Skip to content
This repository was archived by the owner on May 12, 2026. It is now read-only.

Releases: ob-aion/pruner

0.2.15

Choose a tag to compare

@github-actions github-actions released this 12 May 11:53
cd75e93
ci: 0.2.15 — pre-tag pin verifier + finding-positive fixture (#28)

* ci(release): pre-tag lockstep check in verify-action-pins.sh

Closes the 0.2.7 lockstep-skip bug class at the release-pipeline gate.

`scripts/verify-action-pins.sh` gains an opt-in check, activated when
`EXPECTED_RELEASE_TAG` is set in the script's environment. The check reads
`.github/workflows/scan.yml`, extracts the `uses: ob-aion/pruner@<X.Y.Z>`
literal, and exits 1 if `<X.Y.Z>` does not match the tag being cut. Local
runs without the env var keep the previous SHA-pin-only behaviour. Script
header documents the env-var contract and the updated exit-code set
(0 OK / 1 bad pin / 2 missing gh or scan.yml).

`.github/workflows/release.yml` reorders the steps so `Resolve tag` runs
before the renamed `Verify action SHA pins and scan.yml lockstep` step,
which receives the tag via `EXPECTED_RELEASE_TAG`. No behavioural change
to the SHA-pin loop or any downstream release step.

The 0.2.7 bug class: four consecutive releases (0.2.3-0.2.6) shipped
`scan.yml` pinned to the previous composite because the documented bump
step was a manual hand-edit that fell through review. Consumers calling
`scan.yml@0.2.6` got the 0.2.2 composite internally and missed the Cisco
engine bump. The 0.2.13 attempt to retire the lockstep via a structural
self-checkout pattern was reverted at 0.2.14 (cross-repo `github.*`
context refers to the caller). With the manual lockstep restored, this
verifier is the principled defence — pre-tag, scriptable, idempotent.

* test(self-scan): finding-positive fixture + 0.2.15 release prep

Closes the 0.2.8 exit-code bug class — `pruner scan` exit 1 (findings
present, all below threshold) must thread through `coroboros-pack-run`
and the gate step without being masked as a workflow failure.

`examples/finding-positive-skill/` is a minimal skill that trips four
sub-critical Coroboros pack rules: FC001 (high, name fails kebab-case),
FC003 (medium, top-level `custom_field`), FC004 (low, `metadata.version`
present), FC005 (low, non-SPDX license). Zero critical by design.
Companion `EXPECTATIONS.md` documents the cross-walk and distinguishes
the fixture from `examples/vulnerable-skill/` (21 findings, 7 critical,
every finding allowlisted in `.pruner-ignore.yml`).

`.github/workflows/self-scan.yml` adds a `pruner-finding-positive` job
invoking the composite via `uses: ./` against the new fixture at
`fail-on: critical`. Green outcome asserts the exit-code propagation
contract. The pre-existing `pruner-self-scan` job scans `.` from repo
root with `.pruner-ignore.yml` applied — every Pruner-side fixture
finding sits in the allowlist, so `pruner scan` exited 0 and the 0.2.8
bug never surfaced on the maintainer side until the first consumer
integration on `coroboros/agent-skills`. Finding-positive findings are
intentionally not allowlisted; they surface in Code Scanning at
downgraded severities (template-example weight 0.25 drops high to low,
medium to info, etc.) but never gate the workflow.

`.github/workflows/scan.yml` synced to `ob-aion/pruner@0.2.15` per the
lockstep contract, now verified pre-tag by the verifier extension in
the previous commit.

`CHANGELOG.md` — v0.2.15 entry covering both changes.

Branch protection on `main` requires `pruner-self-scan` already;
promoting `pruner-finding-positive` to a required status check is a
one-line `gh api` follow-up after the first green run on `main`.

* docs(changelog): scrub v0.2.15 entry against Coroboros brand voice

Split four sentences that ran over the 25-word hard cap. Tighten lexicon
("CI additions" not "defensive CI additions"), drop "lived as", drop the
verbose parenthetical that nested another em-dash inside a clause. Bullet
for the new fixture restructured: four rule items as short sentences
instead of a single 40-word parenthetical chain. Bullet for the new
self-scan job restructured: ten short sentences replace four long ones.

No semantic change. Same five bullets, same surface area.

