OpenTelemetry-to-EEOAP SoftwareX Release Candidate v1.0

OpenTelemetry-to-EEOAP SoftwareX Release Candidate v1.0

Tag

opentelemetry-to-eeoap-softwarex-rc-v1.0

Status

Release candidate for SoftwareX preparation.

Not a final DOI release.

Not a production-ready release.

Summary

This release candidate packages the OpenTelemetry-to-EEOAP adapter evidence for
SoftwareX preparation. It includes a release-candidate support package with two
valid OpenTelemetry-style trace contexts, four invalid diagnostic fixtures,
generated EEOAP-compatible statements, adapter reports, metadata drafts,
validation records, checksums, and clean-clone verification.

Included Evidence

• Version 1.25 support package.
• Version 1.26 clean-clone verification.
• Version 1.27 tag plan.
• Generated EEOAP-compatible statements.
• Adapter reports.
• Scoped pytest result.
• Validator results.
• Checksum verification.

Tag Scope

The tag source archive includes version 1.25, version 1.26, and version 1.27
SoftwareX route materials. Later process documents for local tag creation,
clean tag verification, tag push decision, remote tag push, and GitHub Release
planning are not part of this tag source archive because they were created
after the selected tag target.

Known Limitations

• No DOI yet.
• Root metadata is not overwritten.
• CFF YAML validation was skipped where PyYAML was unavailable.
• No production readiness claim.
• No legal accountability proof claim.
• No broad OpenTelemetry compatibility claim.
• No real LangChain runtime integration.
• No OpenTelemetry Collector integration.

Validation Summary

• Support package checksum: 34 listed files OK.
• CodeMeta JSON validation: passed.
• CFF YAML validation: skipped because PyYAML was unavailable.
• Scoped pytest: 8 passed.
• Validator: repository and support package valid statements pass with
  ok=true and issue_count=0.

Citation And Metadata

Package-local metadata drafts are included. Public DOI and final release
metadata remain TODO.

Next Steps

DOI/Zenodo archive remains a later step. Formal SoftwareX submission has not
occurred.

AEP-Media v0.1.0: Offline Validation of Time-Aware Media Evidence Bundles

AEP-Media v0.1.0

Scope

Reusable research software for offline validation of time-aware media evidence bundles.

Included Functionality

• AEP-Media evidence profile validator
• offline media bundle builder and verifier
• strict declared time-trace validator
• LinuxPTP-style trace ingestion adapter
• FFmpeg PRFT-style metadata ingestion adapter
• C2PA-like manifest ingestion adapter
• evaluation runner with default, adapter-inclusive, optional-tool, and combined matrices
• release/submission pack tooling
• examples, schemas, specs, demos, tests, and reports

Verification Summary

• targeted tests: 48 passed, 1 warning
• SoftwareX/readiness tests: 23 passed, 1 warning
• full tests: 155 passed, 1 skipped, 15 warnings
• evaluation default: 18 cases, unexpected=0
• evaluation adapters: 26 cases, unexpected=0
• evaluation optional tools: 23 cases, unexpected=0
• evaluation combined: 31 cases, unexpected=0
• release pack: PASS aep-media-release-pack@0.1

Claim Boundary

AEP-Media supports local validation and fixture-based adapter ingestion. It does not claim legal admissibility, non-repudiation, trusted timestamping, real PTP proof, full MP4 PRFT parsing, real C2PA signature verification, chain of custody, or production deployment.

Citation

Zenodo DOI: 10.5281/zenodo.20107097.

Record: https://zenodo.org/records/20107097.

