Releases: PythonWoods/zenzic
Release list
v0.20.3
[0.20.3] — 2026-07-05
Highlights
This patch release executes a zero-tolerance cleanup of legacy features. Following the adoption of the English-Only governance model (ADR-022), the Z602 (I18N_PARITY) rule and all associated bilingual artifacts have been permanently eradicated from the engine.
Fixed & Removed
- Governance (Z602 Eradication): Completely removed the
Z602diagnostic code from the registry. The engine no longer validates structural parity between localized documentation trees. - Configuration Hygiene: Removed the obsolete
[i18n]block andi18n_parityparameter from theZenzicConfigmodel. - Documentation & CLI: Purged the
z602interactive fixture fromzenzic laband stripped all legacy bilingual mirroring instructions from the developer runbooks and reference guides.
Technical Details
- DQS Invariant: Repository Documentation Quality Score verified at 98/100 (2 pts calculated debt for build-time RSS artifact suppression).
- Exit Code Contract: 0 (Pass), 1 (Quality), 2 (Security), 3 (Traversal).
Full Changelog: v0.20.2...v0.20.3
v0.20.2
v0.20.1
[0.20.1] — 2026-07-04
Highlights
This patch release resolves a critical bug in the new Polyglot Extractor pipeline, restores the visual integrity of the zenzic.dev landing page, and synchronizes the documentation.
Fixed
- Core (Polyglot Extractor): Resolved an architectural leak where the
data-zenzic-ignoreattribute failed to prevent URLs from being passed to the Uniform Resolver Pipeline (URP). Suppressed HTML nodes now correctly bypass all link validation checks, eliminating falseZ104andZ603errors. - UI (Dark Mode): Restored the Landing Page's Dark Mode styling. Reverted an overly aggressive CSS purging configuration that conflicted with the underlying MkDocs Material theme engine.
- Documentation (Best Practices): Updated the configuration guides to accurately reflect how Zenzic handles build-time artifacts (such as RSS feeds). The documentation now correctly instructs users to apply the
data-zenzic-ignoreattribute to raw HTML links.
Technical Details
- DQS Invariant: Repository Documentation Quality Score remains verified at 100/100.
Full Changelog: v0.20.0...v0.20.1
v0.20.0
[0.20.0] — 2026-07-04
Highlights
Zenzic v0.20.0 "The Extensibility Update" opens the engine's core to the community. With the introduction of the Custom Rules API v2, engineering teams can now write bespoke Python plugins to enforce corporate-specific documentation governance, operating directly on Zenzic's lossless Abstract Syntax Tree.
Core Features
-
Custom Rules API (AST Walker): Developers can now create custom rules by subclassing
BaseASTRule. The API provides direct access to traverse and inspect Markdown nodes (Headings, Paragraphs, Links) and HTML tags extracted by the Polyglot engine, with zero configuration required (auto-discovery from.zenzic/rules/*.py). -
Deterministic Sandbox (Z901 & Z902): To protect the
$O(N)$ performance invariant and the "Zero Crash" policy, custom rules are executed within a strict deterministic sandbox.- Unhandled Python exceptions emit a
Z901 (RULE_ENGINE_ERROR), allowing the main scan to continue uninterrupted. - Rules are subject to a Visitation Budget (
max_visits = 10000). If a custom rule inspects too many nodes (indicating an infinite loop or inefficient logic), the engine terminates the rule and emits aZ902 (RULE_TIMEOUT)warning.
- Unhandled Python exceptions emit a
-
Auto-Fix Expansion: The
zenzic fixcommand has been expanded. Code definitions in the registry now support afixableboolean flag, surfaced viazenzic explain.-
Z121 (Missing href): Automatically injects
href="#", safely converting a structural error into a trackable hygiene warning (Z122). -
Z603 (Dead Suppression): Automatically removes obsolete
<!-- zenzic:ignore -->comments anddata-zenzic-ignoreattributes from the source.
-
Z121 (Missing href): Automatically injects
Fixed & Improved
- Polyglot Leak Resolved: Fixed an architectural blind spot where
data-zenzic-ignoreattributes failed to suppress Z104 errors generated by the Uniform Resolver Pipeline (URP). - Documentation Overhaul: Added comprehensive guides for writing AST rules (
write-ast-rule.md).
Technical Details
- DQS Invariant: Repository Documentation Quality Score verified at 99/100 (1 pt calculated debt for build-time artifact suppression).
- Exit Code Contract: 0 (Pass), 1 (Quality), 2 (Security), 3 (Traversal).
Full Changelog: v0.19.6...v0.20.0
v0.19.6
🔒 Security Advisory
This patch release resolves three vulnerabilities identified during Red Team adversarial audits. All users are advised to update to ensure DQS integrity and CI stability.