* refactor(self-scan): dual-path allowlist for the finding-positive fixture + docs

PR review on `#28` surfaced inline `github-advanced-security[bot]` comments on
`examples/finding-positive-skill/SKILL.md`. The pre-existing `pruner-self-scan`
job uploaded the four sub-critical findings to Code Scanning, the bot mirrored
each as a PR review comment, and the public PR ended up annotated with
intentional-fixture noise.

Fix exploits the wrapper's path-relative behaviour:

- `pruner-self-scan` runs with `target-path: .`. Finding paths land as
  `examples/finding-positive-skill/SKILL.md` (repo-root-relative). The four
  new entries in `.pruner-ignore.yml` are keyed on exactly that path and match,
  so the findings filter out before SARIF upload. Security tab and PR review
  surface stay clean.
- `pruner-finding-positive` runs with `target-path: examples/finding-positive-skill`.
  The wrapper computes finding paths relative to `target-path`, so each one is
  the bare string `SKILL.md`. Allowlist entries do not match, findings fire,
  `pruner scan` exits 1, and the composite's `coroboros-pack-run` step has to
  mask that exit for the workflow to pass — exactly the 0.2.8 propagation
  contract this fixture exists to validate.

Same path-rooted asymmetry as the 14 `examples/vulnerable-skill/` entries
already in `.pruner-ignore.yml`, so the file stays internally consistent.

Documentation updates folded in alongside the fix.

- `examples/finding-positive-skill/EXPECTATIONS.md` gains a "Dual-path
  allowlist behaviour" section with the truth table above. Distinct-from-
  vulnerable-skill note tightened.
- `examples/finding-positive-skill/SKILL.md` body sentence split across the
  brand-voice 25-word cap.
- `.github/workflows/self-scan.yml` comment block reworded — earlier
  "zero `SKILL.md` files" was inaccurate; the real reason `pruner scan` exits
  0 on the pre-existing job is that every Pruner-side fixture finding sits in
  `.pruner-ignore.yml`.
- `docs/sha-pinning.md` gains a "Pre-tag lockstep check" section documenting
  the `EXPECTED_RELEASE_TAG` env-var contract on `verify-action-pins.sh`.
- `docs/threat-model.md` self-scan bullet now names both jobs; release-
  integrity bullet now mentions the verifier's two invariants (SHA-pin
  validity + scan.yml lockstep).
- `CHANGELOG.md` v0.2.15 entry gains a fifth bullet describing the allowlist
  additions.

0.2.14

Choose a tag to compare

@ob-aion ob-aion released this 12 May 09:22
3678c83

Hotfix that reverts the 0.2.13 scan.yml structural fix. The new pattern parsed github.workflow_ref and github.workflow_sha to derive the Pruner repo + SHA, then actions/checkout'd that into .pruner-action and invoked the composite via uses: ./.pruner-action. The pattern passed Pruner's own PR-only test-scan-yml.yml validator because both context variables resolve to the workflow's hosting repo when the reusable workflow is called locally (uses: ./.github/workflows/scan.yml). It failed on the first real cross-repo consumer call (coroboros/agent-skills@scan.yml@0.2.13) because under remote invocation, the entire github.* context refers to the caller's workflow, not the called reusable workflowWORKFLOW_REF=coroboros/agent-skills/.github/workflows/ci.yml@refs/pull/29/merge, FALLBACK_REPOSITORY=coroboros/agent-skills. The second checkout therefore cloned agent-skills (no action.yml) and uses: ./.pruner-action errored. GHA docs are explicit on this: "The github context, with the exception of github.token, references the calling workflow." No documented context exposes the called reusable workflow's own repo/ref/sha; expressions in uses: action refs are not supported (actions/runner#1493). The pattern is structurally unfixable. Scorecard documents the same chicken-and-egg in its RELEASE.md and lives with the manual two-step. Pruner does the same starting here.

  • .github/workflows/scan.yml reverted. uses: ob-aion/pruner@0.2.14 literal restored at the composite-invocation step. The lockstep contract codified in 0.2.7 is back; one line bumps every release.
  • .github/workflows/test-scan-yml.yml deleted. It validated a same-repo-local-call against the broken cross-repo-remote-call pattern — false confidence. self-scan.yml remains the load-bearing self-validation; it has the documented limitation of running against a target with zero SKILL.md files (the 0.2.8 blind spot).
  • <VERSION> placeholders survive. README.md, docs/consumer-integration.md (three refs), templates/workflow-{minimal,full}.yml keep the placeholder + latest-release-URL pattern. That convention is independent of the scan.yml lockstep and was never the source of the cross-repo bug.

