Releases: kevinqz/coreai-catalog
Release list
v2.2.3 — Trusted Publishing via OIDC
Trusted Publishing migration
PyPI now uses OIDC Trusted Publishing — no more long-lived API tokens.
Changed
publish.ymlmigrated fromtwine+PYPI_API_TOKENtopypa/gh-action-pypi-publish@release/v1.- Releases are authenticated by the GitHub-PyPI OIDC trust chain.
twineremoved from build dependencies.
v2.2.2 — llms sync + site MCP copy fix + count-guard hardening
LLM-context sync + packaging polish
Closes agent-facing surface drift flagged in 3-axis red-team audit.
Fixed
llms.txtwas stale: version2.1.0→2.2.2, artifact count80→82,bundle_kind on all 80→82, last_verified updated to2026-07-04.llms-full.txtwas stale: version2.1.0, model count80, artifact count80,bundle_kind on all 80— all corrected to82/2.2.2.site/index.htmlMCP section said12 tools— corrected to16.
Changed
check_counts.pynow validatesllms.txtartifact count, version, andbundle_kindcount. Also validatesllms-full.txtmodel/artifact/benchmark counts and version for the first time. Both files are now under the version contract.publish.ymlnow runscheck_counts.pyin the pre-publish validation gate.agent.jsonreformatted with consistentindent=2(187 → 255 lines).
Added
qwen3-enhancer(Huihui Qwen3-4B Abliterated v2, 4-bit dynamic, Apache-2.0) — firstsource_group: externalmodel.ornith-1-0-9bP1 schema fields (bundle_kind,min_os,upstream_repo).- Source Monitor fix:
source_monitor.pyexit-code-1 was killing the GitHub Actions step viabash -e— silenced with|| true. Monitor was silently failing for 2+ days (10 consecutive failures, zero Issues created). - Source Monitor filtering: LiteRT repos now skipped (catalog scope is
.aimodelonly). Fuzzy match eliminates false positives (YOLOX-CoreAI vsyolox-s, etc.).
Deferred
- PyPI Trusted Publishing: requires manual PyPI configuration. Workflow already has
id-token: write+environment: pypi. TODO documented inpublish.yml.
Stats
- 82 models, 82 artifacts, 68 upstreams, 65 benchmarks, 42 terms, 16 MCP tools
- 559 tests passed, 0 failures
- count-sync OK across all surfaces
v2.2.1 — version-contract guard + MCP-docs sync
A version-contract and docs-sync patch (no new features), closing public-surface drift.
Fixed
- README MCP section said "12 tools" while the server, site, and
agent.jsonsaid 16 — corrected to 16, with the tool table now listing all 16 grouped into read-only query tools, write/contribution tools (validate_entry,draft_model,submit_model), and the integration tool (get_integration_snippet).transforms→ the real tool idquery_transforms. scripts/generate_templates.pyno longer crashes on a schema example value containing': '(e.g.CoreAILanguageModel(resourcesAt: url)).
Added
scripts/check_counts.py(CI guard) now also enforces the version contract —pyproject.toml,catalog.yaml,agent.json,openapi.yaml, and the README version must all match — plus the README MCP-tool count. This is the exact drift class caught in review.- Site: a "Plan a transform pipeline" skill card surfaces
query_transforms/coreai-catalog transforms, previously invisible on the site.
All six version surfaces at 2.2.1. Note: PyPI still publishes via API token; migrating to Trusted Publishing needs a pypi.org trusted-publisher config first.
v2.2.0 — Agent Experience release + coreai-fabric ecosystem
The Agent Experience (AX) release: everything a human can do, an agent can now do end to end — discover, contribute, convert, benchmark. First release carrying the full P0/P1 AX work + the catalog↔fabric boundary integration (SemVer minor: MCP tools 12→16, new CLI commands, the fabric ecosystem).
Contribution is now agent-writable
coreai-catalog contribute model|benchmarkand MCP write toolsdraft_model/submit_model/validate_entry/get_integration_snippet(16 tools total). Model-request issue form → draft-PR workflow.GOVERNANCE.mdwith checkable merge rules;discoverfor porting candidates.
Trust & typed integration
- Content-addressing: pinned HF
revision+ per-filesha256; a verifying installer that fails on mismatch. - Typed
io_contract, authoredbundle_kind+min_oson every model; four compile-checked SwiftPM examples. - Sigstore keyless benchmark lane with physics-plausibility gates + tier-aware auto-merge; single
benchmarks.jsonlstore; a license↔upstream laundering guard.
coreai-fabric ecosystem
- New coreai-fabric conversion pipeline as a first-party, non-dependent upstream (
source_group: fabric). A cross-contract CI job proves fabric'sregisteroutput stays valid against the catalog's live schemas. The zoo is repositioned as an indexed reference upstream.
Fixed
- Count-sync across all public surfaces with a CI guard — ends the 79/80/81 and 12/16 drift. Two Gemma-derivative entries corrected to
check_license. CI now runs the full test suite.
Full detail in CHANGELOG.md.
v2.1.0 — Transform Graph Engine + Provenance Pipeline
Major Features
Transform Graph Engine
- New
transformsCLI command: plan multi-hop modality transformation pipelines - 55 reachable pipelines computed across 79 models (audio→text→image→3D, etc.)