Operation Accountability Profile and Validator Release Candidate v0.2.1

Operation Accountability Profile and Validator Release Candidate

Candidate tag: v0.2.1

Commit: 0bb307e2fcfcbf8d3b1bafc1d61a5afe08dab9e9

This release candidate provides a clean artifact baseline for the operation-accountability profile and validator used in the TSE v2 rebuild of:

Operation Accountability as a First-Class Verification Boundary for Machine-Actionable Object Systems

Profile Purpose

The release candidate packages a bounded operation-accountability profile for representing and validating one machine-checkable operation accountability statement. The profile is intended to support independent software engineering review of a single operation boundary, including operation, policy basis, references, evidence, validation, and integrity-related material.

Validator CLI

The validator command surface is:

agent-evidence validate-profile <file>

The release candidate sanity check observed the CLI help surface and profile validation command working from a clean candidate copy.

Example Surface

• Primary valid profile examples observed passing: 3
• Documented primary invalid profile examples observed failing as expected: 7
• Other top-level JSON schema failures observed but not counted as primary profile examples: 4

Tests

The operation-accountability profile test suite result in the release candidate sanity check:

16 passed

Demo

The demo command:

python demo/run_operation_accountability_demo.py

The release candidate sanity check observed:

• demo exit 0
• generated evidence/report
• validation PASS

Claim Boundary

This release candidate supports bounded claims about:

• schema-backed operation-accountability profile
• validator CLI
• JSON validation report surface
• 3 valid / 7 invalid primary profile example surface
• observed validator error codes
• operation-accountability demo PASS
• operation-accountability tests passing

Non-Claims

This release candidate does not claim:

• broad deployment
• full FDO interoperability
• general provenance model
• industrial validation
• legal/compliance sufficiency
• multi-agent orchestration
• broad portability

Relation To TSE v2 Manuscript

This release candidate is intended to provide the clean artifact baseline for the TSE v2 rebuild of Operation Accountability as a First-Class Verification Boundary for Machine-Actionable Object Systems.

agent-evidence v0.6.0

v0.6.0 Review Pack V0.3 Release

This GitHub Release records agent-evidence v0.6.0 after Review Pack
V0.3 was merged, post-merge audited, and prepared for release. TestPyPI and
PyPI publication remain separate authorization gates.

Added

• Review Pack V0.3 reviewer-facing stabilization:
  • stable RP-CHECK-* reviewer checklist IDs
  • pack_creation_mode: local_offline
  • Secret and Private Key Boundary summary section
  • conservative secret_scan_status
  • optional --json-errors for review-pack create failures
• Review Pack manifest and receipt clarity fields for reviewers and agents:
  • review_pack_version
  • pack_creation_mode
  • verification_ok
  • record_count
  • signature_count
  • verified_signature_count
  • included_artifacts
  • artifact_inventory
  • reviewer_checklist
  • secret_scan_status
  • non_claims
• Structured Review Pack failure output remains opt-in and limited to
  agent-evidence review-pack create --json-errors.

Safety Boundaries

• Review Pack V0.3 is local and offline.
• Review Pack creation verifies signed exports before packaging.
• Review Pack creation fails closed when verification fails.
• Review Pack creation does not mutate source artifacts.
• Review Pack creation does not copy private keys.
• Review Pack creation does not add telemetry.
• Review Pack creation does not change OpenAPI or MCP behavior.
• Review Pack creation does not change canonical schema or core validation.
• secret_scan_status is not comprehensive DLP and does not prove all possible
  secrets are absent.
• No legal non-repudiation, court-grade proof, or regulatory certification
  claim is made.
• Review Pack V0.3 is not compliance certification.
• Review Pack V0.3 is not AI Act approval.
• Review Pack V0.3 is not a full AI governance assessment.
• agent-evidence is not a full AI governance platform.

Non-Goals

• No AI Act Pack.
• No PDF or HTML report generator.
• No dashboard.
• No hosted or remote review service.
• No remote MCP.
• No MCP registry publication.
• No OpenAPI or MCP Review Pack exposure.
• No GitHub Pages or ADOPTERS.md.
• No canonical schema rewrite.
• No core validation rewrite.
• No old NCS/media work.

