You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+7-11Lines changed: 7 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,17 +6,13 @@ All notable changes to this repository are documented here. **PyPI** releases us
6
6
7
7
## Unreleased
8
8
9
-
- Add spec-driven generated models package under `src/intentproof/generated` (`execution_event`, `intentproof_config`, `normative_schemas`, and package exports) and switch SDK type aliases/wire paths to these generated schema models.
10
-
- Add schema validation helpers in `src/intentproof/schema_validate.py` for execution events, wrap options, and runtime config; export them from `intentproof.__init__`.
11
-
- Add deterministic codegen pipeline (`scripts/generate_schema_models.py`) that writes embedded normative schemas plus `src/intentproof/generated/spec_fingerprint.json` (spec version + per-schema/aggregate SHA-256 digests).
12
-
- Add generated artifact drift checks (`scripts/verify-generated-types.sh`) and bundled schema guard (`scripts/check-no-bundled-schema.sh`) for release hygiene.
13
-
- Add explicit no-handwritten-model policy enforcement (`scripts/check-no-handwritten-model-types.sh`) by delegating to the shared `intentproof-spec` checker, with a dedicated CI check-run (`no-handwritten-model-types`), the same step in **`tox -e static`** and release publish (parity with Node/Java), and release preflight gating on that check.
14
-
- Strengthen CI/release hardening: add `hardening` job, enforce required check-runs in release preflight, and upload canonical conformance report artifact (`conformance-report-python`).
15
-
- Improve spec-conformance wrapper (`scripts/spec-conformance.sh`) with strict spec pin verification (`scripts/check-sdk-spec-pin.sh`), standardized report metadata (`INTENTPROOF_SDK_NAME`, `INTENTPROOF_SDK_LANGUAGE`, `INTENTPROOF_SDK_VERSION`), and `./intentproof-spec` fallback when the env var and sibling clone are absent.
16
-
- Pin `datamodel-code-generator` in `pyproject.toml` for stable code generation and make generated headers deterministic (no timestamp/random temp filenames).
17
-
- Add/expand tests for spec semantics and generated artifacts: `tests/spec_semantics.py`, `tests/unit/test_spec_golden_conformance.py`, `tests/unit/test_schema_validate.py`, `tests/unit/test_generated_fingerprint.py`, with related SDK/exporter/wire test updates.
18
-
- Update docs (`README.md`) and local quality wiring (`tox.ini`) to reflect spec-first model generation, dedicated policy gating, and deduplicated CI enforcement.
19
-
- CI: **`no-handwritten-model-types`** job only checks out the SDK + spec and runs the delegated script (no **`pip install`**); **push** triggers also include **`master`** (parity with Node/Java).
9
+
-**Spec-generated wire models:** Add `src/intentproof/generated` (Pydantic models from intentproof-spec JSON Schemas, embedded normative schema dicts for `jsonschema`, and `spec_fingerprint.json` with spec version plus per-schema and aggregate SHA-256). Route SDK types and wire serialization through these models; add `schema_validate` helpers for execution events, wrap options, and runtime config and export them from `intentproof`.
10
+
-**Codegen and drift guards:** Add `scripts/generate_schema_models.py` with pinned `datamodel-code-generator` and deterministic generation; add `scripts/verify-generated-types.sh`, `scripts/check-no-bundled-schema.sh`, and `scripts/check-sdk-spec-pin.sh` enforcing `[tool.intentproof]``spec-version` and `spec-commit` against the spec checkout.
11
+
-**No handwritten schema models:**`scripts/check-no-handwritten-model-types.sh` delegates to `intentproof-spec`’s shared checker (requires a spec checkout via `INTENTPROOF_SPEC_ROOT`, sibling `../intentproof-spec`, or `./intentproof-spec`). Wired into **`tox -e static`**, a dedicated CI job (`no-handwritten-model-types`) that checks out the pinned spec revision without installing the SDK, the Release workflow before build, and release preflight required check-runs.
12
+
-**CI and release:** Checkout intentproof-spec at **`pyproject.toml`**`spec-commit` across conformance and policy jobs; add **`hardening`** and **`spec-golden-parity`**; upload conformance report artifact **`conformance-report-python`**; run conformance with replay/metadata env vars; extend **push** triggers to **`master`**; release preflight requires **`no-handwritten-model-types`**, **`hardening`**, **`intentproof-spec`**, **`spec-golden-parity`**, and **`tox`** static/cov matrix successes.
13
+
-**Conformance wrapper:**`scripts/spec-conformance.sh` gains spec-pin integration, standardized SDK report metadata (`INTENTPROOF_SDK_NAME`, `INTENTPROOF_SDK_LANGUAGE`, `INTENTPROOF_SDK_VERSION`), and clearer resolution when the spec checkout path is not set.
