v0.1.0

Summary

Hardening release for AI Incident Law source URL validation and generated artifact consistency.

Changes

• Hardened URL-field parsing for source data so validation rejects malformed URL text instead of extracting only URL-looking substrings.
• Added a shared maintainer URL policy for build and validation, including single-URL enforcement for public_record_link and semicolon-list enforcement for secondary source fields.
• Added URL-policy regression coverage for normalization, bypass attempts, malformed schemes, credentials, encoded and raw control characters, and representative existing corpus URLs.
• Added a no-dependency URL-policy pipeline eval that runs malformed-source fixtures through the real build and validation scripts in temporary directories.

Verification

• npm run build: passed
• npm run check: passed
• npm run validate:of: passed, 67 records checked
• git diff --check: passed
• Original appended-payload and second-primary-URL PoCs now fail in both validate:data and build:data.
• Encoded-control URL case is now blocked and covered by evals.

Residuals

• No live-service stress tests were run.
• GitHub automatic source archives are used for release assets; no separate bundle convention exists yet.
• Untracked .agents/ and .claude/ directories were intentionally excluded from this release.