Skip to content

v1.0.3

Choose a tag to compare

View all tags
@InvariantSystems InvariantSystems released this 08 Mar 12:56
· 306 commits to main since this release
v1.0.3
d14db69

Module split + review response

cli.py (2,459 lines) decomposed into 8 focused submodules:

  • _core.py — constants, encoding, git ops, hashing, data classes
  • _detect.py — AI signal detection and commit info extraction
  • _receipt.py — receipt building, generation, formatting, writing
  • _ledger.py — append-only JSONL ledger with auto-index
  • _stats.py — badge, stats dashboard, policy checks
  • _github.py — GitHub Actions integration (outputs, step summary)
  • _verify.py — receipt content-addressed integrity verification
  • _sign.py — Sigstore signing and verification (optional dep)

cli.py remains as thin re-export shell — all public API imports are backward-compatible. All 564 tests pass (512 unit + 52 fuzz).

Also addresses hostile review findings

  • "tamper-proof" → "tamper-evident" across docs and website
  • EU AI Act language softened to "supports compliance evidence"
  • Signal categories split (declared AI vs. automation/bot)
  • Signed CI as default README example
  • Artifact upload claim corrected
  • THREAT_MODEL version/date synced
Assets 2
Loading