Skip to content

Fix self-scan, provenance export, and release surface alignment#1129

Merged
msaad00 merged 1 commit intomainfrom
fix/selfscan-provenance-surface-alignment
Mar 29, 2026
Merged

Fix self-scan, provenance export, and release surface alignment#1129
msaad00 merged 1 commit intomainfrom
fix/selfscan-provenance-surface-alignment

Conversation

@msaad00
Copy link
Copy Markdown
Owner

@msaad00 msaad00 commented Mar 29, 2026

Summary

  • fix the real self-scan CLI path so self-scan preserves agent-bom dependency inventory instead of collapsing to MCP registry fallback
  • fail the release workflow loudly when provenance bundles are missing and export attestation files correctly for release assets
  • align README, PyPI, Docker, Action, site docs, and MCP listing copy around one accurate CI/CD-capable agent-bom story

Validation

  • python -m pytest -q tests/test_self_scan.py
  • python scripts/check_release_consistency.py
  • manual self-scan CLI check confirmed 39 self-scan packages end to end
  • verified pipeline SVG drift removed for native OCI parser and 14 frameworks

Notes

  • leaves local demo/report artifacts unstaged
  • keeps scope to release truthfulness, provenance, and self-scan correctness only

@msaad00 msaad00 requested a review from andres-linero as a code owner March 29, 2026 05:58
@msaad00 msaad00 enabled auto-merge (squash) March 29, 2026 05:58
@msaad00 msaad00 merged commit 9f29ce3 into main Mar 29, 2026
20 checks passed
@msaad00 msaad00 deleted the fix/selfscan-provenance-surface-alignment branch March 29, 2026 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andres-linero andres-linero andres-linero approved these changes

@agent-bom agent-bom agent-bom approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msaad00 @andres-linero @agent-bom