Bump to v0.10.0 and guard public-surface drift in CI#53
Merged
pengfei-threemoonslab merged 3 commits intomainfrom May 8, 2026
Merged
Bump to v0.10.0 and guard public-surface drift in CI#53pengfei-threemoonslab merged 3 commits intomainfrom
pengfei-threemoonslab merged 3 commits intomainfrom
Conversation
Aligns every public/agent-facing surface to a single canonical package version, GitHub Action pin, and packet-schema link, and adds parametrized tests that fail if any of these drift again. Why: pre-bump, README, target-repo snippets, and three example workflows pinned `@v0.10.0` against a tag that didn't exist yet — any agent following those examples would have failed in CI on the first run. The packet schema had also drifted (llms.txt and SKILL.md still pointed at v0.2 while the contract was v0.3) and the SKILL.md anchor `#release-evidence-packet-v01` linked nowhere. What changed: - pyproject, .well-known, llms.txt, contract doc, src/__init__, faq, ROADMAP, distribution, bug-report template all bump to v0.10.0. - Every Action / pip / `shipgate_version:` pin in README, docs, prompts, GitHub-Actions/CircleCI/GitLab-CI examples now reads v0.10.0; the five files already at v0.10.0 are now correct. - llms.txt and skills/agents-shipgate/SKILL.md packet schema references move v0.2 -> v0.3; SKILL.md anchor v01 -> v03. - AGENTS.md (release_decision/capability/tool_surface field enumeration) and skills/agents-shipgate/SKILL.md (report-JSON megaline) now link to docs/agent-contract-current.md anchors instead of restating the contract field-by-field. - tests/test_public_surface_contract.py grows eight new drift-detection tests (parametrized over a new ACTION_PIN_FILES superset of PUBLIC_SURFACES): contract-doc/test-constant agreement, pyproject↔well-known↔llms↔contract version sync, Action / pip / `shipgate_version:` pin drift, packet-schema freshness and anchor accuracy, and forbidden display-name enforcement (`Agent Shipcheck` / `Agent Shipgate` only inside explicit "do not use" lists). marketing/ and frozen schema files are excluded by design. Tests intentionally not added: a "v0.10.0 tag exists" assertion (would block the very PR that does the bump) and a positive "release_decision.decision is the gating signal" check (the existing summary.status negative test plus .well-known.gating_signal cover this without false-positiving on examples/github-actions/README.md, which legitimately documents the Action output named `decision`). Verification: pytest 677 passed, ruff clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Resolves conflicts in three files: - docs/agent-contract-current.md: keeps main's new `agents-shipgate contract --json` verification block and `Runtime contract: 1` line on top of this branch's `Latest release: v0.10.0` bump. - skills/agents-shipgate/SKILL.md: keeps main's new `Installed CLI contract` bullet pointing at the local `agents-shipgate contract --json` command, alongside this branch's consolidated `Report JSON` bullet that links the long field enumeration into docs/agent-contract-current.md instead of restating it. - tests/test_public_surface_contract.py: takes main's broader `ANY_PACKET_SCHEMA_PATTERN` regex (`v\d+\.\d+`, future-proof past v0.x) and keeps this branch's three new patterns (LEGACY_PACKET_SCHEMA_PATTERN, PACKET_ANCHOR_PATTERN, plus the action/pip/version-input pin patterns). Auto-merged everything else cleanly, including .well-known (this branch's v0.10.0 bump + main's new `contract` and `contract_version` keys). Verification: pytest 677 passed, ruff clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
P2: ROADMAP.md self-contradiction. v0.8.0 Release Decision Engine sat under "## Open" while the lead paragraph already declared v0.2-v0.8 complete. Move the v0.8.0 entry into "## Completed" (re-tensed to past), drop the "v0.8.x" prefix from the source-provenance section that is now the active open work, and tighten the lead paragraph to point at it. P3: Version literals on public surfaces this PR bumped were not guarded by the new drift tests. The Action / pip / shipgate_version pin tests catch every pinned version, but they don't catch plain release-version literals like the bug-report placeholder, distribution.md's release-tag list, faq.md's "latest released version" line, and ROADMAP.md's lead. Add VERSION_LITERAL_TARGETS (one (path, regex) per surface, with each regex anchored to the surrounding phrasing so historical version mentions in the same file don't false-positive) and a parametrized test_version_literals_match_pyproject_version that asserts each captured literal equals pyproject.toml's version. P1 was already resolved by the previous merge commit (8254cdb); gh pr view 53 reports mergeStateStatus: CLEAN, mergeable: MERGEABLE. Verification: pytest 681 passed (4 new parametrizations from VERSION_LITERAL_TARGETS), ruff clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pengfei-threemoonslab
