diff --git a/README.md b/README.md index 5659b4c..094204a 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Consumers are whoever needs the number now: humans, dashboards, downstream servi - **Measured event-to-metric freshness** — an event entering the pipeline is reflected in `GET /v1/metrics/*` in **1.06 s p50 / 1.99 s p95** on production defaults (event-driven cache invalidation, no webhook registration), tunable to **238 ms p50**; a plain TTL cache on the same pipeline sits at ~15 s. Reproducible via `python scripts/benchmark_freshness.py` → [freshness benchmark](docs/freshness-benchmark.md) - **Lineage as a contract** — all six metrics declare their source events, serving table, and a 2.5 s p95 staleness budget in versioned contracts, exposed through `/v1/catalog` and `/v1/contracts` and pinned by tests against the actual write path - **Published release line through `v1.5.0`** on PyPI (`agentflow-runtime`, `agentflow-client`) and npm (`@yuliaedomskikh/agentflow-client`) via OIDC Trusted Publishers with SLSA provenance on every artifact -- **Tested and gated** — 960+ unit tests plus a broad Windows no-Docker suite; CI enforces 12 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract) through branch protection +- **Tested and gated** — 1,500+ unit tests plus a broad Windows no-Docker suite; CI enforces 13 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract, build-smoke) through branch protection - **Dual SDK parity** across Python and TypeScript — retries, circuit breakers, batching, pagination, contract pinning, idempotency keys, `as_of` historical reads — over sub-second entity lookups (p50 `38–55 ms`, p99 `167 ms` on local hardware) - **Security in the hot path** — tenant isolation on every read surface, parameterized queries, `sqlglot` AST validation for NL-to-SQL, fail-closed auth, secret scrubbing, and a Bandit gate for new findings - **Production-shaped extras** — two CDC paths (hardened Debezium/Kafka Connect + a ClickHouse per-branch fan-out), on-call [runbooks](docs/runbooks/README.md), and a [narrated demo](docs/dv2-multi-branch/) of the DV2 multi-branch warehouse @@ -158,7 +158,7 @@ audit-closure sprint: - **`v1.1.0`** — audit closure: tenant isolation across every read surface, SQL guard centralized on `sqlglot`, entity allowlist enforcement, fail-closed auth, secret rotation, Helm hardening, - OpenAPI drift gate, and the 12 required status checks. + OpenAPI drift gate, and the required status checks. - **`v1.2.0`** — DV2 multi-branch warehouse: 38 Data Vault 2.0 tables (8 hubs / 8 links / 22+ satellites), an Argo Workflows `dv2-refresh` template, a dbt project (3 mart models + 12 tests), and per-branch CDC @@ -187,7 +187,7 @@ the `[Unreleased]` section of the [changelog](CHANGELOG.md) for details. This is a reference data-engineering project. The streaming, warehouse, and deployment artifacts (Flink, Iceberg, Helm, Terraform, k8s) are exercised -against a local pipeline and a kind cluster in CI rather than a paid managed +against a local pipeline and a kind cluster in CI rather than a managed cloud. Wiring it to a live production source needs inputs that live outside the repo — CDC source onboarding (runbook ready in [docs/operations/cdc-production-onboarding.md](docs/operations/cdc-production-onboarding.md)), diff --git a/docs/dv2-multi-branch/RELEASE_STATUS.md b/docs/dv2-multi-branch/RELEASE_STATUS.md index 2d30559..af87428 100644 --- a/docs/dv2-multi-branch/RELEASE_STATUS.md +++ b/docs/dv2-multi-branch/RELEASE_STATUS.md @@ -1,7 +1,16 @@ -# Release status — v1.4.0 PUBLISHED +# Release status — v1.5.0 PUBLISHED + +**Status (verified 2026-06-30 via live registry queries):** v1.1.0 +through v1.5.0 are all published on the three registries (PyPI +`agentflow-runtime` + `agentflow-client`, npm +`@yuliaedomskikh/agentflow-client`). v1.5.0 is a security & correctness +hardening release: argon2id key hashing with an O(1) peppered lookup +index, an NL→SQL guard bypass fix (typed `read_csv` / `read_parquet` +scan functions denied in projection position), `sqlglot` control-byte +and mutation-target repairs, and a strict-`mypy` expansion. No public +API changes from v1.4.0; the full v1.5.0 release mechanics are finalized +in the formal release cut. -**Status (verified 2026-05-30 via live registry queries):** v1.1.0, -v1.2.0, v1.3.0, and v1.4.0 are all published on the three registries. v1.4.0 is a maintenance release bundling documentation (`docs/runbooks/` on-call playbooks, `SECURITY.md`, issue/PR templates), CI hardening (`contract.yml` @@ -20,6 +29,9 @@ gate). No runtime API changes from v1.3.0. | Registry | Package | Version | Upload time (UTC) | Tag commit | |----------|---------|---------|-------------------|------------| +| PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | +| PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | +| npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.5.0) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | | PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | | PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | | npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.4.0) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | @@ -48,15 +60,15 @@ through `v1.4.0`. ```bash # PyPI metadata -curl -sf "https://pypi.org/pypi/agentflow-runtime/1.4.0/json" -o /dev/null && echo OK -curl -sf "https://pypi.org/pypi/agentflow-client/1.4.0/json" -o /dev/null && echo OK +curl -sf "https://pypi.org/pypi/agentflow-runtime/1.5.0/json" -o /dev/null && echo OK +curl -sf "https://pypi.org/pypi/agentflow-client/1.5.0/json" -o /dev/null && echo OK # npm metadata -npm view "@yuliaedomskikh/agentflow-client@1.4.0" version dist.tarball +npm view "@yuliaedomskikh/agentflow-client@1.5.0" version dist.tarball # Install smoke python -m venv /tmp/.afcheck && . /tmp/.afcheck/bin/activate -pip install agentflow-runtime==1.4.0 agentflow-client==1.4.0 +pip install agentflow-runtime==1.5.0 agentflow-client==1.5.0 python -c "from importlib.metadata import version; print(version('agentflow-runtime'), version('agentflow-client'))" ``` @@ -158,8 +170,9 @@ same one. | v1.2.0 | `eb59508` | published | | v1.3.0 | `8fa99e6` | published | | v1.4.0 | `e58693b` | published | +| v1.5.0 | `c99d094` | published | -The next release (1.5.0 or 2.0.0) should follow the same recipe: +The next release (2.0.0) should follow the same recipe: bump 5 files (root `pyproject.toml`, `sdk/pyproject.toml`, `sdk/agentflow/__init__.py`, `sdk-ts/package.json`, `sdk-ts/package-lock.json`), update Helm chart/app image pins when the diff --git a/site/index.html b/site/index.html index 065e17b..29ab324 100644 --- a/site/index.html +++ b/site/index.html @@ -177,7 +177,7 @@
Performance baseline
Source: docs/benchmark-baseline.json, checked on 2026-04-18.
+Source: docs/release-readiness.md — aggregate load-test run (569 requests, 0 failures).