From 1fffd1fe1369d255b9146a4321a019f0e9e79300 Mon Sep 17 00:00:00 2001 From: JuliaEdom Date: Tue, 30 Jun 2026 14:03:18 +0300 Subject: [PATCH] docs: reconcile README/site claims with verified artifacts (E2 claim-audit, R5) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Line-by-line audit of every capability claim in README.md and site/ against its backing artifact. Verified-correct and left as-is: 1.06 s / 1.99 s freshness (docs/freshness-benchmark.md), 6 metrics + 2.5 s p95 staleness budget (config/contracts/metric.*.v1.yaml), 38 DV2 tables = 8 hubs / 8 links / 22 sats (dv2-multi-branch/architecture.md + demo_evidence.md), 3 dbt marts, all 42 referenced doc/script paths exist, and v1.5.0 published on PyPI + npm (confirmed via live registry query). Fixed the drift the audit found: - README: "12 required status checks" -> "13" and added build-smoke to the list (branch protection's required_status_checks has 13 contexts, build-smoke was missing from the prose); "960+ unit tests" -> "1,500+" (1501 verified this cycle); dropped the budget-framing "paid" from the Scope non-goal ("rather than a paid managed cloud" -> "rather than a managed cloud"). - site/index.html: the performance-baseline panel (56 / 260 / 330 ms, 27.8 RPS, 0%) cited docs/benchmark-baseline.json, which has since been regenerated with CI-runner numbers (140 / 610 / 23000 ms). Re-pointed the source to docs/release-readiness.md, which holds that exact aggregate run (569 requests, 0 failures). - docs/dv2-multi-branch/RELEASE_STATUS.md (the artifact the "v1.5_published" README badge links to): refreshed from v1.4.0 to v1.5.0 — header, status line (verified 2026-06-30 via live registries), registry table rows, tag-state row, and re-verify pins. PyPI agentflow-runtime/agentflow-client 1.5.0 and npm @yuliaedomskikh/agentflow-client 1.5.0, tag c99d094. Full v1.5.0 release mechanics remain for the formal release cut (E1). Verify: doc-coupled tests (test_examples, test_release_artifacts, test_contract_dependencies) green; no code touched. Co-Authored-By: Claude Opus 4.8 (1M context) --- README.md | 6 ++--- docs/dv2-multi-branch/RELEASE_STATUS.md | 29 ++++++++++++++++++------- site/index.html | 2 +- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5659b4c..094204a 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Consumers are whoever needs the number now: humans, dashboards, downstream servi - **Measured event-to-metric freshness** — an event entering the pipeline is reflected in `GET /v1/metrics/*` in **1.06 s p50 / 1.99 s p95** on production defaults (event-driven cache invalidation, no webhook registration), tunable to **238 ms p50**; a plain TTL cache on the same pipeline sits at ~15 s. Reproducible via `python scripts/benchmark_freshness.py` → [freshness benchmark](docs/freshness-benchmark.md) - **Lineage as a contract** — all six metrics declare their source events, serving table, and a 2.5 s p95 staleness budget in versioned contracts, exposed through `/v1/catalog` and `/v1/contracts` and pinned by tests against the actual write path - **Published release line through `v1.5.0`** on PyPI (`agentflow-runtime`, `agentflow-client`) and npm (`@yuliaedomskikh/agentflow-client`) via OIDC Trusted Publishers with SLSA provenance on every artifact -- **Tested and gated** — 960+ unit tests plus a broad Windows no-Docker suite; CI enforces 12 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract) through branch protection +- **Tested and gated** — 1,500+ unit tests plus a broad Windows no-Docker suite; CI enforces 13 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract, build-smoke) through branch protection - **Dual SDK parity** across Python and TypeScript — retries, circuit breakers, batching, pagination, contract pinning, idempotency keys, `as_of` historical reads — over sub-second entity lookups (p50 `38–55 ms`, p99 `167 ms` on local hardware) - **Security in the hot path** — tenant isolation on every read surface, parameterized queries, `sqlglot` AST validation for NL-to-SQL, fail-closed auth, secret scrubbing, and a Bandit gate for new findings - **Production-shaped extras** — two CDC paths (hardened Debezium/Kafka Connect + a ClickHouse per-branch fan-out), on-call [runbooks](docs/runbooks/README.md), and a [narrated demo](docs/dv2-multi-branch/) of the DV2 multi-branch warehouse @@ -158,7 +158,7 @@ audit-closure sprint: - **`v1.1.0`** — audit closure: tenant isolation across every read surface, SQL guard centralized on `sqlglot`, entity allowlist enforcement, fail-closed auth, secret rotation, Helm hardening, - OpenAPI