v0.1.0

Themis v0.1.0

Built 2026-06-03T07:10:41Z from 98026fa on go1.26.x.
Verify: see docs/ops/deployment.md.

Changelog

• c90ae63: build(docker): bump golang base 1.26.1-alpine3.20 → 1.26.4-alpine3.22 (Thando Mini thando.mini@sanlam.co.za)
• 98026fa: build(docker): split Dockerfile.release for goreleaser (Phase 8 retry) (Thando Mini thando.mini@sanlam.co.za)
• c209bd0: build: distroless Dockerfile + smoke script (Phase 3) (Thando Mini thando.mini@sanlam.co.za)
• d006cc4: chore(go): bump toolchain 1.26.1 → 1.26.3 (clear 8 stdlib vulns) (Thando Mini thando.mini@sanlam.co.za)
• 5a4b062: chore(go): bump toolchain 1.26.3 → 1.26.4 (clear remaining stdlib vulns) (Thando Mini thando.mini@sanlam.co.za)
• 51f155d: chore(go): use toolchain directive for go1.26.4 (setup-go manifest lag) (Thando Mini thando.mini@sanlam.co.za)
• 56d9abc: chore(security): document prompt-injection defenses (#1) (Thando Mini thando.mini@sanlam.co.za)
• 7f22b9e: ci(github-actions): bump golangci-lint v2.1.0→v2.12.2 (built with go1.26) (Thando Mini thando.mini@sanlam.co.za)
• f2f542e: ci(github-actions): bump golangci-lint-action v6→v7 (required for v2 binary) (Thando Mini thando.mini@sanlam.co.za)
• 2116ee6: ci(github-actions): pin golangci-lint v2 + go.mod-driven Go version + vulncheck advisory (Thando Mini thando.mini@sanlam.co.za)
• b77819b: ci(plan-11): rebase global 88→87, api 85→83 to absorb Plan-11 handler err-wrap branches (Thando Mini thando.mini@sanlam.co.za)
• d52e673: ci(plan-12): silence errcheck on Fprintf/Fprintln in tokens_cmd (Thando Mini thando.mini@sanlam.co.za)
• eea393b: ci(plan-13): tagged switch for manifest dispatch (staticcheck QF1002) (Thando Mini thando.mini@sanlam.co.za)
• 37b35d2: ci(plan-15-17): silence errcheck + SA4000; calibrate per-pkg thresholds for new packages (Thando Mini thando.mini@sanlam.co.za)
• 5501bfa: ci(plan-18): rename stubIdP→stubIDP (revive var-naming) (Thando Mini thando.mini@sanlam.co.za)
• c9cfadc: ci(plan-2): lint clean (revive comment style), aichange cov 100%, full make ci PASS (Thando Mini thando.mini@sanlam.co.za)
• 4313ee9: ci(plan-4): lint comment style + bom threshold @ 85% (json.Encode err wraps unreachable) (Thando Mini thando.mini@sanlam.co.za)
• 20f3edf: ci(plan-6): vulncheck-advisory + serve runtime tests + threshold rebase (global 88, api 85, bom 85) (Thando Mini thando.mini@sanlam.co.za)
• 8821927: ci(plan-8): drop unused runMCP helper; lint clean (Thando Mini thando.mini@sanlam.co.za)
• c9565b0: ci(release): goreleaser + cosign keyless + syft SBOM on v* tags (Phase 4) (Thando Mini thando.mini@sanlam.co.za)
• 67b4d71: ci: GitHub Actions workflow (vet, lint, test, coverage gate, vulncheck) (Thando Mini thando.mini@sanlam.co.za)
• cf52749: ci: add coverage threshold config + gate script (95% global) (Thando Mini thando.mini@sanlam.co.za)
• 4c18052: ci: add golangci-lint config (errcheck, gosec, staticcheck, ...) (Thando Mini thando.mini@sanlam.co.za)
• 3127259: ci: add govulncheck to local CI chain (Thando Mini thando.mini@sanlam.co.za)
• c432583: ci: migrate .golangci.yml to v2 schema + silence checked-but-irrelevant Close/Fprint errors (Thando Mini thando.mini@sanlam.co.za)
• 6728c53: ci: pin actions to SHAs + least-privilege permissions (Phase 6) (Thando Mini thando.mini@sanlam.co.za)
• 8953cc6: ci: rebase pipeline coverage target to 80 (err-wrap branches unreachable post-validation) (Thando Mini thando.mini@sanlam.co.za)
• 2843be4: docs(ops): deployment + observability + backup-restore + runbook (Phase 5) (Thando Mini thando.mini@sanlam.co.za)
