Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Consumers are whoever needs the number now: humans, dashboards, downstream servi
- **Measured event-to-metric freshness** — an event entering the pipeline is reflected in `GET /v1/metrics/*` in **1.06 s p50 / 1.99 s p95** on production defaults (event-driven cache invalidation, no webhook registration), tunable to **238 ms p50**; a plain TTL cache on the same pipeline sits at ~15 s. Reproducible via `python scripts/benchmark_freshness.py` → [freshness benchmark](docs/freshness-benchmark.md)
- **Lineage as a contract** — all six metrics declare their source events, serving table, and a 2.5 s p95 staleness budget in versioned contracts, exposed through `/v1/catalog` and `/v1/contracts` and pinned by tests against the actual write path
- **Published release line through `v1.5.0`** on PyPI (`agentflow-runtime`, `agentflow-client`) and npm (`@yuliaedomskikh/agentflow-client`) via OIDC Trusted Publishers with SLSA provenance on every artifact
- **Tested and gated** — 960+ unit tests plus a broad Windows no-Docker suite; CI enforces 12 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract) through branch protection
- **Tested and gated** — 1,500+ unit tests plus a broad Windows no-Docker suite; CI enforces 13 required status checks (lint, schema, unit, integration, helm, perf, terraform, bandit, safety, npm-audit, trivy, contract, build-smoke) through branch protection
- **Dual SDK parity** across Python and TypeScript — retries, circuit breakers, batching, pagination, contract pinning, idempotency keys, `as_of` historical reads — over sub-second entity lookups (p50 `38–55 ms`, p99 `167 ms` on local hardware)
- **Security in the hot path** — tenant isolation on every read surface, parameterized queries, `sqlglot` AST validation for NL-to-SQL, fail-closed auth, secret scrubbing, and a Bandit gate for new findings
- **Production-shaped extras** — two CDC paths (hardened Debezium/Kafka Connect + a ClickHouse per-branch fan-out), on-call [runbooks](docs/runbooks/README.md), and a [narrated demo](docs/dv2-multi-branch/) of the DV2 multi-branch warehouse
Expand Down Expand Up @@ -158,7 +158,7 @@ audit-closure sprint:
- **`v1.1.0`** — audit closure: tenant isolation across every read
surface, SQL guard centralized on `sqlglot`, entity allowlist
enforcement, fail-closed auth, secret rotation, Helm hardening,
OpenAPI drift gate, and the 12 required status checks.
OpenAPI drift gate, and the required status checks.
- **`v1.2.0`** — DV2 multi-branch warehouse: 38 Data Vault 2.0 tables
(8 hubs / 8 links / 22+ satellites), an Argo Workflows `dv2-refresh`
template, a dbt project (3 mart models + 12 tests), and per-branch CDC
Expand Down Expand Up @@ -187,7 +187,7 @@ the `[Unreleased]` section of the [changelog](CHANGELOG.md) for details.

This is a reference data-engineering project. The streaming, warehouse, and
deployment artifacts (Flink, Iceberg, Helm, Terraform, k8s) are exercised
against a local pipeline and a kind cluster in CI rather than a paid managed
against a local pipeline and a kind cluster in CI rather than a managed
cloud. Wiring it to a live production source needs inputs that live outside
the repo — CDC source onboarding (runbook ready in
[docs/operations/cdc-production-onboarding.md](docs/operations/cdc-production-onboarding.md)),
Expand Down
29 changes: 21 additions & 8 deletions docs/dv2-multi-branch/RELEASE_STATUS.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,16 @@
# Release status — v1.4.0 PUBLISHED
# Release status — v1.5.0 PUBLISHED

**Status (verified 2026-06-30 via live registry queries):** v1.1.0
through v1.5.0 are all published on the three registries (PyPI
`agentflow-runtime` + `agentflow-client`, npm
`@yuliaedomskikh/agentflow-client`). v1.5.0 is a security & correctness
hardening release: argon2id key hashing with an O(1) peppered lookup
index, an NL→SQL guard bypass fix (typed `read_csv` / `read_parquet`
scan functions denied in projection position), `sqlglot` control-byte
and mutation-target repairs, and a strict-`mypy` expansion. No public
API changes from v1.4.0; the full v1.5.0 release mechanics are finalized
in the formal release cut.