added a commit
that referenced
this pull request
May 8, 2026
Picks up: contract CLI command (#52), v0.10.0 release tag (#53), init --agent-instructions (#54), HITL evidence provenance (#50), agent autofix-boundary docs (#55), packet schema v0.3. Conflict resolution: kept v0.11 report-schema references on top of main's v0.10.0 release / packet-schema v0.3 / contract-command additions. AGENTS.md and SKILL.md adopt main's centralized "contract lives in agent-contract-current.md" pattern; the v0.11 provenance line lives there now. test_public_surface_contract.py adopts main's derive-from-model approach for the current schema constants and just adds v0.10 to the legacy-pattern list. Also fixes a SARIF regression flagged in review: ``_location()`` chose the structured branch whenever ``source.path`` was set, so a finding with ``path="foo.py"`` and legacy ``location="foo.py:10"`` emitted no ``region``. Hybrid / plugin findings now fall back to ``_split_location(source.location or source.ref)`` when ``start_line`` is absent. Adds a regression test. After merge: 805 passed (+3 skipped), ruff clean, ``agents-shipgate contract --json`` reports ``report_schema_version: "0.11"``. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
agents-shipgatetov0.10.0and aligns every public / agent-facing surface (pyproject,.well-known,llms.txt, contract doc, README, docs, all GitHub Actions / CircleCI / GitLab-CI examples, prompts, skills) to a single canonical package version, GitHub Action pin, andshipgate_versioninput.llms.txtandskills/agents-shipgate/SKILL.mdreferencedpacket-schema.v0.2.jsonwhile the contract was already atv0.3;SKILL.mdalso linked the broken anchor#release-evidence-packet-v01.AGENTS.mdandskills/agents-shipgate/SKILL.mdwith links todocs/agent-contract-current.mdanchors so future schema bumps update one file, not five.tests/test_public_surface_contract.pyso CI fails on stale Action pins, stale package versions, stale report/packet schema links, stale packet anchors, and forbidden display names (Agent Shipcheck/Agent Shipgate) outside explicit "do not use" lists. The existingsummary.statusnegative test already covers "new gating signal" drift.Type
Verification
CI is authoritative for
python -m ruff check .,python -m compileall -q src tests, andpython -m pytest.Additional local checks run:
python -m pytest -q→ 677 passedpython -m pytest tests/test_public_surface_contract.py -v→ 172 passed (was 30 pre-bump; the new parametrized tests run acrossPUBLIC_SURFACESand a newACTION_PIN_FILESsuperset of 33 files)python -m ruff check .→ cleangrep -rn \"@v0\\.[0-9]\\+\\.[0-9]\\+\" --include='*.md' --include='*.yml' --include='*.yaml' --include='*.txt' --include='*.json' . | grep -v -E 'CHANGELOG|marketing|samples|tests' | grep -v '@v0\\.10\\.0'→ empty (no remaining stale Action pins outside historic files)grep -rn \"packet-schema\\.v0\\.[0-9]\" --include='*.md' --include='*.json' --include='*.txt' . | grep -v -E 'CHANGELOG|docs/packet-schema' | grep -v 'v0\\.3'→ empty (no remaining stale packet-schema references)Release-readiness notes
docs/checks.md(no check changes in this PR)STABILITY.md(no schema changes; only metadata version bumps to match the already-released report-schema v0.10 / packet-schema v0.3)Notes for reviewers
v0.10.0git tag does not yet exist. This PR bumps in-tree metadata; cut and publish the tag separately when merging. The new tests intentionally do not assert tag existence (that would block this PR). Tag existence is enforced by the release workflow at publish time.marketing/linkedin-launch-post.mdkeeps its@v0.5.1pin (frozen launch copy for that specific release) and is explicitly excluded fromACTION_PIN_FILES.docs/{report,packet}-schema.v0.X.json) are also excluded — their$idnecessarily names their own frozen version.examples/github-actions/README.md:45documents the Action output nameddecisionas "the gating signal". The plan deliberately doesn't add a positiverelease_decision.decision-must-be-mentioned test because it would false-positive there; the existingsummary.statusnegative test plus.well-known.gating_signalare the right guard.🤖 Generated with Claude Code