Release v0.12.0 — governance tightening · flyersworder/agentic-data-contracts

Highlights

Security fix: RequiredFilterChecker now rejects tautological predicates. Previously WHERE tenant_id = tenant_id satisfied a blocking required_filter rule — a real bypass of the governance contract. Covers =, !=, <, <=, >, >=, LIKE, ILIKE, IS, IN, BETWEEN self-reference variants.
Governance staleness detection: optional last_reviewed: date | None field on Domain and MetricImpact, plus find_stale_reviews() and DataContract.find_stale() to flag artefacts whose review is missing or older than a threshold.
Two new example apps showcasing orthogonal governance archetypes:
- examples/growth_agent/ — experimentation / leading indicators / A/B-verified impacts
- examples/ops_agent/ — SRE reliability / PII-sensitive / real-time dashboards

Review queries using self-referential predicates like col = col — these are now rejected by blocking required_filter rules.
Adopting last_reviewed is optional. If you add it to some entries, note that missing timestamps are reported as stale by default; filter with f.age_days is not None to grandfather in existing artefacts during rollout.

See CHANGELOG.md for the full release notes.