Net effect against the pre-0.2.13 baseline: per-release file bumps drop from seven to two (CHANGELOG.md plus scan.yml's one-line literal). Not the one-file shrink 0.2.13 promised, but a real five-file improvement. The post-mortem lesson: same-repo-local-call CI tests do not validate cross-repo behaviour of reusable workflows; a real consumer PR is the only honest validation surface.

0.2.13

Choose a tag to compare

@ob-aion ob-aion released this 12 May 09:01
c4ed88c

Phase γ headline reposition plus a structural fix that retires the per-release manual version-pin bump. Pre-0.2.13, every release hand-edited seven files: one functional self-reference inside the reusable workflow plus six consumer-facing examples across README.md, docs/consumer-integration.md, and templates/. 0.2.7 codified the lockstep contract after a four-release skip bug. 0.2.11 codified the per-release example-pin sync. Both were workarounds for a manual process. Both retire here. Per-release file bumps shrink from seven to one. Phase β closed 2026-05-11 on coroboros/agent-skills 1.18.0 and 1.18.1, both pruner / pruner green. The README headline travels in link previews — load-bearing for Phase γ outreach on HackerNews, Lobste.rs, OpenSSF, and coroboros.com.

  • README.md — headline reposition. New bold opener: **Sigstore-signed attestations for AI agent skills.** Brand DNA Variants don't ship. Signal does. becomes the italic kicker. The urgency pitch follows: The agent-skills supply chain is the next attack surface. Pruner produces a portable, signed trust artefact that travels with every release tag. Replaces the prior tagline plus the Coroboros's attestation chain for agent skill repositories. description. The previous opener read well with context but underdelivered for a fresh reader.
  • README.md## Why now moved down. From first body section to between ## What Pruner is not and ## Quick start. The threat-surface paragraph reads as supporting context after the orientation arc (What Pruner isWhy a wrapperCode inside skillsWhat Pruner is not). TOC reordered to match.
  • .github/workflows/scan.yml — self-checkout pattern eliminates the lockstep contract. Previous: uses: ob-aion/pruner@<X> hand-edited every release; a skipped bump shipped consumers the prior composite (the 0.2.7 bug class). New: a self-ref step parses github.workflow_ref for the repository portion, actions/checkout clones that repo at github.workflow_sha into .pruner-action, then uses: ./.pruner-action invokes the composite. Version-coherent by construction — no literal version in the workflow file to skip. GHA does not support expressions in uses: action refs (actions/runner#1493, closed without implementation). The canonical workaround is uses: ./<path> after a path-aware checkout — same pattern actions/checkout uses to self-test.
  • Example pins switched to <VERSION> placeholder. README.md, docs/consumer-integration.md (three refs), and templates/workflow-{minimal,full}.yml no longer carry a literal tag. Each example points readers at https://github.com/ob-aion/pruner/releases/latest. The latest badge at the top of README.md is the one-click reference. Retires the per-release example-pin sync from 0.2.11.
  • Added .github/workflows/test-scan-yml.yml — PR-only validation of scan.yml end-to-end. Calls uses: ./.github/workflows/scan.yml from the PR branch against examples/benign-skill. self-scan.yml invokes uses: ./ directly and bypasses scan.yml — the blind spot that hid the 0.2.7 lockstep-skip bug for four releases. The new test job exercises the reusable workflow's structural pattern at PR time so any regression surfaces before merge.

0.2.12

Choose a tag to compare

@ob-aion ob-aion released this 11 May 12:03
ee7837b

Stylistic alignment of the Apache-2.0 appendix copyright line with the convention used across the public Coroboros workspace. The 0.2.11 release added the –End of Time signature but kept the bare Copyright 2026–End of Time Coroboros form; the rest of the workspace (coroboros/archivist, coroboros/agent-skills) carries (c) per the standard MIT template. This release brings Pruner into line. Apache-2.0 operative terms remain untouched.

