chore(release): anvil-ssh 1.0.0 — first stable release#31
Merged
Conversation
First stable release. No API change from 0.9.0; this release is a stabilization signal under SemVer. CHANGELOG declares the public API stable: patch bumps add no symbols, minor bumps add only, major bumps coordinate with downstream consumers (primarily Steelbore/Gitway). The legacy GitwaySession / GitwayConfig / GitwayError #[deprecated] aliases stay through the entire 1.x line. This is a deliberate softening of the original AGENTS.md roadmap (which had proposed removing them at 1.0): the corresponding gitway-lib shim re-exports anvil_ssh::* glob-style and is preserved through Gitway 1.x per Gitway's docs/migration-from-v0.9.md; removing the upstream aliases now would silently break that shim. Removal is scheduled for 2.0. README rewritten for v1.0: - Updated Status block (1.0.0 stable, MSRV 1.88) - Updated Use block (anvil-ssh = "1.0", deprecation timeline) - New v1.0 feature matrix - "What this is NOT" section clarifying scope - Refreshed module table with M11.5-M19 modules (cert_authority, ssh_config, proxy, algorithms, retry, log) - Security section linking to Gitway's threat model + the RUSTSEC-2023-0071 residual-risk note AGENTS.md type-rename roadmap revised to defer Gitway* alias removal to 2.0; SemVer commitment block added. Local verification: - cargo build --release: 2m21s, clean - cargo clippy --all-targets -- -D warnings: clean (47s) - cargo fmt --check: clean - cargo test: 292 passed, 0 failed, 7 ignored (require GITWAY_INTEGRATION_TESTS=1) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
anvil-ssh 1.0.0— first stable release.0.9.0→1.0.0. No API change from 0.9.0; this release is a stabilization signal.GitwaySession/GitwayConfig/GitwayError#[deprecated]aliases stay through the 1.x line (was: removed at 1.0). This is a deliberate softening — the correspondinggitway-libshim glob-re-exportsanvil_ssh::*and is preserved through Gitway 1.x per Gitway's migration doc; removing the upstream aliases now would silently break that shim. Removal is now scheduled for 2.0.0.Out of scope
Three items explicitly deferred to v1.x or v2.0:
@cert-authorityvalidation during KEX. Blocked on russh upstream cert-host-key support.sk-ssh-*hardware-backed keys (Gitway PRD §5.8.5, M16). Vendor fragmentation needs a hardware-test matrix.Matchblock semantics inssh_config(Gitway PRD §12 Q1). Parser support landed in M12; eval semantics deferred.Known residual risks
rsacrate. No upstream patch available (RustCrypto/RSA #626). Documented + accepted with rationale in Gitway'sdocs/security.md: thersacrate is only on local keygen + SSHSIG paths; transport crypto isaws-lc-rs(constant-time); SSH auth uses Ed25519 by default.Test plan
cargo build --releaseclean locallycargo clippy --all-targets -- -D warningscleancargo fmt --checkcleancargo test(full suite, hermetic) — all 207+ tests passcargo publish --dry-runsucceeds (crate file lists every required file; no path-only deps)docs.rsbuild succeeds (verified after publish)🤖 Generated with Claude Code