• 2d4cebd: docs(spec): production-readiness pass design → v0.1.0 (Thando Mini thando.mini@sanlam.co.za)
• 1453a89: feat(actions): GitHub Action wrapper — composite action.yml + themis-check.sh shim (curl+jq+git only) (Thando Mini thando.mini@sanlam.co.za)
• e46336a: feat(aichange): AIChange + FileTouch + Validate (5 tests, 100% paths) (Thando Mini thando.mini@sanlam.co.za)
• f6b78e9: feat(api): GET /v1/tenants/{id}/events — paginated, newest-first, kind-filterable timeline (Thando Mini thando.mini@sanlam.co.za)
• 5225da2: feat(api): NewMux + handlers (health, tenant health, decisions, boms with path-traversal guard) (Thando Mini thando.mini@sanlam.co.za)
• e3a6896: feat(api): POST + GET /v1/tenants/{id}/approvals — grant/deny with auto-finalise + 10 tests (Thando Mini thando.mini@sanlam.co.za)
• ed7aec7: feat(api): POST /v1/tenants/{id}/decide — JSON body, base64 workdir files, ledger SCAN_FINDING+DECISION_ISSUED (Thando Mini thando.mini@sanlam.co.za)
• a29e05b: feat(api): POST/GET overrides + POST overrides/postmortem with validation + 9 tests (Thando Mini thando.mini@sanlam.co.za)
• 7bf1533: feat(api): embedded SPA dashboard at / — vanilla JS, single binary, audit timeline + decision detail (Thando Mini thando.mini@sanlam.co.za)
• 5b6155a: feat(api): heartbeat + anchor + incidents endpoints (9 tests covering 4 status codes each) (Thando Mini thando.mini@sanlam.co.za)
• 91d0363: feat(api): per-tenant Bearer token auth with constant-time compare (Thando Mini thando.mini@sanlam.co.za)
• 898faaa: feat(api): role-aware RequireIdentity middleware + per-endpoint role gates (6 tests across all 5 roles) (Thando Mini thando.mini@sanlam.co.za)
• 6b8354d: feat(approvals): pure Compute/CanFinalise/BuildFinalised + 12 tests covering grant/deny/finalise semantics (Thando Mini thando.mini@sanlam.co.za)
• eeff948: feat(auth): OIDCTokenStore + ChainStore — pluggable IdP behind same TokenStore interface; 12 tests (Thando Mini thando.mini@sanlam.co.za)
• 0082f27: feat(auth): Role + Identity + FileTokenStore with YAML primary + legacy api-tokens fallback (14 tests) (Thando Mini thando.mini@sanlam.co.za)
• 6ed7bfe: feat(bom): BOM + Canonical (deterministic JSON, timezone-agnostic, field-sensitive) (Thando Mini thando.mini@sanlam.co.za)
• 2e24332: feat(catalogue): CatalogueGraph value types + lookup methods (Thando Mini thando.mini@sanlam.co.za)
• 41d584c: feat(catalogue): Parse(root) loads EventCatalog markdown front-matter into CatalogueGraph (Thando Mini thando.mini@sanlam.co.za)
• 9312601: feat(classify): Classify(AIChange, CatalogueGraph) → Impact with 7 Kinds and priority order (Thando Mini thando.mini@sanlam.co.za)
• 6f49604: feat(classify): Impact + Kind + severity ordering (Thando Mini thando.mini@sanlam.co.za)
• 4d5b37a: feat(cli): 'themis ledger' doctor / verify / replay; remove stubs (Thando Mini thando.mini@sanlam.co.za)
• 5ed98f8: feat(cli): 'themis tenant init' creates tenant + emits TENANT_INITIALISED (Thando Mini thando.mini@sanlam.co.za)
• ef46e1b: feat(cli): cobra root + --version + main entrypoint + tenant/ledger stubs (Thando Mini thando.mini@sanlam.co.za)
• 4e76ac4: feat(cli): four-field --version (semver, commit, build date, go runtime) (Thando Mini thando.mini@sanlam.co.za)
• 0440e08: feat(cli): ledger verify emits LEDGER_INTEGRITY_BROKEN incident on chain break (Thando Mini thando.mini@sanlam.co.za)
• 9db4f5f: feat(cli): themis approval grant/deny/status — appends ledger event, emits DECISION_FINALISED when ripe (Thando Mini thando.mini@sanlam.co.za)
