Merge pull request #346 from wphillipmoore/release/1.1.9

release: 1.1.9

Author: wphillipmoore

.github/workflows/ci.yml

@@ -2,10 +2,6 @@ name: CI - Test and Validate
 
 on:
   pull_request:
-  push:
-    branches:
-      - develop
-      - 'release/**'
 
 permissions:
   contents: read
@@ -16,24 +12,24 @@ concurrency:
 
 jobs:
   docs-only:
-    name: docs-only
+    name: "ci: docs-only"
     runs-on: ubuntu-latest
     outputs:
       docs-only: ${{ steps.detect.outputs.docs-only }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Detect docs-only changes
         id: detect
         uses: wphillipmoore/standard-actions/actions/docs-only-detect@develop
 
   standards-compliance:
-    name: standards-compliance
+    name: "ci: standards-compliance"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -43,11 +39,11 @@ jobs:
           commit-cutoff-sha: "df45093c260def11f409dc4f3ba86e91ec444797"
 
   dependency-audit:
-    name: dependency-audit
+    name: "ci: dependency-audit"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Python
         uses: wphillipmoore/standard-actions/actions/python/setup@develop
@@ -77,7 +73,7 @@ jobs:
           Python Software Foundation License"
 
   release-gates:
-    name: release-gates
+    name: "release: gates"
     runs-on: ubuntu-latest
     steps:
       - name: Skip on non-PR events
@@ -86,13 +82,13 @@ jobs:
 
       - name: Checkout code
         if: github.event_name == 'pull_request'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Set up Python 3.14
         if: github.event_name == 'pull_request'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.14"
 
@@ -114,7 +110,7 @@ jobs:
           main-version-command: git show origin/main:pyproject.toml | python3 -c "import sys, tomllib; print(tomllib.loads(sys.stdin.read())['project']['version'])"
 
   test-and-validate:
-    name: test-and-validate
+    name: "test: unit"
     runs-on: ubuntu-latest
     needs: docs-only
     strategy:
@@ -128,7 +124,7 @@ jobs:
 
       - name: Checkout code
         if: needs.docs-only.outputs.docs-only != 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Fetch base branch for version checks
         if: github.event_name == 'pull_request' && needs.docs-only.outputs.docs-only != 'true'
@@ -182,76 +178,99 @@ jobs:
             --cov-fail-under=100
 
   codeql:
-    name: codeql
+    name: "security: codeql"
     runs-on: ubuntu-latest
     needs: docs-only
-    if: needs.docs-only.outputs.docs-only != 'true'
     permissions:
       security-events: write
     steps:
+      - name: Docs-only short-circuit
+        if: needs.docs-only.outputs.docs-only == 'true'
+        run: echo "Docs-only changes detected; skipping CodeQL."
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        if: needs.docs-only.outputs.docs-only != 'true'
+        uses: actions/checkout@v6
 
       - name: Run CodeQL analysis
+        if: needs.docs-only.outputs.docs-only != 'true'
         uses: wphillipmoore/standard-actions/actions/security/codeql@develop
         with:
           language: python
 
   trivy:
-    name: trivy
+    name: "security: trivy"
     runs-on: ubuntu-latest
     needs: docs-only
-    if: needs.docs-only.outputs.docs-only != 'true'
     permissions:
       security-events: write
     steps:
+      - name: Docs-only short-circuit
+        if: needs.docs-only.outputs.docs-only == 'true'
+        run: echo "Docs-only changes detected; skipping Trivy."
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        if: needs.docs-only.outputs.docs-only != 'true'
+        uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scan
+        if: needs.docs-only.outputs.docs-only != 'true'
         uses: wphillipmoore/standard-actions/actions/security/trivy@develop
         with:
           scan-type: fs
 
   semgrep:
-    name: semgrep
+    name: "security: semgrep"
     runs-on: ubuntu-latest
     needs: docs-only
-    if: needs.docs-only.outputs.docs-only != 'true'
     permissions:
       security-events: write
     steps:
+      - name: Docs-only short-circuit
+        if: needs.docs-only.outputs.docs-only == 'true'
+        run: echo "Docs-only changes detected; skipping Semgrep."
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        if: needs.docs-only.outputs.docs-only != 'true'
+        uses: actions/checkout@v6
 
       - name: Run Semgrep SAST scan
+        if: needs.docs-only.outputs.docs-only != 'true'
         uses: wphillipmoore/standard-actions/actions/security/semgrep@develop
         with:
           language: python
 
   integration-tests:
-    name: integration-tests
+    name: "test: integration"
     runs-on: ubuntu-latest
     needs: docs-only
-    if: needs.docs-only.outputs.docs-only != 'true'
     steps:
+      - name: Docs-only short-circuit
+        if: needs.docs-only.outputs.docs-only == 'true'
+        run: echo "Docs-only changes detected; skipping integration tests."
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        if: needs.docs-only.outputs.docs-only != 'true'
+        uses: actions/checkout@v6
 
       - name: Set up Python
+        if: needs.docs-only.outputs.docs-only != 'true'
         uses: wphillipmoore/standard-actions/actions/python/setup@develop
         with:
           python-version: "3.14"
 
       - name: Install dependencies
+        if: needs.docs-only.outputs.docs-only != 'true'
         run: uv sync --frozen --group dev
 
       - name: Setup MQ environment
+        if: needs.docs-only.outputs.docs-only != 'true'
         uses: wphillipmoore/mq-rest-admin-dev-environment/.github/actions/setup-mq@main
         with:
           project-name: pymqrest
 
