Skip to content

Commit d648ce4

Browse files
avrabeclaude
andauthored
release(v0.17.0): bump version + CHANGELOG [0.17.0] (#545)
First release since v0.16.1, cut to ship the RUSTSEC-2026-0182 wasmtime fix and the feature batch to downstream consumers (gale waits on a release, not main): Security: wasmtime 43 -> 44.0.3 (#542). Added: `rivet check docs` oracle (#541), minimal --no-default-features build (REQ-202/#456), `init --vendor-schemas` (REQ-220/#431), runner-liveness alert (#509). Fixed: next-id git-history awareness (REQ-218/#479), JSON error envelope on parse failure (REQ-219/#500), variant binding-file loader (#539), `accepted` status enum (#525). Confirmed: `cargo build` green, lock synced to 0.17.0, `rivet validate` PASS, `rivet docs check` PASS (0 violations). Trace: skip Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent ee352ce commit d648ce4

4 files changed

Lines changed: 63 additions & 5 deletions

File tree

CHANGELOG.md

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,64 @@
55

66
## [Unreleased]
77

8+
## [0.17.0] - 2026-06-19
9+
10+
### Security
11+
12+
- **RUSTSEC-2026-0182 / #542 — bump wasmtime 43 → 44.0.3.** A new advisory flags
13+
a WASIp1 `fd_renumber` resource leak in `wasmtime-wasi`, fixed in 44.0.3. The
14+
Security Audit gate had gone red repo-wide; rivet's only wasmtime consumer is
15+
the compose-witness component runner (`wasm_runtime.rs`), which compiles
16+
unchanged against the new API. `cargo audit` is clean afterward.
17+
18+
### Added
19+
20+
- **#540 / #541`rivet check docs` oracle.** Enumerates every candidate path
21+
the doc scanner considered and tags each `loaded` / `skipped (<reason>)` /
22+
`excluded (<glob>)`. `--format json` emits the canonical
23+
`{oracle, entries, total, by_status}` envelope; `--strict` exits non-zero when
24+
any candidate is skipped (allowlist exclusions do not trip strict).
25+
- **REQ-202 / #456 — minimal `--no-default-features` build.** `rivet-cli` gates
26+
the serve + MCP + LSP stack behind cargo features (all kept in `default`, so
27+
the published binary is byte-for-byte unchanged). `cargo build -p rivet-cli
28+
--no-default-features` yields the validate/list/add/commit-check core with
29+
none of axum/rmcp/lsp-server compiled in; `--format html` export, `snapshot`,
30+
and `embed` (which share the dashboard renderer) are serve-gated and refuse
31+
with a clear message in the minimal build.
32+
- **REQ-220 / #431`rivet init --vendor-schemas`.** Writes the resolved
33+
built-in schemas (plus auto-discovered bridges) on-disk into `schemas/`, so a
34+
project pins its validation against rivet upgrades (the loader prefers on-disk
35+
over the embedded copy). Never overwrites an existing schema file.
36+
- **#509 — runner-liveness alert.** A GitHub-hosted scheduled workflow
37+
(`runner-liveness.yml`) probes the self-hosted runner pool and queued-run age
38+
every 15 minutes and raises a durable `runner-down` tracking issue when the
39+
pool stalls, instead of every gate queueing forever with no signal.
40+
41+
### Fixed
42+
43+
- **REQ-218 / #479`next-id` honors IDs claimed in git history.** Allocation
44+
scanned only the working tree, so a reverted commit or an in-flight branch
45+
could reissue an ID already claimed elsewhere (the reverted-but-burned-ID
46+
trap). `next-id`
47+
and `add` now also consider IDs claimed in commit trailers / subject tags
48+
across all refs; overridable with `RIVET_NEXTID_NO_GIT=1`.
49+
- **REQ-219 / #500 — JSON error envelope on a parse failure.** A misplaced
50+
top-level `--project`/`--schemas` (they are deliberately not clap `global`)
51+
left stdout empty under `--format json`, giving consumers a cryptic "EOF while
52+
parsing". Such invocations now emit a one-line `{error, hint}` envelope on
53+
stdout; non-JSON parse errors keep the stderr-only behavior.
54+
- **#532 / #539 — variant loader skips feature-model binding files.**
55+
`load_variant_configs_from_dir` no longer trips over `variant:`-wrapped
56+
binding files.
57+
- **#522 / #525 — restore `accepted` to the canonical status enum.**
58+
59+
### Changed
60+
61+
- **#533 — npm/npx is now a first-class install path** in the README, with the
62+
stale committed `npm/` + `platform-packages/` versions synced; RELEASING.md
63+
documents which version locations are authoritative vs workflow-managed.
64+
- **#523 / #526 — mutation-testing CI moved off `lean-mem` to `rust-cpu`.**
65+
866
## [0.16.1] - 2026-06-14
967

1068
### Fixed

Cargo.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ members = [
1515
exclude = ["compose-witness"]
1616

1717
[workspace.package]
18-
version = "0.16.1"
18+
version = "0.17.0"
1919
authors = ["PulseEngine <https://github.com/pulseengine>"]
2020
edition = "2024"
2121
license = "Apache-2.0"

vscode-rivet/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"displayName": "Rivet SDLC",
44
"description": "SDLC artifact traceability with live validation, hover info, and embedded dashboard",
55
"publisher": "pulseengine",
6-
"version": "0.16.1",
6+
"version": "0.17.0",
77
"license": "MIT",
88
"repository": {
99
"type": "git",

0 commit comments

Comments
 (0)