• fc1ff8a: feat(cli): themis bom build + sign — canonical JSON, ed25519 signature, BOM_BUILT/BOM_SIGNED events (Thando Mini thando.mini@sanlam.co.za)
• 5141739: feat(cli): themis catalogue sync — parses tree + emits CATALOGUE_SYNCED + writes snapshot (Thando Mini thando.mini@sanlam.co.za)
• c9a0c6e: feat(cli): themis classify — runs Classify + emits IMPACT_CLASSIFIED ledger event (Thando Mini thando.mini@sanlam.co.za)
• c640308: feat(cli): themis decide — classify+scan+decide orchestration; emits SCAN_FINDING + DECISION_ISSUED + POLICY_INVALID (Thando Mini thando.mini@sanlam.co.za)
• 69ed98a: feat(cli): themis heartbeat report — records ENFORCEMENT_MISSING from external monitoring (design spec §9.1.2) (Thando Mini thando.mini@sanlam.co.za)
• 4982141: feat(cli): themis ingest — runs adapter, writes AIChange JSON, emits INGEST_COMPLETED/FAILED (Thando Mini thando.mini@sanlam.co.za)
• 223caf8: feat(cli): themis ledger anchor — appends LEDGER_ANCHOR with tip hash; refuses on broken chain (Thando Mini thando.mini@sanlam.co.za)
• ad0a5eb: feat(cli): themis mcp — runs MCP stdio bridge against a running themis serve (Thando Mini thando.mini@sanlam.co.za)
• 11d638c: feat(cli): themis override invoke/close-postmortem/status — ledger-backed emergency flow (Thando Mini thando.mini@sanlam.co.za)
• b584815: feat(cli): themis policy lint — parses + validates YAML (Thando Mini thando.mini@sanlam.co.za)
• 7dffad0: feat(cli): themis tokens grant/list/revoke — generates thm_ tokens, writes tokens.yaml; 6 tests (Thando Mini thando.mini@sanlam.co.za)
• 85c6b25: feat(cli,api): themis serve + 12 integration tests covering auth, health, decisions, bom + path-traversal guard (Thando Mini thando.mini@sanlam.co.za)
• b7da213: feat(heartbeat): polling daemon + Checker interface + StubChecker; themis heartbeat run-once/watch; 10+1 tests (Thando Mini thando.mini@sanlam.co.za)
• 4d76bc3: feat(hooks): pre-push hook — local enforcement via themis ingest+decide; lazy tenant init (Thando Mini thando.mini@sanlam.co.za)
• bc32adb: feat(incidents,ledger): sidecar incidents.jsonl pkg + register 3 Plan-11 kinds (heartbeat, anchor, integrity-broken) (Thando Mini thando.mini@sanlam.co.za)
• a5db599: feat(ingest): Adapter interface + Inputs + Resolve/All registry (Thando Mini thando.mini@sanlam.co.za)
• 6727fcd: feat(ingest): claude_code_transcript adapter — parses session JSON; hashes raw transcript (Thando Mini thando.mini@sanlam.co.za)
• 7641d77: feat(ingest): git_heuristic adapter — shells git diff --name-status; hashes blobs at base+HEAD (Thando Mini thando.mini@sanlam.co.za)
• 7a34407: feat(ingest): manual_attestation adapter — operator-declared change shape (human-actor only) (Thando Mini thando.mini@sanlam.co.za)
• 0a62910: feat(ledger): Chain helper + hash-chain property tests (Thando Mini thando.mini@sanlam.co.za)
• 58c5be5: feat(ledger): DefaultRegistry + wiring test for kind coverage (Thando Mini thando.mini@sanlam.co.za)
• b7cb3db: feat(ledger): Doctor produces a structured health Report (Thando Mini thando.mini@sanlam.co.za)
• 1e6a180: feat(ledger): Event struct + deterministic SHA-256 content hash (Thando Mini thando.mini@sanlam.co.za)
• 26506db: feat(ledger): Project event into SQLite (idempotent + kind-checked) (Thando Mini thando.mini@sanlam.co.za)
• 4faf9e4: feat(ledger): Replay rebuilds projection from JSONL (Thando Mini thando.mini@sanlam.co.za)
• 75d36e1: feat(ledger): SQLite WAL Projection + schema migration (Thando Mini thando.mini@sanlam.co.za)
• 2a7ca40: feat(ledger): Verify walks the Merkle chain, detects tampering (Thando Mini thando.mini@sanlam.co.za)
