Release v1.1.0: Native Telemetry Gate & Core v0.9.0 Alignment#7
Merged
Conversation
Clears the pre-existing [Unreleased] DX-only entries from the public changelog (local tooling is not a public release note).
Add 🔍 to Zenzic Sentinel (action audit) and rename Final Guard to Zenzic-Action Final Guard for cross-repo consistency.
…nce templates - Add dependabot.yml (github-actions only — no pip/npm in this repo) - Add secret-scan.yml, security-posture.yml (checks self-check.yml) - Add PULL_REQUEST_TEMPLATE.md (exit code contract, shell composability, action.yml contract) - Add ISSUE_TEMPLATE: bug_report.yml, feature_request.yml, security_vulnerability.yml, gate-bypass-postmortem.md
…n RELEASE.md - zenzic.toml: brand_obsolescence expanded (Sentinel, Blood Sentinel, Shield, Epoch, Forge, Red Team, Operation) - .pre-commit-config.yaml: 'EPOCH 4' → 'v0.4.x' in pre-push guard comment - RELEASE.md: rewritten to lean 53-line standard (was 40 lines — restructured to match standard)
…inology fleet-wide
- Track date row 'YYYY-MM-DD' in RELEASE.md with regex pattern so the release date is updated automatically on each bump
action.yml: - astral-sh/setup-uv@v8.1.0 -> @08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 - github/codeql-action/upload-sarif@v4 -> @7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4 ADR-089 SHA-pinning compliance. Exit Code 0 on zenzic-action verified.
project_metadata.release_name was still set to 'Basalt' (geological codename), contradicting the brand_obsolescence list that includes 'Basalt' as a banned term. Updated to version string v1.1.0. Exit Code 0 verified post-fix.
In CI, self-check.yml checks out PythonWoods/zenzic into _zenzic_core/. Since docs_dir='.', Zenzic scans the entire repo root including this directory and fires Z903 on every test file (not referenced in docs). _zenzic_core/ is a CI runtime artifact, not action documentation. Adding it to excluded_dirs restores parity between local (dir absent) and CI (dir present but excluded). Root cause of 107 Z903 errors reported in CI run.
…ning Document inherited security fix: [governance].brand_obsolescence in .zenzic.local.toml now uses additive semantics — local overrides can extend but never remove globally-configured brand protection terms.
…t model and merge semantics
… to eradicate drift
…alidation Both the EN and IT reference pages for zenzic-action on zenzic.dev are translated and exist in zenzic-doc, but the site build for v0.8.0 is not yet deployed. Adding temporary exclusions prevents false Pass 3 failures in CI until the deploy goes live. TODO: Remove both entries post-deploy v0.8.0.
- Replace 4-Gates badge with audit:_passed (fleet conformance, EN+IT) - Add Advanced Workflows section EN: Debt Regression Blocking, Sovereign Nightly Audit, Using Action Outputs — before Exit Codes - Add Workflow Avanzati section IT: same content, bilingual parity - .zenzic.toml: restore excluded_external_urls with accurate comments: GitHub URLs excluded due to CI rate-limiting (429); zenzic.dev reference pages are in-flight (exist in release/v0.8.0 branch, site at v0.7.1); TODO to remove after v0.8.0 deploy
zenzic-action has no CODE_OF_CONDUCT.md — the contributor-covenant.org --exclude-url was a defensive copy with no effect. Removed without adding to .zenzic.toml (no URL to protect).
…add SECURITY.md checklist item - .zenzic.toml: removed hardcoded v0.7.1 from excluded_external_urls TODO comment — deploy condition is release-agnostic (Phase 77-PRE-BUMP Azione C). - RELEASE.md: add SECURITY.md support-table maintenance task; the matrix requires human judgement at each release (D2 delibera approvata). DIA: Nessun Impatto
…tration The PR annotation diff previously referenced "Python 3.11+" as the installation prerequisite. The documented floor for Zenzic is 3.10+. DIA: Nessun Impatto
DIA: Nessun Impatto
Replace alt="zenzic" with alt="zenzic-audit" on the self-check CI badge, consistent with the fleet-wide lowercase kebab naming convention.
Adds check-stamp input (default: 'true') to action.yml and wires ZENZIC_CHECK_STAMP into the env block. The wrapper script runs 'uvx zenzic score --check-stamp --no-header' after check all unless ZENZIC_AUDIT=true or the caller opts out with check-stamp: 'false'.
…ate translated ledgers
…badge_stamp_files configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v1.1.0 — Native Telemetry Gate & Core v0.9.0 Alignment
Highlights
guard-scanInputNew optional input that runs
zenzic guard scanbefore the main quality gate — catches credential leaks earlier in the pipeline.cap-exceededOutputExposes suppression-cap governance failures as a named output for downstream workflow logic (e.g., blocking merge queues).
Sovereign Job Summary
CI-visible Job Summary output for every critical non-zero exit code (exit 2 and exit 3), removing silent failures.
Core v0.9.0 Alignment
Action default pin updated to Zenzic Core
0.9.0. Inherits RE2 union optimization, full lab gallery, and governance hardening from core.Security
Upgrade
The v1 floating tag is updated to point to v1.1.0.