chore(release): prepare 0.1.0a1 alpha#46
Conversation
- Fix package author metadata: AgentTrust -> AgenTrust (correct wordmark). - Bump version 0.1.0 -> 0.1.0a1 so the build produces the alpha. - Rework the CHANGELOG Unreleased section into a 0.1.0a1 entry that states plainly what the release provides and, explicitly, what it does NOT yet claim (no real-hardware attestation, no live A2A transport, alpha schemas). Drops a stale "not yet implemented" bullet for Cedar binding, which landed. Does not cut a tag. release.yml already publishes to PyPI via Trusted Publishing; the only remaining prerequisite is configuring the trusted publisher for ca2a-runtime on PyPI. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Imran Siddique <imran.siddique@opaque.co>
carloshvp
left a comment
There was a problem hiding this comment.
Requesting changes on the release metadata claim surface.
The changelog does the right thing by saying 0.1.0a1 is not yet attested or confidential across trust domains on real hardware, but the package metadata that this PR prepares for PyPI still publishes:
description = "Confidential agent-to-agent runtime: attested, attenuated delegation and sealed peer channels for A2A"
That description is the public package tagline and will be read outside the README/LIMITATIONS context. For this alpha, it still overclaims the real-hardware attestation boundary that the changelog explicitly tries to preserve. Please make the pyproject.toml description match the alpha claim, for example by calling it an experimental/software-validated cA2A runtime or otherwise removing the standalone "attested/confidential" claim until the live transport + hardware-backed attestation tracker is done.
Validation performed: inspected the PR metadata and patch only; no runtime tests run because this is a release-metadata/changelog change.
Prep for the first public alpha. Does not cut a tag — this only makes the repo ready so you can publish a
0.1.0a1GitHub release when you choose.Changes
AgentTrust Contributors->AgenTrust Contributors(correct wordmark; this would otherwise ship into PyPI metadata).0.1.0->0.1.0a1so the build produces the alpha.Unreleasedsection into a0.1.0a1entry that states what the release provides and, explicitly, what it does not yet claim. Dropped a stale "not yet implemented" bullet (Cedar binding, which has landed).Draft GitHub release body (for when you cut the tag)
Before publishing (your action, not code)
release.ymlalready publishes to PyPI via Trusted Publishing (pypa/gh-action-pypi-publish, OIDC,environment: pypi). The only prerequisite is registering the trusted publisher forca2a-runtimeon PyPI (owneragentrust-io, repoca2a, workflowrelease.yml, environmentpypi).v0.1.0a1GitHub release triggers build -> PyPI publish -> AGT governance-release evidence.