drift gate, and the 12 required status checks. + OpenAPI drift gate, and the required status checks. - **`v1.2.0`** — DV2 multi-branch warehouse: 38 Data Vault 2.0 tables (8 hubs / 8 links / 22+ satellites), an Argo Workflows `dv2-refresh` template, a dbt project (3 mart models + 12 tests), and per-branch CDC @@ -187,7 +187,7 @@ the `[Unreleased]` section of the [changelog](CHANGELOG.md) for details. This is a reference data-engineering project. The streaming, warehouse, and deployment artifacts (Flink, Iceberg, Helm, Terraform, k8s) are exercised -against a local pipeline and a kind cluster in CI rather than a paid managed +against a local pipeline and a kind cluster in CI rather than a managed cloud. Wiring it to a live production source needs inputs that live outside the repo — CDC source onboarding (runbook ready in [docs/operations/cdc-production-onboarding.md](docs/operations/cdc-production-onboarding.md)), diff --git a/docs/dv2-multi-branch/RELEASE_STATUS.md b/docs/dv2-multi-branch/RELEASE_STATUS.md index 2d30559..af87428 100644 --- a/docs/dv2-multi-branch/RELEASE_STATUS.md +++ b/docs/dv2-multi-branch/RELEASE_STATUS.md @@ -1,7 +1,16 @@ -# Release status — v1.4.0 PUBLISHED +# Release status — v1.5.0 PUBLISHED + +**Status (verified 2026-06-30 via live registry queries):** v1.1.0 +through v1.5.0 are all published on the three registries (PyPI +`agentflow-runtime` + `agentflow-client`, npm +`@yuliaedomskikh/agentflow-client`). v1.5.0 is a security & correctness +hardening release: argon2id key hashing with an O(1) peppered lookup +index, an NL→SQL guard bypass fix (typed `read_csv` / `read_parquet` +scan functions denied in projection position), `sqlglot` control-byte +and mutation-target repairs, and a strict-`mypy` expansion. No public +API changes from v1.4.0; the full v1.5.0 release mechanics are finalized +in the formal release cut. -**Status (verified 2026-05-30 via live registry queries):** v1.1.0, -v1.2.0, v1.3.0, and v1.4.0 are all published on the three registries. v1.4.0 is a maintenance release bundling documentation (`docs/runbooks/` on-call playbooks, `SECURITY.md`, issue/PR templates), CI hardening (`contract.yml` @@ -20,6 +29,9 @@ gate). No runtime API changes from v1.3.0. | Registry | Package | Version | Upload time (UTC) | Tag commit | |----------|---------|---------|-------------------|------------| +| PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | +| PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | +| npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.5.0) | 1.5.0 | 2026-06-05 07:48 | `c99d094` | | PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | | PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | | npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.4.0) | 1.4.0 | 2026-05-24 21:05 | `e58693b` | @@ -48,15 +60,15 @@ through `v1.4.0`. ```bash # PyPI metadata -curl -sf "https://pypi.org/pypi/agentflow-runtime/1.4.0/json" -o /dev/null && echo OK -curl -sf "https://pypi.org/pypi/agentflow-client/1.4.0/json" -o /dev/null && echo OK +curl -sf "https://pypi.org/pypi/agentflow-runtime/1.5.0/json" -o /dev/null && echo OK +curl -sf "https://pypi.org/pypi/agentflow-client/1.5.0/json" -o /dev/null && echo OK # npm metadata -npm view "@yuliaedomskikh/agentflow-client@1.4.0" version dist.tarball +npm view "@yuliaedomskikh/agentflow-client@1.5.0" version dist.tarball # Install smoke python -m venv /tmp/.afcheck && . /tmp/.afcheck/bin/activate -pip install agentflow-runtime==1.4.0 agentflow-client==1.4.0 +pip install agentflow-runtime==1.5.0 agentflow-client==1.5.0 python -c "from importlib.metadata import version; print(version('agentflow-runtime'), version('agentflow-client'))" ``` @@ -158,8 +170,9 @@ same one. | v1.2.0 | `eb59508` | published | | v1.3.0 | `8fa99e6` | published | | v1.4.0 | `e58693b` | published | +| v1.5.0 | `c99d094` | published | -The next release (1.5.0 or 2.0.0) should follow the same recipe: +The next release (2.0.0) should follow the same recipe: bump 5 files (root `pyproject.toml`, `sdk/pyproject.toml`, `sdk/agentflow/__init__.py`, `sdk-ts/package.json`, `sdk-ts/package-lock.json`), update Helm chart/app image pins when the diff --git a/site/index.html b/site/index.html index 065e17b..29ab324 100644 --- a/site/index.html +++ b/site/index.html @@ -177,7 +177,7 @@

Self-directed deployment

Performance baseline

Current benchmark numbers from the repository baseline.

-

Source: docs/benchmark-baseline.json, checked on 2026-04-18.

+

Source: docs/release-readiness.md — aggregate load-test run (569 requests, 0 failures).