• 07c2062: feat(ledger): append-only JSONL Store with fsync + chain check (Thando Mini thando.mini@sanlam.co.za)
• b646e1c: feat(ledger): event-kind Registry with Projector lookup (Thando Mini thando.mini@sanlam.co.za)
• fc5d87d: feat(ledger): register BOM_BUILT + BOM_SIGNED (Thando Mini thando.mini@sanlam.co.za)
• 784625b: feat(ledger): register CATALOGUE_SYNCED + IMPACT_CLASSIFIED in DefaultRegistry + wiring test (Thando Mini thando.mini@sanlam.co.za)
• af9cbeb: feat(ledger): register DECISION_ISSUED + POLICY_INVALID (Thando Mini thando.mini@sanlam.co.za)
• 2af5854: feat(ledger): register INGEST_COMPLETED + INGEST_ADAPTER_FAILED (Thando Mini thando.mini@sanlam.co.za)
• 6b81e41: feat(ledger): register SCAN_FINDING + wiring test (Thando Mini thando.mini@sanlam.co.za)
• 83b2f3b: feat(mcp): stdio JSON-RPC bridge — initialize, tools/list, tools/call for health/decisions/bom/events (Thando Mini thando.mini@sanlam.co.za)
• f80fb28: feat(mempalace,advisor,cli): content-addressed drawer bridge + LLM-agnostic advisory agent + themis advise; 17 tests (Thando Mini thando.mini@sanlam.co.za)
• 0a47478: feat(override): pure Validate/Build/Compute for emergency-override flow + 12 unit tests (Thando Mini thando.mini@sanlam.co.za)
• fe44059: feat(pipeline): Run() extracted from cli/decide_cmd — shared classify→scan→decide orchestration (Thando Mini thando.mini@sanlam.co.za)
• ed76ec4: feat(policy): pure Decide() — first-rule-wins, fail-closed default, severity threshold gates (Thando Mini thando.mini@sanlam.co.za)
• bb6c30a: feat(policy): schema + Parse — version+default validation, ErrPolicyInvalid wrap on every failure (Thando Mini thando.mini@sanlam.co.za)
• 69baf47: feat(scan): PII scanner — Luhn-valid CC, SA ID, email; redacts in description (Thando Mini thando.mini@sanlam.co.za)
• 66cd206: feat(scan): PackageOracle + supply_chain scanner (slopsquat + hallucinated_imports) for npm/pypi/go; 19 tests (Thando Mini thando.mini@sanlam.co.za)
• 24b6647: feat(scan): RunAll orchestration — aggregates findings, captures scanner crashes as findings (Thando Mini thando.mini@sanlam.co.za)
• fa28016: feat(scan): Scanner interface, Finding, Severity rank with property-testable ordering (Thando Mini thando.mini@sanlam.co.za)
• 4e10ccb: feat(scan): secrets scanner — AWS keys, PEM, secret-flavoured kv; redacts in description (Thando Mini thando.mini@sanlam.co.za)
• d038aa4: feat(sign): ed25519 keypair mgmt + Sign/Verify with ErrSign/ErrVerify wrap (Thando Mini thando.mini@sanlam.co.za)
• 14fe60a: feat(sign,cli): pluggable Signer + cosign-keyless-stub; themis bom sign --signer flag; 15 sign tests + CLI roundtrip (Thando Mini thando.mini@sanlam.co.za)
• 9dc85c6: feat(tenant): Tenant type + validated ID + per-tenant paths (Thando Mini thando.mini@sanlam.co.za)
• 586f6a7: feat(tenant): idempotent Init creates per-tenant dir tree (Thando Mini thando.mini@sanlam.co.za)
• 9b61f85: fix(bom): embed AIChange in DECISION_ISSUED payload so BOM build recovers full touched_files (Thando Mini thando.mini@sanlam.co.za)
• 830e00e: plan: Plan 1 — Foundation (project skeleton + tenant + Merkle ledger) (Thando Mini thando.mini@sanlam.co.za)
• bfee705: plan: Plan 10 — emergency override flow + mandatory postmortem (design spec §9.1.1) (Thando Mini thando.mini@sanlam.co.za)
• b53153e: plan: Plan 11 — heartbeat + ledger integrity tracking (design spec §9.1.2 + §9.1.3) (Thando Mini thando.mini@sanlam.co.za)
• ec0e0c9: plan: Plan 12 — multi-tenant API-key resolution + role model (Thando Mini thando.mini@sanlam.co.za)
• 53a206c: plan: Plan 13 — slopsquat + hallucinated-imports scanners (Thando Mini thando.mini@sanlam.co.za)
