Tags: NORTHTEKDevs/aiproof
Tags
release: 0.1.4 — AIP006 placeholder suppression + retract false claim
Earlier release materials claimed aiproof found 'real credential leaks
in AutoGPT and haystack'. That claim was wrong. Both flagged lines were
docstring placeholders / Python code examples, not live keys:
- AutoGPT setup.md:160 = ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxx... (literal)
- haystack release notes:35 = Secret.from_token("sk-randomAPIkey...")
This was caught when the user pushed back on the claim. Verified by
reading the actual files. Apologies if anyone routed that back to those
maintainers — those weren't bugs in their repos.
This release:
1. Adds is_placeholder() to AIP006: skip matches with 5+ identical-char
runs OR self-labeling substrings (your, example, placeholder, random,
fake, demo, redact, replace, insert, changeme, xxxxx, etc.).
2. 4 new regression tests in aip006_hardcoded_credential.rs covering
both real-world FP cases + a positive case proving non-placeholder
strings still flag.
3. CHANGELOG: explicit retraction in v0.1.4 entry + corrected v0.1.0
release notes section.
4. README: rewrote 'Proof it works' section into honest 'Tested against
real-world projects' — drops fabricated-sounding finding claims,
describes corpus as a regression gate.
Post-fix corpus scan: 0 AIP006 findings across the 20-repo corpus.
That's expected — popular maintained AI repos don't ship live keys.
178 tests, clippy -D warnings clean.
release: 0.1.3 — PyPI discoverability tags PyPI before: 5 sparse classifiers, 0 keywords. Search for 'prompt linter' or 'llm static analysis' didn't surface aiproof at all. PyPI after: 15 keywords (llm, prompt-engineering, prompt-linter, ai-safety, llm-security, prompt-injection, anthropic, openai, claude, chatgpt, etc.) + 23 classifiers (Operating System matrix, Python 3.9-3.13, Rust, Topic :: Security, Topic :: AI, Typing :: Typed). Also: Development Status bumped Alpha -> Beta (accurate for shipping multi-platform wheels), description sharpened, Changelog + Issues URLs added to project metadata. No code changes. crates.io tags unchanged (5/5 keyword cap). GitHub topics unchanged (17).
release: 0.1.2 — fix dead aiproof.dev URLs aiproof.dev is not a registered domain. Every diagnostic emitted by aiproof and the README example output pointed at it, so users who clicked the link from --explain or pretty output got 404s. Repointed all explain_url values across the 19 emitting rules + the README example block + --init copy at: https://github.com/Frostbyte-Devs/aiproof/blob/main/docs/rules/AIPxxx.md (AIP014 is a v0.2 stub and emits no diagnostic, so no URL to fix.) Bumps every crate to 0.1.2.
release: 0.1.1 — fix manylinux flag in release workflow v0.1.0's release pipeline failed because --manylinux auto was passed in args (Linux-only flag), crashing macOS + Windows wheel builds. Moved to the dedicated manylinux: auto input on PyO3/maturin-action. Bumps every crate to 0.1.1. v0.1.0 stays on PyPI/crates.io as the initial-claim release; v0.1.1 is the first multi-platform wheel set.
fix(cli): bundle rule docs inside crate so cargo publish can include … …them cargo publish packages only files inside the crate directory. The old ../../../docs/rules/AIPxxx.md include_str! paths worked for local cargo build but broke cargo publish verification. Copied the 20 rule docs to crates/aiproof-cli/rules_docs/ and updated paths accordingly.