**Status (verified 2026-05-30 via live registry queries):** v1.1.0,
v1.2.0, v1.3.0, and v1.4.0 are all published on the three registries.
v1.4.0 is a maintenance release bundling documentation
(`docs/runbooks/` on-call playbooks, `SECURITY.md`, issue/PR
templates), CI hardening (`contract.yml`
Expand All @@ -20,6 +29,9 @@ gate). No runtime API changes from v1.3.0.

| Registry | Package | Version | Upload time (UTC) | Tag commit |
|----------|---------|---------|-------------------|------------|
| PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` |
| PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.5.0/) | 1.5.0 | 2026-06-05 07:48 | `c99d094` |
| npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.5.0) | 1.5.0 | 2026-06-05 07:48 | `c99d094` |
| PyPI | [`agentflow-runtime`](https://pypi.org/project/agentflow-runtime/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` |
| PyPI | [`agentflow-client`](https://pypi.org/project/agentflow-client/1.4.0/) | 1.4.0 | 2026-05-24 21:05 | `e58693b` |
| npm | [`@yuliaedomskikh/agentflow-client`](https://www.npmjs.com/package/@yuliaedomskikh/agentflow-client/v/1.4.0) | 1.4.0 | 2026-05-24 21:05 | `e58693b` |
Expand Down Expand Up @@ -48,15 +60,15 @@ through `v1.4.0`.

```bash
# PyPI metadata
curl -sf "https://pypi.org/pypi/agentflow-runtime/1.4.0/json" -o /dev/null && echo OK
curl -sf "https://pypi.org/pypi/agentflow-client/1.4.0/json" -o /dev/null && echo OK
curl -sf "https://pypi.org/pypi/agentflow-runtime/1.5.0/json" -o /dev/null && echo OK
curl -sf "https://pypi.org/pypi/agentflow-client/1.5.0/json" -o /dev/null && echo OK

# npm metadata
npm view "@yuliaedomskikh/agentflow-client@1.4.0" version dist.tarball
npm view "@yuliaedomskikh/agentflow-client@1.5.0" version dist.tarball

# Install smoke
python -m venv /tmp/.afcheck && . /tmp/.afcheck/bin/activate
pip install agentflow-runtime==1.4.0 agentflow-client==1.4.0
pip install agentflow-runtime==1.5.0 agentflow-client==1.5.0
python -c "from importlib.metadata import version; print(version('agentflow-runtime'), version('agentflow-client'))"
```

Expand Down Expand Up @@ -158,8 +170,9 @@ same one.
| v1.2.0 | `eb59508` | published |
| v1.3.0 | `8fa99e6` | published |
| v1.4.0 | `e58693b` | published |
| v1.5.0 | `c99d094` | published |

The next release (1.5.0 or 2.0.0) should follow the same recipe:
The next release (2.0.0) should follow the same recipe:
bump 5 files (root `pyproject.toml`, `sdk/pyproject.toml`,
`sdk/agentflow/__init__.py`, `sdk-ts/package.json`,
`sdk-ts/package-lock.json`), update Helm chart/app image pins when the
Expand Down
2 changes: 1 addition & 1 deletion site/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ <h3>Self-directed deployment</h3>
<p class="section-kicker">Performance baseline</p>
<h2>Current benchmark numbers from the repository baseline.</h2>
</div>
<p class="section-note">Source: <a href="https://github.com/brownjuly2003-code/agentflow/blob/main/docs/benchmark-baseline.json">docs/benchmark-baseline.json</a>, checked on 2026-04-18.</p>
<p class="section-note">Source: <a href="https://github.com/brownjuly2003-code/agentflow/blob/main/docs/release-readiness.md">docs/release-readiness.md</a> — aggregate load-test run (569 requests, 0 failures).</p>
</div>
<div class="metrics-grid">
<article class="metric">
Expand Down
Loading