chore(release): bump to v0.11.0

[avrabe]

Summary

Workspace bump 0.10.0 → 0.11.0 across all 22 spar crates (via
[workspace.package].version) plus the VS Code extension's
package.json — the two version surfaces the release workflow's
check-versions job compares against the tag.

What v0.11.0 ships, since v0.10.0

Trace-topology reconciliation engine (incremental rollout)

• #239 — IdentityUnknown check (PR 3a; component-borne MAC + chassis-id)
• #241 — GptpOutOfBudget check (PR 3b; single-budget case)

Trace-topology fixture pipeline

• #233 — Rust gen-fixtures tool (netns + TSN, RAII teardown)
• #234 — NixOS guest + QEMU harness for fixture generation
• #238 — corrected nixos/nix container digest (fd7a5c67…, multi-arch index)
• #240 — podman runner label so workflows schedule on the only rootless-podman-capable runner in the fleet (runner9)

Codegen

• #232 — --format wit emits only WIT (strict-filter; no Rust/Bazel workspace leakage)
• #242 — per-category file-count summary + hint when WIT was requested but the model has no process subcomponents (in-flight at bump time; auto-merge armed — will land before tag)

Release flow

• #244 — standardise on the synth reference: actions/attest-build-provenance@v2 + sigstore cosign sign-blob (v2.4.1) over SHA256SUMS.txt, build-env.txt. The v0.11.0 release is the first one to exercise the standardised cosign + SLSA chain end-to-end.

Verification after release lands

cosign verify-blob \
  --certificate-identity-regexp \
    'https://github.com/pulseengine/spar/.github/workflows/release.yml@.*' \
  --certificate-oidc-issuer \
    'https://token.actions.githubusercontent.com' \
  --bundle SHA256SUMS.txt.cosign.bundle SHA256SUMS.txt

gh attestation verify spar-v0.11.0-<triple>.tar.gz --repo pulseengine/spar

Test plan

• cargo check --workspace clean post-bump (all 22 crates moved to 0.11.0 in Cargo.lock)
• vscode-spar/package.json version matches workspace
• release.yml check-versions job will validate tag == Cargo.toml == package.json when tagged
• On tag: cosign + SLSA chain exercised end-to-end against the standardised flow (this release is its smoke test)

🤖 Generated with Claude Code

[github-actions]

Rivet verification gate

✅ 20/20 passed

	count
Passed	20
Failed	0
Skipped (no steps)	0

Filter: (and (= type "feature") (or (has-tag "v093") (has-tag "v0100")))

Failed artifacts

(none)

_{Updated automatically by tools/post_verification_comment.py. Source of truth: artifacts/verification.yaml.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!