Skip to content

Release 0.4.0#7

Merged
matbmeijer merged 13 commits into
mainfrom
release/0.4.0
May 8, 2026
Merged

Release 0.4.0#7
matbmeijer merged 13 commits into
mainfrom
release/0.4.0

Conversation

@matbmeijer

@matbmeijer matbmeijer commented May 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Cuts the 0.4.0 release. Headline change: first-class UNTP DPP 0.7.0 support alongside existing 0.6.x — both wire formats coexist and are auto-detected from @context / $schema URLs.

  • New version-namespaced models (dppvalidator.models.v0_7.*) covering every required field per the upstream UNTP 0.7.0 schema.
  • Per-version validator dispatch (_MODEL_BY_VERSION, ALL_RULES_BY_VERSION, LINK_PATHS_BY_VERSION); engine selects the right artefact set per detected version.
  • v0.6 → v0.7 compat shim (dppvalidator.compat.upgrade_0_6_to_0_7.upgrade); CLI surface: dppvalidator migrate and validate --upgrade-from.
  • VER001 fail-fast for pinned-version mismatch.
  • Verifier proofValue decoding: base64 signatures whose first character is z no longer get misrouted to the base58btc decoder (~1.5% of random Ed25519 signatures).

See CHANGELOG.md [0.4.0] for the full set.

Test plan

  • Develop CI green at 1b7120e (lint + 15-cell test matrix + pip-audit + license check + ty)
  • pyproject.toml, uv.lock, and CHANGELOG.md aligned at 0.4.0 / 2026-05-08
  • Local uv run pytest tests/unit/ — 1880 passed, 13 skipped
  • Verifier regression test (test_ed25519_proof_with_leading_z_base64_signature) covers the proofValue decode bug
  • After merge: tag v0.4.0 on main to trigger PyPI publish
  • Verify TestPyPI smoke-test, PyPI publish, GitHub release with SBOM, SLSA provenance

🤖 Generated with Claude Code

matbmeijer and others added 13 commits January 30, 2026 03:21
@matbmeijer
chore: add docs/windsurf/ to .gitignore
8f7b091
@matbmeijer
Merge branch 'main' of github.com:artiso-ai/dppvalidator into develop
5705e03
@matbmeijer
Update develop
a5b5843
@matbmeijer
Remove vulnerabilities
e4ee27d
@matbmeijer
Adapt to work
65d57c0
@matbmeijer
Proper error management
7ac92a6
@matbmeijer
Adaptation
b4a0e3c
@matbmeijer
Right format
b9d3bd0
@matbmeijer
Solve version issue
6d93f8d
@matbmeijer
Adapted changes
56e203f
@matbmeijer
Smoke test
5228c58
@matbmeijer @claude
fix(verifier): disambiguate multibase vs base64 proofValue
1b7120e 
A leading "z" SHOULD indicate multibase base58btc per the W3C Data
Integrity spec, but standard base64 also contains "z" in its
alphabet. ~1/64 of Ed25519 signatures encode with a leading "z" in
plain base64, causing the verifier to misroute them to the base58btc
decoder, fail decode, and return None instead of validating.

The verifier now tries base58btc first when the prefix matches and
falls back to base64 if that decode fails or yields empty bytes.

Tests: the round-trip test is now seeded for reproducibility, and a
new regression test searches the seed space for a leading-"z" base64
signature and asserts the verifier accepts it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matbmeijer @claude
chore(release): 0.4.0
3e93d69 
- Bump pyproject.toml + uv.lock to 0.4.0
- Datestamp CHANGELOG entry (2026-05-08)
- Document the verifier proofValue decoding fix under Fixed

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matbmeijer matbmeijer merged commit eca5f7b into main May 8, 2026
25 of 30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matbmeijer