Release v0.9.0 — Alpha Gate, Worker Runtime, Env Sanitization · Haserjian/agentmesh

v0.9.0 — Alpha Gate, Worker Runtime, Env Sanitization

This release ships the Alpha Gate hardening lane and worker-runtime orchestration improvements that landed after v0.8.0.

Alpha gate preflight and reporting
- Alpha gate run harness and report flow
- Gate checks for receipt integrity, watchdog handling, witness verification path, and orphan/finalization safety
Worker runtime + orchestration
- spawner lifecycle (spawn/check/harvest/abort) with DB-backed persistence and CAS finalization semantics
- worker_adapters protocol with backend registry and structured output normalization
- watchdog-driven spawn lifecycle handling (auto-harvest/timeout abort paths)
Env sanitization and trust boundary hardening
- child runtime env sanitization via build_child_env
- adapter policy controls (allowlist model) and CI-safe adapter env autoload behavior
Public/private release safety
- public/private classifier, release-check guardrails, and alpha-gate report sanitization path
Orchestrator controls
- freeze / abort-all / lock-merges control plane primitives
CI + supply chain hardening
- DCO enforcement workflow
- public-private-guard checks
- release-check-preview CI lane
- SLSA build provenance attestation
Documentation additions
- alpha gate runbook
- public/private boundary guidance
- decision matrix and templates

pipx upgrade agentmesh-core
# or
pip install -U agentmesh-core