6, so the constraint can't be silently widened without re-validating a fresh-deps scan.

Internal

  • Test count: 2402 → 2403 (+1). Detector count unchanged at 66.

Cross-references

  • DECISIONS 2026-06-01 "Cap python-hcl2 <6; CI must test a fresh (unpinned) install".

Efterlev v0.1.215 — post-release triage

Deterministic, zero-LLM validation of the published wheel + container.
Generated by scripts/triage.sh on every tag push (see
.github/workflows/post-release-triage.yml).

Summary

Check Status Detail
T1 install ✅ PASS wheel installed; efterlev --version → 0.1.215
T2 doctor shape ✅ PASS all 7 checks present (python_version, install_uniqueness, efterlev_dir, frmr_cache, anthropic_api_key, bedrock_credentials, boundary_declared)
T3 detector count ✅ PASS registry reports 66 detectors
T4 verify-release.sh ✅ PASS 4/4 checks passed (PyPI PEP 740 + cosign + SLSA v1)
T5 container manifest ✅ PASS multi-arch image present: linux/amd64 linux/arm64
T6 check-docs ✅ PASS no doc-vs-code drift detected
T7 release-smoke ✅ PASS matrix green across all cells (run #26766442119)

Result: 7 passed, 0 failed.

Methodology

This triage runs the same shape that surfaced F1–H1 across the v0.1.12–v0.1.15
arc: install the published wheel from PyPI in a fresh venv, run sanity checks,
invoke verify-release.sh against PyPI + ghcr, inspect container manifest

  • supply-chain artifacts, run check-docs.py against tagged source. Every
    check is deterministic — no LLM call, no per-release cost beyond CI minutes.

Release v0.1.215 ships clean.

Assets 4
Loading