Skip to content

chore(release): 1.4.0#81

Merged
tachyon-beep merged 1 commit into
mainfrom
release/1.4.0
Jun 29, 2026
Merged

chore(release): 1.4.0#81
tachyon-beep merged 1 commit into
mainfrom
release/1.4.0

Conversation

@tachyon-beep

Copy link
Copy Markdown
Collaborator

Prepares the 1.4.0 release (minor bump on top of 1.3.1 — user-facing features shipped since the last tag).

Version bump (lockstep)

Bumps 1.3.1 → 1.4.0 across the Cargo workspace, every crate's internal path-dep pins (incl. the new loomweave-llm crate), both maturin bin-wheels (loomweave + rust-plugin-dist), the Python + Rust plugin manifests, the rust-plugin-dist wheel-data manifest, and the Python version-assertion tests. Cargo.lock + plugins/python/uv.lock regenerated. All 8 scripts/check-*.py lockstep guards pass.

CHANGELOG

Adds a curated [1.4.0] section covering the 45 commits since v1.3.1draft for owner review:

Verification

Full floor green locally: fmt, clippy -D warnings, build, nextest (1977 passed, WARDLINE_REPO set), doc -D warnings, deny, ruff, mypy --strict, pytest (220 passed, 87% coverage).

Tagging

The v1.4.0 tag is held — not pushed here. After this merges, the maintainer pushes the tag, which triggers release.yml (multi-platform build + PyPI publish + GitHub Release).

🤖 Generated with Claude Code

Bump workspace + Python plugin versions 1.3.1 → 1.4.0 in lockstep: the Cargo
workspace version, every crate's internal path-dep pins (incl. the new
loomweave-llm crate), both maturin bin-wheels (loomweave + rust-plugin-dist),
the Python + Rust plugin manifests, the rust-plugin-dist wheel-data manifest,
and the Python version-assertion tests. Refresh Cargo.lock and the plugin
uv.lock.

Also bump anyhow 1.0.102 → 1.0.103 to clear a fresh RUSTSEC soundness advisory
(downcast_mut, dtolnay/anyhow#451) that cargo-deny advisories flags on a fresh
DB — lockfile only, no API change.

CHANGELOG 1.4.0 entry covers the 45 commits since 1.3.1: loomweave-llm provider
extraction (loomweave-core links no outbound HTTP client), the Warpline churn
consumer lighting up high_churn/recently_changed, ADR-054 Rust reachability
roots, federation-keying + graph-integrity fixes, the plugin anchor_entity_id
trust-boundary strip, the cross-repo conformance oracles, and the anyhow
security bump.

Minor bump (not patch): user-facing features shipped since 1.3.1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e2fd30a19f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


[dependencies]
loomweave-plugin-rust = { path = "../../crates/loomweave-plugin-rust", version = "1.3.1" }
loomweave-plugin-rust = { path = "../../crates/loomweave-plugin-rust", version = "1.4.0" }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Regenerate the standalone Rust plugin lockfile

This release bump updates the standalone Rust plugin dist crate to depend on loomweave-plugin-rust 1.4.0, but the checked-in packaging/rust-plugin-dist/Cargo.lock still records the dist/core/plugin packages at older versions, so locked builds of this manifest fail before compiling because Cargo must rewrite the lockfile. I verified this against the reviewed tree with cargo metadata --locked --manifest-path packaging/rust-plugin-dist/Cargo.toml, and cargo metadata --help defines --locked as asserting that Cargo.lock remains unchanged; regenerate and commit this dist lockfile with the 1.4.0 bump.

Useful? React with 👍 / 👎.

loomweave-federation = { path = "../loomweave-federation", version = "1.3.1" }
loomweave-storage = { path = "../loomweave-storage", version = "1.3.1" }
loomweave-core = { path = "../loomweave-core", version = "1.4.0" }
loomweave-llm = { path = "../loomweave-llm", version = "1.4.0" }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Publish loomweave-llm before dependent crates

When this 1.4.0 tag runs publish-crates, .github/workflows/release.yml publishes core/scanner/analysis/storage/federation/plugin-rust/mcp/cli but never publishes loomweave-llm, while this bumped dependency is converted into the registry dependency required by the published loomweave-mcp and loomweave-cli crates. I checked cargo publish --help: -p, --package selects the package(s) to publish, so dependencies are not uploaded implicitly; add publish loomweave-llm before the crates that depend on it or the crates.io release stalls when loomweave-mcp/loomweave-cli need loomweave-llm = 1.4.0.

Useful? React with 👍 / 👎.

@tachyon-beep tachyon-beep merged commit 47591a5 into main Jun 29, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant