From e7dc48c476aabb2b07480057c3a64fea42265287 Mon Sep 17 00:00:00 2001
From: Ralf Anton Beier <ralf_beier@me.com>
Date: Tue, 19 May 2026 06:25:11 +0200
Subject: [PATCH] release(v0.10.1): adversarial-review action items +
 user-reported fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Workspace version 0.10.0 → 0.10.1. Patch-shaped: every change is
additive (new fields/subcommands/heuristics; no breaking schema/CLI).

Highlights (full notes in CHANGELOG.md):
- Added: rivet audit (#297), rivet check ai-defects-open (#295), dpia
  artifact type (#295), variant-aware validate (#298), JUnit importer
  marker join (#302).
- Fixed: JUnit import overwrite + dropped linkage (#302, user-reported);
  salsa build_store not memoized (#295); dossier scope overstated
  (#295).
- Changed: sigstore keyless signing of SHA256SUMS (#296),
  build-test-evidence non-blocking (#294), cargo-mutants --jobs 4→2
  (#301).

Also bumps vscode-rivet/package.json to 0.10.1 and allowlists "0.10.0"
in rivet.yaml docs-check (historical references in dossier §0 and
schemas/common.yaml).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 CHANGELOG.md              | 105 ++++++++++++++++++++++++++++++++++++++
 Cargo.lock                |   6 +--
 Cargo.toml                |   2 +-
 rivet.yaml                |   4 ++
 vscode-rivet/package.json |   2 +-
 5 files changed, 114 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c9ccdb..333290d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,111 @@
 
 ## [Unreleased]
 
+## [0.10.1] — 2026-05-19
+
+Theme: **adversarial-review action items + user-reported regressions**.
+Six PRs landed in three days, each citing a specific finding from the
+v0.10.0 adversarial-review batch (DPO / Auditor / Formal-Skeptiker /
+Supply-Chain-Pentester / PM / Mobile-Scale lenses) or a direct user bug
+report. Patch-shaped because every change is additive: no breaking
+schema or CLI changes, only new fields/subcommands/heuristics.
+
+### Added
+
+- **`rivet audit`** subcommand (#297, partially closes #127). Read-only
+  AI-session/commit traceability gate. Two checks: (a) every AI-authored
+  commit (detected via `Co-Authored-By: ...noreply@anthropic.com` or
+  `Generated-With:`/`Created-By: ai|ai-assisted` trailers) must have an
+  `ai-session` artifact whose `commit-sha` matches; (b) every
+  `ai-session.commit-sha` must point at a commit that exists and is
+  reachable from HEAD. Composes with `rivet check ai-defects-open`
+  (#295) — together they are the two operational TD1 loops the dossier
+  §3 layer 5 names.
+
+- **`rivet check ai-defects-open`** oracle (#295, TCL workstream B).
+  Blocks release if any `ai-found-defect` with `triage-status: open`
+  links to a `released`/`approved` artifact, OR if `triaged-by` equals
+  the originating session's `invoker` (DPO segregation-of-duties).
+  Ships the gate the dossier §3 had previously *claimed* without
+  implementing.
+
+- **`dpia` artifact type** in `schemas/common.yaml` (#295). DSGVO Art. 35
+  Data Protection Impact Assessment record. Fields: `dpo-sign-off`,
+  `personal-data-categories`, `risk-assessment`, `mitigation-measures`,
+  `consultation-date`. Companion fields on `ai-session`: `lawful-basis`,
+  `retention-period`, `erasure-mechanism`. Schema only — validate-time
+  enforcement of the link from `invoker`-bearing sessions is deferred.
+
+- **Variant-aware validate** (#298, Phase 2 of #287). The
+  `fields_for_variant` resolver shipped in v0.10.0 now flows through
+  validate's required-fields, allowed-values, and conditional-rule
+  checks. New public APIs:
+  `validate_with_variant`, `validate_with_externals_and_variant`,
+  `validate_structural_with_variant`,
+  `validate_structural_with_externals_and_variant`. CLI's
+  `--variant <name>` flag finally has teeth.
+
+- **JUnit importer marker join** (#302). New
+  `parse_junit_xml_with_markers(xml, markers)` adds a 5th heuristic to
+  `artifact_id_for`: when the existing fallback fires (cargo-nextest
+  output without bracketed `[REQ-NNN]`), look up a marker whose
+  `test_name` matches the case name. CLI's
+  `rivet import-results --format junit` scans the project's
+  `src/`+`tests/` for `// rivet: verifies REQ-NNN` markers and threads
+  them in. Restores the test → artifact link that was silently dropped.
+
+### Fixed
+
+- **JUnit import overwrote previous runs** (#302, user-reported).
+  `suite_to_run` derived `run_id` purely from the testsuite name, so
+  a second CI run with the same name wiped the first. Now appends
+  either the slugified `<testsuite timestamp>` (most CI emits it) or a
+  16-hex `DefaultHasher` content digest. Idempotent on re-import of the
+  same artefact, distinct on a new CI run.
+
+- **Salsa `build_store` was not memoized** (#295, Mobile/Scale lens
+  finding). Marked `#[salsa::tracked]` plus `#[salsa::tracked]` on
+  `build_store_with_extras`. Required adding `PartialEq` to `Store`.
+  Previously every revision rebuilt the whole HashMap (cloning every
+  artifact) — the "incremental validator" was doing an O(N) rebuild on
+  every keystroke. Now cache-hits on identical inputs.
+
+- **Dossier scope statement overstated v0.10.0** (#295, Auditor +
+  Formal-Skeptiker lens). `docs/design/tool-qualification-dossier.md`
+  gained §0 "Honest scope statement" enumerating what is NOT yet
+  defensible: no independent confirmation reviewer; unverified
+  DO-330/IEC 62304/EN 50128 cross-walks; unproven five-layer
+  independence; 29-mutant testing baseline; one `Admitted` Rocq theorem
+  (`vmodel_chain_two_steps`); one `assume`'d Verus obligation
+  (`backlink_symmetric`); unsigned SHA256SUMS; no DPIA enforcement.
+  Strips the "Kani 2000+ proofs" claim (real number: 27 harnesses).
+  Companion typed claim `TQ-CONF-RIVET.fields.scope` updated to match.
+
+### Changed
+
+- **Release `SHA256SUMS` now signed via sigstore keyless OIDC** (#296,
+  Supply-Chain-Pentester lens). New artifacts on the release page:
+  `SHA256SUMS.txt.cosign.bundle`, `SHA256SUMS.txt.sig`,
+  `SHA256SUMS.txt.pem`. Trust anchor binds to the GitHub-Actions
+  workflow identity (issuer
+  `https://token.actions.githubusercontent.com`, subject
+  `.github/workflows/release.yml@refs/tags/vX.Y.Z`). Verification is
+  documented in new `RELEASING.md`. No long-lived signing key to rotate.
+
+- **`build-test-evidence` non-blocking again** (#294). The release
+  workflow's `build-test-evidence` job pulls in the spar wasm32-wasip2
+  build, which transitively requires the highs-sys C++ solver and a
+  flaky WASI cross-compile. Made `continue-on-error: true` and dropped
+  from `create-release.needs`. Future tag pushes survive without
+  manual republishing. Root-cause investigation tracked in #293.
+
+- **`cargo-mutants --jobs 4 → --jobs 2`** (#301). lean-mem runners
+  were hitting their 32G cgroup ceiling under 4-way parallel mutation
+  testing (~8G/worker triggering swap-death-spiral). 2-way gives
+  ~16G/worker with comfortable headroom. Each shard takes ~2× as long
+  (was 12-20 min, now 20-40 min) but the lean-mem pool stops needing
+  emergency cgroup-ceiling bumps.
+
 ## [0.10.0] — 2026-05-16
 