- New
query_transformsMCP tool (#12) - Python API:
Catalog.transforms(),transform_pipeline(),reachable_outputs() - New dist exports:
transforms-graph.json,model-manifest.json
Provenance Pipeline (Phases 1-3)
- Phase 1: Benchmarks migrated to append-only JSONL with per-entry provenance
- Phase 2: Ed25519 signed benchmark intake via GitHub Actions (4 validation gates)
- Phase 3: Auto-merge (8 gates), DeviceCheck JWT verification, aggregate with k=3 privacy suppression
- Anchor cohort documentation, privacy policy (GDPR/LGPD/CCPA aware)
- Intelligent Source Monitor: auto-detects new models upstream every 3 hours
Code Quality
- 4 critical bugs fixed (sort inconsistency, JSONL corruption fallback, confidence validation, schema gaps)
- 7 architecture refactors (SCORING_WEIGHTS, O(1) model lookup, cached graph, mtime auto-reload, formatters module)
- CI: dynamic tool count check, PyPI Trusted Publishing, PR template, SECURITY.md, LICENSE file
Stats
- 79 models, 66 benchmarks, 12 MCP tools, 15 CLI commands
- 132 tests (+44 from v2.0.5)
- 6 red-team reviews (privacy, gaming, scalability, human UX, agent UX, parity)
v2.0.5 — MCP install + CI smoke test
v2.0.5 — MCP install via PyPI entry point + CI PyPI smoke test
Fixed
- All MCP config in public docs now uses
coreai-catalog-mcpbinary
(README, agent.json, llms.txt, llms-full.txt) — works after pip install,
no clone needed - CI: new PyPI smoke test step on tag pushes (installs published package,
verifies 79 models, recommend, Python API) - Publish workflow: added environment for PyPI dashboard integration
Verified
- 88/88 tests pass
- Zero
mcp_server/server.pyin user-facing docs - PyPI = GitHub = catalog.yaml = agent.json = openapi.yaml = README = 2.0.5
v2.0.4 — Public surface consistency
v2.0.4 — Public surface consistency
All public-facing install instructions now use PyPI package names.
Fixed
pip install -e .→pip install coreai-catalog(README, site, docs)pip install -e ".[mcp]"→pip install "coreai-catalog[mcp]"(README, site, docs)- README Status section: links to PyPI, live site, CI
- Version contract declared: PyPI = GitHub = catalog.yaml = agent.json = openapi.yaml = README
Verified
- PyPI: 2.0.3 (2.0.4 propagating)
- GitHub: v2.0.4
- 88/88 tests pass
- Zero
pip install -e .in user-facing docs
v2.0.3 — Release hygiene
v2.0.3 — Release hygiene + docs consistency
No feature changes. Pure polish.
Fixed
- CI version assertion: dynamic read from catalog.yaml (was hardcoded)
- CHANGELOG: added missing v2.0.1, v2.0.2 entries
- llms.txt: pip install -e . → pip install coreai-catalog
- openapi.yaml: same fix
- Roadmap: removed stale 'Publish to PyPI' (done since v2.0.2)
- Site: enriched SEO meta + noscript fallback for crawlers
Verified
- Smoke test from clean venv:
pip install coreai-catalog→ 79 models, recommend works, Python API works - 88/88 tests pass
- Validate: 0 issues
- PyPI: https://pypi.org/project/coreai-catalog/
v2.0.2 — PyPI published
Core AI Catalog v2.0.2
Now available on PyPI: pip install coreai-catalog
What's new since v2.0.0
- PyPI package published (wheel + sdist)
- Auto-publish workflow on tag push via GitHub Actions
- Install instructions reverted to
pip install coreai-catalogacross all docs - PyPI badge added to README
Install
pip install coreai-catalog
coreai-catalog recommend --task "private OCR on iPhone" --license likely
``
### Stats
79 models · 88 tests · 89 tasks · 11 MCP tools · Web UI livev2.0.0 — Web UI + decision infrastructure platform
Core AI Catalog v2.0.0
🌐 Live site: kevinqz.github.io/coreai-catalog
What's new
Web UI (GitHub Pages):
- Model explorer with filters (capability, device, license, source, sort)
- Full-text search across 79 models
- Model detail cards: metadata, benchmarks, install commands, artifact URLs
- Task browser: 89 keywords across 25 capabilities
- About page with quick start, Python API, MCP integration
- 26KB total, zero dependencies, dark theme, mobile-responsive
Major version bump (1.x → 2.0):
The project has matured from a catalog into decision infrastructure:
web UI + Python API + MCP server + CLI + JSON exports + structured docs.
Complete platform
| Interface | Status |
|---|---|
| CLI (14 commands, --json) | ✅ |
| MCP server (11 tools) | ✅ |
Python API (from coreai_catalog import Catalog) |
✅ |
| JSON exports (raw GitHub URLs) | ✅ |
| Web UI (GitHub Pages) | ✅ |
| llms.txt + agent.json + openapi.yaml | ✅ |
Stats
79 models · 88 tests · 89 tasks · 32 task pages · 5 concept docs · 3 Swift examples