  • LICENSE — appendix copyright line: Copyright 2026–End of Time CoroborosCopyright (c) 2026–End of Time Coroboros. Single-character-class addition at line 190 inside the customary APPENDIX: How to apply the Apache License to your work. block. SPDX classification stays Apache-2.0; downstream license scanners read the boilerplate, not the appendix string.
  • .github/workflows/scan.yml — synced to ob-aion/pruner@0.2.12 per the lockstep contract.
  • Consumer-facing example pins bumped to @0.2.12. README.md:94, docs/consumer-integration.md (three occurrences), templates/workflow-minimal.yml:15, templates/workflow-full.yml:18. Per the example-pin-moves-every-release convention established in 0.2.11.

0.2.11

Choose a tag to compare

@ob-aion ob-aion released this 11 May 11:45
29b5f25

Copyright-line alignment across the Coroboros workspace. The Pruner LICENSE carried the standard Apache-2.0 appendix copyright Copyright 2026 Coroboros, missing the –End of Time signature already in place on coroboros/archivist and coroboros/agent-skills. This release adds the signature to the appendix only. Apache-2.0 operative terms (sections 1–9, lines 1–177) are untouched. SPDX classification stays Apache-2.0 and downstream license scanners read the same boilerplate.

  • LICENSE — appendix copyright line: Copyright 2026 CoroborosCopyright 2026–End of Time Coroboros. Single-line edit at line 190 inside the customary APPENDIX: How to apply the Apache License to your work. block. No change to grant terms, redistribution conditions, patent grant, trademark clause, or warranty disclaimer.
  • .github/workflows/scan.yml — synced to ob-aion/pruner@0.2.11 per the lockstep contract.
  • Consumer-facing example pins bumped to @0.2.11. README.md:94, docs/consumer-integration.md (three occurrences), templates/workflow-minimal.yml:15, templates/workflow-full.yml:18. Previously frozen at @0.2.0 since the line cut; new convention going forward: example pins move every release so consumers reading the repo cold land on the latest tag.

0.2.10

Choose a tag to compare

@github-actions github-actions released this 11 May 10:52
9fa4eda
chore: 0.2.10 — add Coroboros mark to README (#23)

The Pruner repo shipped without an `assets/` folder at bootstrap and
the README opened on the title block with no Coroboros mark. The two
sibling subprojects (`coroboros/archivist` and `coroboros/agent-skills`)
both lead with the gold ouroboros at 288 by 288 — this release closes
the visual-consistency gap.

`assets/logo.png` is a verbatim copy of the canonical mark used by
`coroboros/archivist`, sourced from the shared Coroboros brand asset
pool (660 by 660 source PNG, 8-bit RGBA, ~84 kB). The README inserts
`<img src="assets/logo.png" width="288" height="288" alt="Coroboros"/>`
inside the existing centred div, immediately above the title. The
markup matches the archivist README line-for-line for side-by-side
browsing parity.

`.github/workflows/scan.yml` synced to `ob-aion/pruner@0.2.10` per the
lockstep contract.

0.2.9

Choose a tag to compare

@github-actions github-actions released this 11 May 09:51
5b68d02
feat: 0.2.9 — upload every SARIF in the bundle to Code Scanning (#22)

The composite action ran the Cisco engine, gitleaks, and the Coroboros
pack on every scan, but the `upload-sarif` step only pointed at
`coroboros.sarif`. Cisco and gitleaks findings stayed in the workflow
artefact bundle and never reached the GitHub Security tab. The Phase
beta consumer PR on `coroboros/agent-skills` exposed it: 22 Cisco
findings (mostly `ALLOWED_TOOLS_*_VIOLATION` on Python and shell scripts
inside skill folders) lived in `cisco.sarif` but did not surface in
`security/code-scanning`. Code-Scanning visibility was therefore half
of what the bundle actually contained.

Fix: change `sarif_file` from a single-file path to the report
directory. `github/codeql-action/upload-sarif@v4.35.3` walks the
directory, finds every `*.sarif` and `*.sarif.json`, and uploads each
under its own tool category. Captures `coroboros.sarif`, `cisco.sarif`,
`gitleaks.sarif`, and `snyk.sarif` when opted in. `actionlint.json` ends
in `.json` rather than `.sarif.json` and is skipped — actionlint
findings remain in the artefact bundle for download but do not appear
in the Security tab.

Three Code Scanning categories on a default Pruner run (pack, Cisco,
gitleaks); four with Snyk.

Also bumps `.github/workflows/scan.yml` to `ob-aion/pruner@0.2.9` per
the lockstep contract reinstated in 0.2.7.

