chore(release): 1.4.0#81
Conversation
Bump workspace + Python plugin versions 1.3.1 → 1.4.0 in lockstep: the Cargo workspace version, every crate's internal path-dep pins (incl. the new loomweave-llm crate), both maturin bin-wheels (loomweave + rust-plugin-dist), the Python + Rust plugin manifests, the rust-plugin-dist wheel-data manifest, and the Python version-assertion tests. Refresh Cargo.lock and the plugin uv.lock. Also bump anyhow 1.0.102 → 1.0.103 to clear a fresh RUSTSEC soundness advisory (downcast_mut, dtolnay/anyhow#451) that cargo-deny advisories flags on a fresh DB — lockfile only, no API change. CHANGELOG 1.4.0 entry covers the 45 commits since 1.3.1: loomweave-llm provider extraction (loomweave-core links no outbound HTTP client), the Warpline churn consumer lighting up high_churn/recently_changed, ADR-054 Rust reachability roots, federation-keying + graph-integrity fixes, the plugin anchor_entity_id trust-boundary strip, the cross-repo conformance oracles, and the anyhow security bump. Minor bump (not patch): user-facing features shipped since 1.3.1. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
e2fd30a to
038a273
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e2fd30a19f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| [dependencies] | ||
| loomweave-plugin-rust = { path = "../../crates/loomweave-plugin-rust", version = "1.3.1" } | ||
| loomweave-plugin-rust = { path = "../../crates/loomweave-plugin-rust", version = "1.4.0" } |
There was a problem hiding this comment.
Regenerate the standalone Rust plugin lockfile
This release bump updates the standalone Rust plugin dist crate to depend on loomweave-plugin-rust 1.4.0, but the checked-in packaging/rust-plugin-dist/Cargo.lock still records the dist/core/plugin packages at older versions, so locked builds of this manifest fail before compiling because Cargo must rewrite the lockfile. I verified this against the reviewed tree with cargo metadata --locked --manifest-path packaging/rust-plugin-dist/Cargo.toml, and cargo metadata --help defines --locked as asserting that Cargo.lock remains unchanged; regenerate and commit this dist lockfile with the 1.4.0 bump.
Useful? React with 👍 / 👎.
| loomweave-federation = { path = "../loomweave-federation", version = "1.3.1" } | ||
| loomweave-storage = { path = "../loomweave-storage", version = "1.3.1" } | ||
| loomweave-core = { path = "../loomweave-core", version = "1.4.0" } | ||
| loomweave-llm = { path = "../loomweave-llm", version = "1.4.0" } |
There was a problem hiding this comment.
Publish loomweave-llm before dependent crates
When this 1.4.0 tag runs publish-crates, .github/workflows/release.yml publishes core/scanner/analysis/storage/federation/plugin-rust/mcp/cli but never publishes loomweave-llm, while this bumped dependency is converted into the registry dependency required by the published loomweave-mcp and loomweave-cli crates. I checked cargo publish --help: -p, --package selects the package(s) to publish, so dependencies are not uploaded implicitly; add publish loomweave-llm before the crates that depend on it or the crates.io release stalls when loomweave-mcp/loomweave-cli need loomweave-llm = 1.4.0.
Useful? React with 👍 / 👎.
Prepares the 1.4.0 release (minor bump on top of
1.3.1— user-facing features shipped since the last tag).Version bump (lockstep)
Bumps
1.3.1 → 1.4.0across the Cargo workspace, every crate's internal path-dep pins (incl. the newloomweave-llmcrate), both maturin bin-wheels (loomweave+rust-plugin-dist), the Python + Rust plugin manifests, the rust-plugin-dist wheel-data manifest, and the Python version-assertion tests.Cargo.lock+plugins/python/uv.lockregenerated. All 8scripts/check-*.pylockstep guards pass.CHANGELOG
Adds a curated
[1.4.0]section covering the 45 commits sincev1.3.1— draft for owner review:high_churn/recently_changed); ADR-054 Rust dead-code reachability roots.loomweave-llmprovider extraction (core links no outbound HTTP); SEI git-rename consumer →legis/git/rename-feed; filigree federation over newline JSON-RPC.contains-edge prune (fix(storage): heal stale contains edge on file_scope claim move (clarion-abda98c869) #75); incremental re-analyze on tag-schema move (fix(analyze): re-dispatch a plugin's files when its tag schema moves (clarion-e12d424f1d) #71); pluginanchor_entity_idtrust-boundary strip (fix: restrict anchor_entity_id to trusted findings; re-vendor wardline taint golden #80).Verification
Full floor green locally: fmt, clippy
-D warnings, build,nextest(1977 passed,WARDLINE_REPOset), doc-D warnings, deny, ruff, mypy--strict, pytest (220 passed, 87% coverage).Tagging
The
v1.4.0tag is held — not pushed here. After this merges, the maintainer pushes the tag, which triggersrelease.yml(multi-platform build + PyPI publish + GitHub Release).🤖 Generated with Claude Code