Skip to content

v0.2.1 — pre-JOSS-submission hardening

Latest

Choose a tag to compare

@maurinl26 maurinl26 released this 24 Jun 11:59

Security defaults

  • run_shell MCP exposure is now opt-in via FORTRANSPIRE_ENABLE_SHELL=1. Closes the unauthenticated shell-execution path through ask_agent.
  • MCP file/directory arguments are jailed to the workspace root via a new _jail() helper. Auto-off in stdio mode (IDE trust boundary), enforced by default in HTTP/SSE.

CI

  • New .github/workflows/tests.yml: pytest on every push and PR (Python 3.11/3.12 matrix), gfortran -fopenacc equivalence harness on push and manual dispatch.
  • Tests badge added to README.

Repo cleanup

  • Paper artefacts moved to paper/ (paper.md, paper.bib).
  • Container artefacts moved to containers/ (Dockerfile, Dockerfile.hpc, apptainer.def, docker-compose.yml).
  • Two stray root markdowns relocated under docs/concepts/ and docs/integrations/.
  • Dead code removed: fortranspire/main.py, fortranspire/brain/, broken Dockerfile.ci and Apptainer.analyze.

Paper

  • 2289 → 1103 body words (-52%). Eight-stage table + LLM-intervention rationale + agent-loop motivation moved to docs/concepts/architecture.md.
  • Five orphan bib entries dropped; zero broken citations.
  • "Sovereign" now backed in docs/concepts/llm-endpoints.md by GDPR (EU 2016/679), AI Act (EU 2024/1689), and NIS2 Directive (EU 2022/2555).

Install path fixes

  • README and docs/getting-started/with-mistral-vibe.md: uv tool install fortranspireuv tool install 'fortranspire[mcp]'. The [mcp] extra is required for the stdio handshake.
  • Hardcoded /opt/homebrew removed (breaks Intel Macs).
  • .env edit reminder after cp .env.example .env.

Install

```bash
uv tool install 'fortranspire[mcp]'
```

Full changelog: docs/changelog.md.