       - name: Run integration tests
+        if: needs.docs-only.outputs.docs-only != 'true'
         run: |
           MQ_SKIP_LIFECYCLE=1 \
           PYMQREST_RUN_INTEGRATION=1 \

.github/workflows/docs.yml

@@ -16,11 +16,11 @@ concurrency:
 
 jobs:
   deploy:
-    name: deploy
+    name: "deploy: docs"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.github/workflows/publish.yml

@@ -17,16 +17,16 @@ concurrency:
 
 jobs:
   publish:
-    name: publish
+    name: "publish: release"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Set up Python 3.14
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.14"
 
@@ -68,15 +68,15 @@ jobs:
 
       - name: Install uv
         if: steps.pypi_check.outputs.status == 'not_found'
-        run: python3 -m pip install uv==0.9.26
+        run: python3 -m pip install uv==0.10.4
 
       - name: Build sdist and wheel
         if: steps.pypi_check.outputs.status == 'not_found'
         run: uv build --sdist --wheel
 
       - name: Attest build provenance
         if: steps.pypi_check.outputs.status == 'not_found'
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: "dist/*"
 
@@ -113,7 +113,7 @@ jobs:
       - name: Generate app token for bump PR
         if: steps.tag_check.outputs.exists == 'false'
         id: app-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}

.pip-licenses-allowlist

@@ -0,0 +1,14 @@
+# Allowed license identifiers for pip-licenses compliance checks.
+# One entry per line. Lines starting with # are comments.
+Apache-2.0
+Apache-2.0 OR BSD-2-Clause
+Apache Software License
+BSD License
+BSD-2-Clause
+BSD-3-Clause
+GPL-3.0-or-later
+MIT
+MIT License
+Mozilla Public License 2.0 (MPL 2.0)
+PSF-2.0
+Python Software Foundation License

CHANGELOG.md

@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](https://semver.org/).
 
+## [1.1.9] - 2026-02-20
+
+### Documentation
+
+- ban MEMORY.md usage in CLAUDE.md (#339)
+- ban heredocs in shell commands (#340)
+
+### Features
+
+- add category prefixes to job names (#338)
+- adopt validate_local.sh dispatch architecture (#341)
+
 ## [1.1.8] - 2026-02-19
 
 ### Bug fixes

CLAUDE.md

@@ -2,6 +2,34 @@
 
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 
+## Auto-memory policy
+
+**Do NOT use MEMORY.md.** Claude Code's auto-memory feature stores behavioral
+rules outside of version control, making them invisible to code review,
+inconsistent across repos, and unreliable across sessions. All behavioral rules,
+conventions, and workflow instructions belong in managed, version-controlled
+documentation (CLAUDE.md, AGENTS.md, skills, or docs/).
+
+If you identify a pattern, convention, or rule worth preserving:
+
+1. **Stop.** Do not write to MEMORY.md.
+2. **Discuss with the user** what you want to capture and why.
+3. **Together, decide** the correct managed location (CLAUDE.md, a skill file,
+   standards docs, or a new issue to track the gap).
+
+This policy exists because MEMORY.md is per-directory and per-machine — it
+creates divergent agent behavior across the multi-repo environment this project
+operates in. Consistency requires all guidance to live in shared, reviewable
+documentation.
+
+## Shell command policy
+
+**Do NOT use heredocs** (`<<EOF` / `<<'EOF'`) for multi-line arguments to CLI
+tools such as `gh`, `git commit`, or `curl`. Heredocs routinely fail due to
+shell escaping issues with apostrophes, backticks, and special characters.
+Always write multi-line content to a temporary file and pass it via `--body-file`
+or `--file` instead.
+
 ## Documentation Strategy
 
 This repository uses two complementary approaches for AI agent guidance:
@@ -254,7 +282,7 @@ The include directives at the top of this file load the full repository standard
 
 **Python Invocation**: Always use `uv run python3 <script>`
 
-**Tooling**: `uv` version `0.9.26`
+**Tooling**: `uv` version `0.10.4`
 
 **Code Quality**: Ruff (all rules), mypy (strict), 100% test coverage, Python 3.14+
 

docs/repository-standards.md

@@ -31,6 +31,7 @@
 - branching_model: library-release
 - release_model: artifact-publishing
 - supported_release_lines: current and previous
+- primary_language: python
 
 ## Local validation
 
@@ -51,7 +52,7 @@
 
 Required for daily workflow:
 
-- `uv` `0.9.26` (install with `python3 -m pip install uv==0.9.26`)
+- `uv` `0.10.4` (install with `python3 -m pip install uv==0.10.4`)
 - `markdownlint` (required for docs validation and PR pre-submission)
 
 Required for integration testing:

docs/site/docs/development/developer-setup.md

@@ -8,15 +8,15 @@ locally.
 | Tool | Version | Purpose |
 | --- | --- | --- |
 | Python | 3.12+ | Runtime |
-| `uv` | 0.9.26 | Package and environment management |
+| `uv` | 0.10.4 | Package and environment management |
 | Docker | Latest | Local MQ containers (integration tests) |
 | `markdownlint` | Latest | Docs validation |
 | `git-cliff` | Latest | Changelog generation (releases only) |
 
 Install `uv`:
 
 ```bash
-python3 -m pip install uv==0.9.26
+python3 -m pip install uv==0.10.4
 ```
 
 ## Required repositories