AIIR v1.4.0
Install
pip install aiir==1.4.0GitHub Action — uses: invariant-systems-ai/aiir@v1
Docker — docker run ghcr.io/invariant-systems-ai/aiir:1.4.0
GitLab CI/CD — Catalog component
What's Changed
🧩 Other Changes
- fix: recover release verification path by @InvariantSystems in #89
- fix: harden release container base by @InvariantSystems in #90
- fix: allow docker recovery from patched ref by @InvariantSystems in #91
- chore: prep VS Code extension 0.4.0 release by @InvariantSystems in #92
- ci: harden sidecar publish secret handling by @InvariantSystems in #93
- docs: add ecosystem adapters and align in-toto predicate URIs by @InvariantSystems in #94
- fix(ci): repair action-health smoke test by @InvariantSystems in #96
- feat: validate signed bundles and ship VS Code 0.4.1 hotfix by @InvariantSystems in #97
- docs: fix version drift and harden action sigstore install by @InvariantSystems in #98
- chore(sync): merge GitLab main history into GitHub main by @InvariantSystems in #99
- fix: repair dogfood rekor import path by @InvariantSystems in #102
- chore(deps): bump the actions-minor group with 2 updates by @dependabot[bot] in #103
- chore(deps): bump actions/attest-build-provenance from 2.3.0 to 4.1.0 by @dependabot[bot] in #104
- chore(deps): bump DavidAnson/markdownlint-cli2-action from 22.0.0 to 23.0.0 by @dependabot[bot] in #105
- chore(deps): bump actions/setup-node from 4.3.0 to 6.3.0 by @dependabot[bot] in #107
- chore(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in #106
- feat: automate pulse suggestion PR scaffolding by @InvariantSystems in #109
- feat: add offline transparency verification by @InvariantSystems in #110
- chore(deps): bump github/codeql-action from 3.28.19 to 4.35.1 by @dependabot[bot] in #112
- chore(deps): bump docker/build-push-action from 6.9.0 to 7.1.0 by @dependabot[bot] in #113
- chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in #114
- chore(deps): bump actions/attest-build-provenance from 2.3.0 to 4.1.0 by @dependabot[bot] in #115
- Address adversarial review + add AIIR agent-receipt profile (aiir/agent_receipt.v0.1) draft by @InvariantSystems in #120
- chore(deps): bump the actions-minor group across 1 directory with 4 updates by @dependabot[bot] in #117
- release: v1.4.0 by @InvariantSystems in #121
Full Changelog: v1.3.0...v1.4.0
Provenance & Verification
| Artifact | SHA-256 | Rekor log index | Provenance |
|---|---|---|---|
| aiir-1.4.0-py3-none-any.whl | sha256:6174610c9cce95a873978248493605b9bb80791160bc21fafca68f1f77cefd69 |
1390247632 |
PyPI attestation · GitHub bundle |
| aiir-1.4.0.tar.gz | sha256:36aa8cd0fe23da8603192ce92a07ad6ccea5cf1be36945074d5a89a4eaae868e |
1390247692 |
PyPI attestation · GitHub bundle |
| aiir-sbom.cdx.json | sha256:fe180d9ddbcfdec0ceb8e4417337f18eb3ac7709779db35591f5a1f352e3e0a2 |
- | GitHub release asset |
# Verify the published release evidence for aiir==1.4.0
python scripts/verify-release-evidence.py 1.4.0Contributors
dependabot and InvariantSystems