release: v0.11.5 (G11.0.4 / F24 corrective)#24
Merged
Conversation
… path drift) Closes F24 LOW-MEDIUM per Round 31 audit sections 2-3. Wraps step4_load_trust_root TrustedRoot import in public-first then private-fallback pattern (Option A); preserves forward-compat with sigstore 4.x while handling 3.x correctly today. Adds pinning test that catches future sigstore-python API drifts at PR CI rather than only at post-merge smoke-test. Empirical proof of F22 + F23 + F24 chain closure: failure mode shift across v0.11.0 -> v0.11.5 reads CASM-V-001 (F22) -> CASM-V-021 (F23) -> CASM-V-021 (F24) -> green. Substrate change: 3 substantive lines in verification.py (inner try, inner except, inner fallback from) plus 1 new pinning test. Test count 596 -> 597. Option B declined; Option C deferred per Round 31 audit section 3. Local verification (sandbox): - pytest -q -> 550 passed, 47 skipped (597 collected, +1 from v0.11.4: tests/test_gate11_step4_import_resolves.py) - ruff check + ruff format --check + mypy clean - release_sweep.py clean (README pins synchronized to v0.11.5) - Em-dash check (extended scope) clean - furqan-lint version -> furqan-lint 0.11.5 Note: tests/test_gate11_verification.py:test_compose_fails_at_step6_with_fake_bundle extended its acceptable-codes set with CASM-V-035. Pre-F24 this test passed because step4 always failed first with CASM-V-021 (the bug F24 fixes); post-F24 step4 succeeds and the verifier reaches step6 reliably, where the v0.11.0 C-1 refuse-without-policy default raises CASM-V-035 when no Identity policy is supplied. The test update reflects the post-F24 reality, not a substrate behavior change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.11.5 — G11.0.4 / F24 corrective (al-Bayyina sigstore API path drift)
Closes Round 31 audit F24 LOW-MEDIUM.
Substrate change
step4_load_trust_rootTrustedRootimport wrapped in public-first then private-fallback pattern (Option A from Round 31 audit §3):Preserves forward-compat with sigstore 4.x while handling 3.x correctly today. Outer
exceptpreserves existingCASM-V-021semantics for genuine sigstore-not-installed.Pinning test (forward-looking discipline)
tests/test_gate11_step4_import_resolves.py(NEW): catches future sigstore-python API drifts at PR CI rather than only at post-merge smoke-test. Test count 596 → 597.Existing test update (failure-mode-shift evidence)
tests/test_gate11_verification.py:test_compose_fails_at_step6_with_fake_bundleextended its acceptable-codes set withCASM-V-035. Pre-F24 this test reached step4 and always failed there withCASM-V-021(the bug F24 fixes); post-F24, step4 succeeds and the verifier reaches step6, where the v0.11.0 C-1 refuse-without-policy default raisesCASM-V-035when no Identity policy is supplied. The test update reflects the post-F24 reality, not a substrate behavior change. This is the al-Bayyina failure-mode-shift evidence pattern.Failure-mode chronology (chain of clear evidence)
Local gate sweep
Deferred (per Round 31 audit §3)
Mushaf chain: G11.0.1 (v0.11.2) → G11.0.2 (v0.11.3) → G11.0.3 (v0.11.4) → G11.0.4 al-Bayyina (v0.11.5 ← this PR) → G11.2 al-Mursalat → G11.3 an-Naziat → G11.4 Tasdiq al-Bayan.