Releases: enricopiovesan/Traverse
Releases · enricopiovesan/Traverse
Traverse v0.3.0
Immutable
release. Only release title and notes can be modified.
Traverse v0.3.0
Release date: 2026-06-06
Traverse v0.3.0 is the first GitHub Release after the historical v0.2.0 tag. The v0.2.0 tag remains part of the repository history, but it was not published as a GitHub Release. Consumers should pin v0.3.0 for the current app-consumable, supply-chain-hardened baseline.
Highlights
- Adds the HTTP/JSON application API surface for downstream apps, including local serve, discovery, registration, and execution paths.
- Adds workspace identity, auth, runtime grants, isolation policy, and audit evidence for app-facing execution.
- Adds OpenTelemetry-compatible runtime trace export so runtime decisions can be inspected outside Traverse-specific tooling.
- Adds WASI Host ABI v1 insulation so host imports are validated through a governed compatibility boundary.
- Adds connector plugin registry and resolution primitives for external integration growth.
- Adds the portable DataStore runtime model for the AP-leaning state path used by browser/offline-first consumers.
- Adds governed artifact signature verification, including Ed25519 and Sigstore trust paths.
- Adds supply-chain hardening evidence, including SBOM generation, provenance evidence, reproducibility checks, and artifact verification.
Compatibility Notes
- Traverse remains a
0.xproject. Public surfaces are governed and validated, but compatibility is still allowed to evolve before a1.0stability commitment. - The
v0.2.0tag exists as a historical workspace version bump and should not be treated as the current published release baseline. - No cross-platform binary package is attached to this release. The release publishes source, release notes, and supply-chain evidence artifacts.
Validation
Release preparation must pass these local gates before tagging:
bash scripts/ci/repository_checks.sh
bash scripts/ci/rust_checks.sh
bash scripts/ci/coverage_gate.sh
bash scripts/ci/supply_chain_check.shThe GitHub Release should attach the generated supply-chain evidence from target/supply-chain/:
traverse-sbom.cdx.jsonsupply-chain-summary.jsonartifact-verify-report.jsontraverse-cli.provenance.json
Traceability
- Release issue: #432
- Governing specs:
001-foundation-v0-1,031-supply-chain-hardening
Traverse v0.1.0
Immutable
release. Only release title and notes can be modified.
Traverse v0.1.0 is the first public app-consumable release of Traverse.
Supported use in this release:
- use Traverse as a governed runtime substrate
- use Traverse as an MCP substrate
- consume Traverse through documented public app-facing surfaces
- follow the first downstream-consumer path aligned with youaskm3
First start here:
- quickstart: quickstart.md
- canonical entry path: docs/app-consumable-entry-path.md
Authoritative release documents:
- consumer bundle: docs/app-consumable-consumer-bundle.md
- package release pointer: docs/app-consumable-package-release-pointer.md
- release checklist: docs/app-consumable-release-checklist.md
- acceptance path: docs/app-consumable-acceptance.md
- youaskm3 integration validation: docs/youaskm3-integration-validation.md
- youaskm3 compatibility conformance: docs/youaskm3-compatibility-conformance-suite.md
Validation commands:
- bash scripts/ci/app_consumable_package_release_pointer.sh
- bash scripts/ci/app_consumable_release_prep.sh
- bash scripts/ci/repository_checks.sh
Release intent:
- downstream apps own UI and product UX
- Traverse owns runtime execution, workflow/state behavior, traceability, and MCP-facing behavior
- this release is the first governed external-consumer baseline for Traverse