Migration Guide: v0.2 to v0.3¶
Breaking Changes¶
Report.verdict() behavior change¶
Impact: CI pipelines that relied on Report.verdict() returning "pass" when inconclusive evidence was present will now see "inconclusive".
Before (v0.2):
report = Report(spec_name="test", evidence=[pass_ev, inconclusive_ev])
report.verdict() # → "pass" (inconclusive silently upgraded)
After (v0.3, strict policy — the new default):
report = Report(spec_name="test", evidence=[pass_ev, inconclusive_ev])
report.verdict() # → "inconclusive"
If your CI just broke, you have two options:
- (Recommended) Investigate the inconclusive evidence — it means "we don't know," and that's worth understanding.
- (Escape hatch) Restore old behavior with
verdict_policy="lenient":
Requirement.source type change¶
Impact: Requirement.source is now list[str] instead of str. A bare string is auto-normalized to a one-element list.
Before (v0.2):
After (v0.3):
Migration: If your code checks req.source != "", change to len(req.source) > 0. If you pass source="url" at construction time, it still works — the string is auto-normalized.
New Features (Backward-Compatible)¶
Catalog System¶
from vnvspec.catalog.ml.pytorch_training import reproducibility
from vnvspec import Spec
spec = Spec(name="my-model").extend(reproducibility())
CLI: vnvspec catalog list, vnvspec catalog show, vnvspec catalog audit, vnvspec catalog import.
New Fields and Methods¶
Report.verdict_policy:"strict"(default) or"lenient"Report.inconclusive_count(): count inconclusive evidence"formal_proof"is now a validVerificationMethodandEvidenceKind
Shields.io Badge Endpoint¶
Use in README:
Upgraded GitHub Actions¶
The composite action now supports publish-badge, comment-pr, and verdict-policy inputs.
Backward Compatibility¶
- All v0.1 and v0.2 public symbols remain importable
scripts/check_v0_1_compat.pyandscripts/check_v0_2_compat.pyrun in CI- New fields have backward-compatible defaults
- The catalog system is purely additive