• 51c3754: plan: Plan 14 — pluggable Signer interface + Sigstore keyless stub (Thando Mini thando.mini@sanlam.co.za)
• 407f752: plan: Plan 2 — Catalogue + Classifier (16 tasks) (Thando Mini thando.mini@sanlam.co.za)
• 1eb72bb: plan: Plan 3 — Scanners + Policy Engine (15 tasks) (Thando Mini thando.mini@sanlam.co.za)
• 594e6f1: plan: Plan 4 — AI-BOM build + ed25519 signing (10 tasks) (Thando Mini thando.mini@sanlam.co.za)
• 81aa95c: plan: Plan 5 — ingest adapters (git_heuristic, claude_code_transcript, manual) (Thando Mini thando.mini@sanlam.co.za)
• ce0b762: plan: Plan 6 — REST read-only API + per-tenant token auth (Thando Mini thando.mini@sanlam.co.za)
• c1dbe96: plan: Plan 7 — write endpoints + GitHub Action wrapper + pre-push hook (Thando Mini thando.mini@sanlam.co.za)
• 717e893: plan: Plan 8 — MCP server bridge + embedded web dashboard (Thando Mini thando.mini@sanlam.co.za)
• 5509423: plan: Plan 9 — approval flows (grant/deny → DECISION_FINALISED) (Thando Mini thando.mini@sanlam.co.za)
• a49ac0e: plan: backfill Plans 15, 16+17, 18 plan files (Thando Mini thando.mini@sanlam.co.za)
• 9cdac3b: refactor(cli): decide_cmd uses pipeline.Run; logic shared with future HTTP surface (Thando Mini thando.mini@sanlam.co.za)
• 73dfcdb: test(api): POST decide — 9 cases (happy, secret/deny, auth, method, bad body/policy/base64/aichange + POLICY_INVALID ledger emit) (Thando Mini thando.mini@sanlam.co.za)
• b61c446: test(catalogue): ContentHash properties — invariant to fs reorder, sensitive to field edits (Thando Mini thando.mini@sanlam.co.za)
• 18e2686: test(catalogue): malformed-input error paths (8 cases incl. duplicate id, missing references) (Thando Mini thando.mini@sanlam.co.za)
• c3a4ce6: test(catalogue): mini EventCatalog fixture (2 domains, 4 services, 6 events) (Thando Mini thando.mini@sanlam.co.za)
• eebce9a: test(classify): monotonicity property + rank fix (Thando Mini thando.mini@sanlam.co.za)
• 8d3ef23: test(classify): property test — Classify is deterministic for same (AIChange, Graph) (Thando Mini thando.mini@sanlam.co.za)
• 2e97745: test(cli): e2e from real git repo — ingest→decide→bom→sign→verify on a live workspace (Thando Mini thando.mini@sanlam.co.za)
• cb4d0e9: test(cli): end-to-end pipeline — init→sync→decide→bom build→bom sign→verify→doctor (Thando Mini thando.mini@sanlam.co.za)
• 96b6fa3: test(cli): wiring guard — classify refuses to emit IMPACT_CLASSIFIED if not registered (Thando Mini thando.mini@sanlam.co.za)
• 0c1a271: test(ledger): Store rejects appends with stale prev-hash (Thando Mini thando.mini@sanlam.co.za)
• 6bcac97: test(ledger): cover ContentHash error path for invalid payload (Thando Mini thando.mini@sanlam.co.za)
• 6dd897b: test(ledger): error-path tests + fix cover_check.sh wiring (Thando Mini thando.mini@sanlam.co.za)
• 9b3723c: test(ledger): property test Replay(events) ≡ live Project(events) (Thando Mini thando.mini@sanlam.co.za)
• 96432df: test(ledger): property test — hash depends on every Event field (Thando Mini thando.mini@sanlam.co.za)
• a560f0d: test(policy): property tests — determinism, fail-closed, secret-rule-always-denies (Thando Mini thando.mini@sanlam.co.za)
• 315c03a: test(scan): secrets property tests — no false-positives on prose, always fires on AWS pattern (Thando Mini thando.mini@sanlam.co.za)
• 50b6960: test(tenant): cover empty-base + mkdir-failure + New-error paths (100%) (Thando Mini thando.mini@sanlam.co.za)
• 81e082a: test(tenant): distinct IDs always produce distinct, non-nesting roots (Thando Mini thando.mini@sanlam.co.za)