14
+
-**Tests and docs:** Add golden JSONL conformance, spec semantics mirroring, fingerprint validation, schema validation tests, and updates to SDK/exporter/wire tests; refresh **`README.md`** and **`tox.ini`** for the spec-first workflow.
15
+
20
16
## 0.1.1 — 2026-05-04
21
17
22
18
-**Security:** upgrade **pip** to **≥26.1** after Python setup in the composite **`.github/actions/setup-python-pip`** action, and in the default **`[testenv]`** via **`commands_pre`**, addressing **CVE-2026-3219** and **CVE-2026-6357**.
Cross-repository **pins**, **`INTENTPROOF_*`** environment variables, and script naming are documented in the **[`intentproof-spec` CONTRIBUTING guide](https://github.com/IntentProof/intentproof-spec/blob/main/CONTRIBUTING.md#terminology-shared-with-sdk-repos)**.
4
+
5
+
Typical local checks (see **`tox.ini`**):
6
+
7
+
```bash
8
+
pip install "tox>=4"
9
+
tox run -e static
10
+
tox run -e cov
11
+
```
12
+
13
+
PyPI releases use **`release.yml`** (trusted publisher / OIDC). For undisclosed security issues, use [**Security**](https://github.com/IntentProof/intentproof-sdk-python/security) advisories.
Pin the **version** you want from PyPI or from GitHub Releases. Replace **`x.y.z`** below with that version.
50
50
@@ -323,7 +323,7 @@ run_probe()
323
323
324
324
## Security
325
325
326
-
For **vulnerability reporting**, use this repository’s [**Security**](https://github.com/intentproof/intentproof-sdk-python/security) tab (private advisories).
326
+
For **vulnerability reporting**, use this repository’s [**Security**](https://github.com/IntentProof/intentproof-sdk-python/security) tab (private advisories).
327
327
328
328
Every **`ExecutionEvent`** you emit is data you may ship off-process. Treat them like audit-grade execution records: they can include PII, secrets, stack traces, and business identifiers depending on your **`snapshot`** / **`capture_*`** hooks.
329
329
@@ -340,9 +340,11 @@ Custom **`body`** serializers: if **`body(event)`** raises, **`HttpExporter`** n
340
340
341
341
## Canonical specification (`intentproof-spec`)
342
342
343
-
Schemas, golden oracles, and the **Vitest conformance oracle** live in the **[IntentProof specification repository (`intentproof-spec`)](https://github.com/intentproof/intentproof-spec)**.
-**Version pin:****`[tool.intentproof].spec-version`** in **`pyproject.toml`** matches **`spec.json`** in that repo; **`scripts/check-sdk-spec-pin.sh`** enforces it before conformance.
345
+
Schemas, golden oracles, and the **Vitest conformance oracle** live in the **[IntentProof specification repository (`intentproof-spec`)](https://github.com/IntentProof/intentproof-spec)**.
346
+
347
+
-**Version pin:****`[tool.intentproof].spec-version`** and **`spec-commit`** in **`pyproject.toml`** match **`spec.json`** and the spec **`HEAD`** checkout; **`scripts/check-sdk-spec-pin.sh`** enforces this before conformance.
346
348
347
349
-**CI:** every push/PR checks out this SDK plus **`intentproof-spec`** and runs **`scripts/spec-conformance.sh`** (pin check + full oracle; see `.github/workflows/ci.yml`). The **`spec-golden-parity`** job runs **`tests/unit/test_spec_golden_conformance.py`** against the same **`golden/execution_event_cases.jsonl`** using **`jsonschema`** + semantics mirrored from the spec (`tests/spec_semantics.py`).
348
350
-**Local:** clone `intentproof-spec`**next to** this repository (`../intentproof-spec`), then:
@@ -365,6 +367,8 @@ Schemas, golden oracles, and the **Vitest conformance oracle** live in the **[In
365
367
366
368
## Project development
367
369
370
+
Contributing and shared **`intentproof-spec`** terminology: **[`CONTRIBUTING.md`](CONTRIBUTING.md)**.
371
+
368
372
Layout: **`src/`** tree, built with **Hatchling** ([Hatch](https://github.com/pypa/hatch); **`build-backend = "hatchling.build"`** in `pyproject.toml`). Requires **Python** 3.11 or newer. Release history: [`CHANGELOG.md`](CHANGELOG.md).
369
373
370
374
Checks run via **[tox](https://tox.wiki/)** (`tox.ini`): **`static`** runs **ruff** (format + lint); **`cov`** runs **pytest** with **pytest-cov** and enforces **100%** line coverage; **`py311`** … **`py314`** install the package with **`dev`** extras and run **pytest**. CI matches this.
0 commit comments