0.2.8

Choose a tag to compare

@github-actions github-actions released this 11 May 08:44
b9a8c3d
fix: 0.2.8 — coroboros-pack-run masks pruner-scan exit 1 (findings pr…

0.2.7

Choose a tag to compare

@github-actions github-actions released this 11 May 08:13
f03f024
chore: 0.2.7 — sync scan.yml `uses:` tag with the release tag (#20)

The 0.2.0 release introduced a documented bump step — every release
must update `.github/workflows/scan.yml:52`'s `uses: ob-aion/pruner@<X>`
line in lockstep with the new tag. The step fell through 0.2.3, 0.2.4,
0.2.5, and 0.2.6 (four consecutive releases). Consumers calling
`uses: ob-aion/pruner/.github/workflows/scan.yml@0.2.6` were therefore
executing the 0.2.2 composite action internally, missing the
`cisco-ai-skill-scanner` bump 2.0.9 to 2.0.11 that 0.2.6 shipped.

This release catches scan.yml up to `@0.2.7`. Future releases keep the
two in lockstep.

0.2.6

Choose a tag to compare

@github-actions github-actions released this 11 May 07:11
c4b750a
chore(deps): 0.2.6 — bump cisco-ai-skill-scanner 2.0.9 → 2.0.11 (#17)

* chore(deps): 0.2.6 — bump cisco-ai-skill-scanner 2.0.9 → 2.0.11

Replaces Dependabot PR #10 with the full `wrapper/CISCO_PIN.md` bump
procedure. The bump folds in 2.0.10's rule-pack expansion (34 → 314
signatures, restructured by category) and 2.0.11's internal release-
pipeline fix. 2.0.10's opt-in surface (OpenAI-compatible LLM endpoints,
LiteLLM Gemini fallback, `--render-markdown`) does not affect Pruner;
the wrapper stays deterministic at v0.x.

Touched five surfaces for version consistency:

- `wrapper/pyproject.toml` — pin
- `wrapper/src/pruner_wrapper/cisco_runner.py` — `PINNED_VERSION`
- `scripts/setup-cisco.sh` — default
- `wrapper/CISCO_PIN.md` — version, release date, upstream main HEAD
  `ff708ea00fd401640112c138711c5c36ff4992a0` (2026-04-30), license
  re-verified 2026-05-11
- `wrapper/README.md` — pin reference
- five wrapper test fixtures (`test_cisco_runner.py` asserts the
  constant; the other four use the version as fixture data)

`docs/fp-audit.md` gets a 0.2.6 audit section with full reproduction
against the canonical corpus (`coroboros/agent-skills`,
`anthropics/skills`, `vercel-labs/agent-skills`):

- Coroboros pack (`--without-cisco`) deltas vs 0.1.0: +1 FC003 (corpus
  added one new skill matching the existing non-canonical-frontmatter
  pattern) and +1 PI-PERM-001 on `skills/design-system/SKILL.md` (rule
  added in 0.2.0, true positive). Three 0.1.0 tracking notes still
  apply unchanged.
- Cisco dual-version parity check (`--with-cisco` with 2.0.9 then 2.0.11
  on the same corpora): **identical rule-id distribution and counts**
  on both `coroboros/agent-skills` (22 findings, 6 rule IDs) and
  `vercel-labs/agent-skills` (20 findings, 8 rule IDs). The 280 newly
  added Cisco signatures fire on neither — likely target patterns not
  present in well-formed skill repositories.

License-drift guard re-validated: 2.0.11 ships Apache-2.0 intact at
`<venv>/lib/python*/site-packages/cisco_ai_skill_scanner-2.0.11.dist-info/licenses/LICENSE`.

Tests: 263 passed, coverage 90.83 percent.

* docs: humanize CHANGELOG and fp-audit entries against Coroboros voice

Three first-person plural instances ("our SARIF-upload-only use case",
"our dogfood targets", "our corpora") removed per the BRAND-VOICE.md
pronoun rule (third-person institutional, no first-person plural in
corporate communications).

One em-dash density hit on the fp-audit Per-repo bullet for
coroboros/agent-skills reduced from three em-dashes per line to one;
brand voice allows em-dashes, but three on a single line is busy. The
header em-dash separator stays, the inline clauses move to commas and
a colon.