 Theme: **audit-grade story**. Three orthogonal features that together
diff --git a/Cargo.lock b/Cargo.lock
index ca54ee8..53187a2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -973,7 +973,7 @@ dependencies = [
 
 [[package]]
 name = "etch"
-version = "0.10.0"
+version = "0.10.1"
 dependencies = [
  "petgraph 0.7.1",
 ]
@@ -2709,7 +2709,7 @@ dependencies = [
 
 [[package]]
 name = "rivet-cli"
-version = "0.10.0"
+version = "0.10.1"
 dependencies = [
  "anyhow",
  "axum",
@@ -2737,7 +2737,7 @@ dependencies = [
 
 [[package]]
 name = "rivet-core"
-version = "0.10.0"
+version = "0.10.1"
 dependencies = [
  "anyhow",
  "criterion",
diff --git a/Cargo.toml b/Cargo.toml
index 7ba57eb..820ad06 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.10.0"
+version = "0.10.1"
 authors = ["PulseEngine <https://github.com/pulseengine>"]
 edition = "2024"
 license = "Apache-2.0"
diff --git a/rivet.yaml b/rivet.yaml
index 7fe702d..1845457 100644
--- a/rivet.yaml
+++ b/rivet.yaml
@@ -51,6 +51,10 @@ docs-check:
     # rmcp crate version referenced in `rivet docs docs-check` (the
     # invariant explainer) — not rivet's own version.
     - "1.3.0"
+    # Historical references to v0.10.0 (the prior release) in the
+    # tool-qualification dossier §0 and schemas/common.yaml — "fix
+    # landed in v0.10.0" prose, not a current-version claim.
+    - "0.10.0"
 
 results: results
 
diff --git a/vscode-rivet/package.json b/vscode-rivet/package.json
index c1f811f..6a397eb 100644
--- a/vscode-rivet/package.json
+++ b/vscode-rivet/package.json
@@ -3,7 +3,7 @@
   "displayName": "Rivet SDLC",
   "description": "SDLC artifact traceability with live validation, hover info, and embedded dashboard",
   "publisher": "pulseengine",
-  "version": "0.10.0",
+  "version": "0.10.1",
   "license": "MIT",
   "repository": {
     "type": "git",