Skip to content

release: cut v0.1.0 (CHANGELOG bump + audit re-fix) (RAN-55)#4

Merged
aksOps merged 1 commit intomainfrom
chore/ran-55-v0.1.0-release
Apr 26, 2026
Merged

release: cut v0.1.0 (CHANGELOG bump + audit re-fix) (RAN-55)#4
aksOps merged 1 commit intomainfrom
chore/ran-55-v0.1.0-release

Conversation

@aksOps
Copy link
Copy Markdown
Contributor

@aksOps aksOps commented Apr 26, 2026

Summary

Closes the versioning gap identified in the latest RAN-55 board audit by cutting the first tagged release line and re-applying the audit fixes that were orphaned when commit `3cccc2b` missed PR #3's squash.

CHANGELOG.md

.bestpractices.json (v0.1.0 evidence + audit fixes)

Criterion Before After
`version_unique_url` missing releases/tag/v0.1.0
`release_notes_url` blob/main/CHANGELOG.md releases/tag/v0.1.0
`release_notes_vulns_url` blob/main/CHANGELOG.md#security blob/main/CHANGELOG.md#010---2026-04-26
`version_semver_status` `?` Met (anchored to v0.1.0)
`version_tags_status` `?` Met (anchored to v0.1.0)
`test_continuous_integration_status` `?` Met
`dynamic_analysis_status` `?` N/A
`dynamic_analysis_enable_assertions_status` `?` N/A
`report_process_url` blob/main/SECURITY.md /issues (criterion is bug-report channel)

Zero `?` statuses remain in `.bestpractices.json`.

Follow-up after merge

Once this PR lands on `main`, the actual tag + GitHub Release publication:

  1. `git tag -s v0.1.0 -m "vigil v0.1.0 — initial release"` on the merged commit (uses ssh signing per `tag.gpgsign=true` repo config).
  2. `git push origin v0.1.0`.
  3. `gh release create v0.1.0 --title "vigil v0.1.0" --notes-file ` — body cribbed from CHANGELOG `## [0.1.0]` block.

Tracked under a follow-up Paperclip subtask under RAN-55 (links once created).

Test plan

  • `json.load` clean on `.bestpractices.json`; zero `?` statuses
  • CHANGELOG link refs resolve once `v0.1.0` is published
  • Watch CI on this PR (Semgrep / OSV / Trivy / Gitleaks / jscpd / SBOM / Scorecard)
  • After merge + tag + release: rerun bestpractices.dev autofill on https://www.bestpractices.dev/projects/12648 — expect `tiered_percentage` to clear `passing`

🤖 Generated with Claude Code

@aksOps @Paperclip-Paperclip
release: cut v0.1.0 + re-apply audit fixes (RAN-55)
854aee9 
Cuts the first tagged release line for vigil and rolls in the audit fixes
that didn't make it into PR #3's squash (commit 3cccc2b was orphaned).

CHANGELOG.md
- [Unreleased] → [0.1.0] - 2026-04-26
- Add fresh empty [Unreleased] block
- Add link refs: [Unreleased]=compare/v0.1.0...HEAD, [0.1.0]=releases/tag/v0.1.0
- Preamble note: project follows SemVer 2.0.0 from v0.1.0 onward

.bestpractices.json — v0.1.0 evidence + audit fixes
- version_unique: add `_url` pointing at releases/tag/v0.1.0
- release_notes / release_notes_vulns: refresh URLs to v0.1.0 anchors
- version_semver / version_tags: ? → Met (committed SemVer + signed tag policy, with v0.1.0 as concrete anchor)
- test_continuous_integration: ? → Met (security.yml + scorecard.yml provide CI on every push/PR/weekly)
- dynamic_analysis / dynamic_analysis_enable_assertions: ? → N/A (no network-bound runtime surface)
- report_process_url: SECURITY.md → /issues (criterion is bug-report channel, not vuln-report)

Tag + GitHub Release publication tracked as a follow-up after this PR
merges; CHANGELOG and `.bestpractices.json` already reference the tag URLs
so the published artefacts will resolve cleanly.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
@aksOps aksOps merged commit 255c4ab into main Apr 26, 2026
12 checks passed
@aksOps aksOps deleted the chore/ran-55-v0.1.0-release branch April 26, 2026 05:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aksOps