From cccea285d09c4b7828ff656c63976ab9634577bb Mon Sep 17 00:00:00 2001 From: CoderDeltaLAN Date: Sun, 21 Jun 2026 05:57:51 +0100 Subject: [PATCH] docs: refresh external audit package manifest --- CHANGELOG.md | 1 + docs/EXTERNAL-AUDIT-PACKAGE-CURRENT-MAIN.md | 11 ++++++----- docs/PRE-V0.4.0-INTERNAL-READINESS-AUDIT.md | 4 ++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26594e5..3bb5b97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ This project has a published GitHub Release line, but no stable support or API g ## [Unreleased] +- Refreshed the external audit package manifest and corrected pre-v0.4.0 readiness statuses after F-01. - Triaged superseded v0.3.1 release-target wording before the v0.4.0 release train. - Add non-UTF-8 error-contract coverage for `dedupe` and `conflicts`. diff --git a/docs/EXTERNAL-AUDIT-PACKAGE-CURRENT-MAIN.md b/docs/EXTERNAL-AUDIT-PACKAGE-CURRENT-MAIN.md index c3e5e9b..6593511 100644 --- a/docs/EXTERNAL-AUDIT-PACKAGE-CURRENT-MAIN.md +++ b/docs/EXTERNAL-AUDIT-PACKAGE-CURRENT-MAIN.md @@ -28,14 +28,15 @@ The final package must capture, outside this document if necessary: The exact SHA in this document's creation branch is not enough after merge. The final audit packet must refresh the SHA and CI evidence from main. -## Baseline evidence at manifest creation +## Baseline evidence at manifest refresh -This manifest was created from: +This manifest was refreshed after F-01 was merged into main. The final external audit must still use the post-merge main SHA for the actual audit target. + +This refresh starts from: - branch: audit/provide-complete-core-files; -- base main SHA before this manifest commit: 378bf5a41dd355e3e219a0a3b54408c039bdeca8; -- CI push run for that base SHA: 27885987180, success; -- CodeQL push run for that base SHA: 27885987214, success; +- base main SHA before this manifest refresh: 853998d79768299cce7457cf5ffeb592bb848221; +- CI and CodeQL for that base SHA were verified before this branch; final run IDs must be refreshed from the post-merge main SHA; - required file existence check: 45 required files, 0 missing; - command surface observed from source tree: check, init, doctor, budget, dedupe, conflicts, explain. diff --git a/docs/PRE-V0.4.0-INTERNAL-READINESS-AUDIT.md b/docs/PRE-V0.4.0-INTERNAL-READINESS-AUDIT.md index 66f82ee..1e2a8f7 100644 --- a/docs/PRE-V0.4.0-INTERNAL-READINESS-AUDIT.md +++ b/docs/PRE-V0.4.0-INTERNAL-READINESS-AUDIT.md @@ -106,7 +106,7 @@ Current main includes post-v0.3.0 functionality, including dedupe and conflicts. ### RB-02: final release evidence is missing -Status: closed by docs/triage-v040-release-truth-wording. +Status: open. The v0.4.0 release still needs exact release evidence, including: @@ -133,7 +133,7 @@ Before release/prepare-v040, the external audit package must include the core so ### F-01: stale or historical release-target wording needs final triage before v0.4.0 Severity: medium. -Status: open. +Status: closed by docs/triage-v040-release-truth-wording. The stale-truth scan found older v0.3.1 and v0.2.x wording in historical docs, changelog entries, and product-strategy material. The v0.3.1 wording that could read like current guidance in docs/V0.3.0-POST-RELEASE-AUDIT.md was triaged and marked as superseded historical planning. Historical v0.2.x release evidence remains intentionally unchanged.