Fixed
- Security (DQS Evasion): Resolved the "Ghost Policy" bypass where developers could evade the Suppression Cap and DQS penalties by injecting leading spaces (e.g.,
" Z101") into.zenzic.tomlpolicies. The scoring engine now strictly sanitizes inputs. - Security (DoS via TOML Bomb): Hardened the configuration parser against mixed-type arrays. Malformed arrays no longer cause unhandled Python tracebacks (crashing the CI runner) but are safely caught and reported as
Z001(Fatal Config Error). - Security (Z603 Evasion): Fixed a logical flaw where duplicate inline suppressions on the same line were all marked as "consumed" by a single finding. Duplicates now correctly trigger
Z603(Dead Suppression) to prevent hidden debt.
Full Changelog: v0.19.5...v0.19.6
v0.19.5
What's Changed
- fix(core/validator): harden polyglot extractor comment masking and fence evasion by @PythonWoods-Dev in #146
- chore(release): bump version to 0.19.5 by @PythonWoods-Dev in #147
Full Changelog: v0.19.4...v0.19.5
v0.19.4
Fixed
- Core (Mutator): Hardened the Atomic Write Barrier to correctly follow symlinks during auto-fix operations, preventing the accidental overwriting of the symlink file itself.
- Core (Mutator): Implemented a robust
try...finallycleanup routine to guarantee the removal of transient.zenzic-tmp-*files even if the process receives aKeyboardInterrupt(SIGINT) during an atomic write. - Diagnostics (Z108): Enhanced the Z108 (Empty Link Text) regex and AST mutator to correctly detect and patch "formatted empty links" (e.g.,
[**](url)or[` `](url)), eliminating an AST drift edge-case.
Full Changelog: v0.19.3...v0.19.4
v0.19.3 — Security Patch: Z205 Evasion Fix
[0.19.3] — 2026-07-02
🔒 Security Advisory
This patch release addresses a security vulnerability in the Polyglot Extractor introduced in v0.19.0. All users utilizing Zenzic as a CI security gate are strongly advised to update immediately.
Fixed
- Security (Z205 Bypass): Resolved a parser differential vulnerability where attackers could evade the
Z205(Forbidden Scheme) security gate. The extractor now correctly adheres to the HTML5 "first-wins" attribute parsing rule, preventing "Double Href" injection attacks. - Security (Encoding Evasion): The engine now correctly unescapes HTML entities and strips obfuscating control characters before evaluating URI schemes, preventing bypasses using encoded
javascript:ordata:payloads.
Technical Details
-
Performance: The security hardening maintains the strict
$O(N)$ (RE2/DFA-pure) execution time invariant. - DQS Invariant: Repository Documentation Quality Score remains verified at 100/100.
v0.19.2 — Frontend Performance & LCP Optimization
[0.19.2] — 2026-07-02
Highlights
This patch release finalizes the structural optimizations to the Zenzic documentation portal (zenzic.dev), focusing on the Critical Rendering Path and payload minimization to achieve peak Lighthouse performance scores.
Fixed & Improved
- Performance (LCP): Optimized the Critical Rendering Path by injecting
<link rel="preconnect">resource hints for the GitHub API. This significantly reduces latency for client-side rendering of repository statistics (Stars/Forks). - Performance (CSS): Implemented strict Tailwind CSS purging via
tailwind.config.js. Unused utility classes have been stripped from the build, minimizing the frontend payload and reducing render-blocking time.
Technical Details
- Legal Compliance: All new frontend build configurations (Tailwind) are fully REUSE 3.3 compliant with explicit SPDX annotations.
- DQS Invariant: Repository Documentation Quality Score remains verified at 100/100.
v0.19.1 — Frontend Optimization & Agent Accessibility
[0.19.1] — 2026-07-02
Highlights
This patch release focuses on structural optimizations to the Zenzic documentation portal (zenzic.dev). We have upgraded the frontend to match the "Hostile Precision" of our backend engine, achieving perfect Lighthouse scores and ensuring full compliance with modern accessibility standards (including AI Agent navigation).
Fixed & Improved
- Agent Accessibility (WebMCP): Added an accessible name (
aria-label="Search dialog") to the MkDocs search component. This resolves a critical Lighthouse penalty and allows screen readers and AI agents to correctly parse the accessibility tree (AOM). - WCAG 2.1 AA Compliance: Resolved contrast failures across homepage templates. Shifted light mode secondary text to
zinc-600and dark mode secondary text tozinc-400to guarantee high legibility. - Performance (LCP): Eliminated render-blocking network requests. Google Fonts (Inter, IBM Plex Mono, Barlow Condensed, JetBrains Mono) are now self-hosted for offline compliance and improved Largest Contentful Paint (LCP).
- Performance (CLS): Added explicit
widthandheightconstraints to raw HTML image tags (e.g., the main logo) to eliminate Cumulative Layout Shift. - SEO Hygiene: Enforced strict, sub-160-character meta
descriptionfields across all top-level documentation pages.
Technical Details
- Legal Compliance: The
NOTICEfile has been updated with full attributions and licenses (SIL OFL 1.1 / Apache 2.0) for the newly self-hosted fonts. - DQS Invariant: Repository Documentation Quality Score remains verified at 100/100.