Remaining Release Actions

• Confirm PyPI/TestPyPI publication intent.
• Confirm Zenodo behavior after GitHub release.
• Confirm v0.6.0 installed-package smoke after publication.

agent-evidence v0.5.0

v0.5.0 Review Pack V0.2 Release Prep

This release-prep entry prepares agent-evidence v0.5.0 after Review Pack
V0.2 was merged and post-merge audited.

Added

• Review Pack V0.2 reviewer-facing summary improvements:
  • reviewer checklist
  • verification details table
  • artifact inventory table
  • findings table
  • recommended reviewer actions
  • What This Does Not Prove section
• Review Pack manifest and receipt clarity fields for reviewers and agents:
  • review_pack_version
  • verification_ok
  • record_count
  • signature_count
  • verified_signature_count
  • included_artifacts
  • artifact_inventory
  • non_claims
• Refined bounded findings taxonomy for local review packages.
• Explicit tampered bundle fail-closed coverage.

Safety Boundaries

• Review Pack V0.2 is local and offline.
• Review Pack creation verifies signed exports before packaging.
• Review Pack creation fails closed when verification fails.
• Review Pack creation does not mutate source artifacts.
• Review Pack creation does not copy private keys.
• Review Pack creation does not add telemetry.
• Review Pack creation does not change OpenAPI or MCP behavior.
• Review Pack creation does not change canonical schema or core validation.
• No legal non-repudiation, court-grade proof, or regulatory certification
  claim is made.
• Review Pack V0.2 is not compliance certification.
• Review Pack V0.2 is not AI Act approval.
• Review Pack V0.2 is not a full AI governance assessment.
• agent-evidence is not a full AI governance platform.

Non-Goals

• No AI Act Pack.
• No PDF or HTML report generator.
• No dashboard.
• No hosted or remote review service.
• No remote MCP.
• No MCP registry publication.
• No OpenAPI or MCP Review Pack exposure.
• No GitHub Pages or ADOPTERS.md.
• No canonical schema rewrite.
• No core validation rewrite.
• No old NCS/media work.

Release Actions Still Required

• Confirm final v0.5.0 release authorization.
• Confirm GitHub release body.
• Confirm PyPI/TestPyPI publication intent.
• Confirm Zenodo behavior after GitHub release.
• Confirm v0.5.0 installed-package smoke after publication.

agent-evidence v0.4.0

v0.4.0

This release publishes agent-evidence v0.4.0 with Review Pack V0.1 local reviewer-facing packaging.

Added

• Review Pack V0.1 local reviewer-facing packaging:
  • agent-evidence review-pack create
  • manifest.json
  • receipt.json
  • findings.json
  • summary.md
  • artifacts/evidence.bundle.json
  • artifacts/manifest-public.pem
  • optional artifacts/summary.json
• Review Pack cookbook:
  • docs/cookbooks/review_pack_minimal.md
• Review Pack tests for:
  • LangChain example pack creation
  • OpenAI-compatible mock pack creation
  • fail-closed verification behavior
  • no private key copying
  • no secret leakage
  • no network calls
  • boundary language in reviewer summaries

Safety Boundaries

• Review Pack V0.1 is local and offline.
• Review Pack creation verifies signed exports before packaging.
• Review Pack creation does not mutate source artifacts.
• Review Pack creation does not copy private keys.
• Review Pack creation does not add telemetry.
• Review Pack creation does not change OpenAPI or MCP behavior.
• Review Pack creation does not change canonical schema or core validation.
• No legal non-repudiation, court-grade proof, or regulatory certification
  claim is made.
• agent-evidence is not a full AI governance platform.

Non-Goals

• No AI Act Pack.
• No PDF or HTML report generator.
• No hosted review service.
• No remote MCP.
• No MCP registry publication.
• No GitHub Pages or ADOPTERS.md.
• No canonical schema rewrite.
• No core validation rewrite.
• No old NCS/media work.

agent-evidence v0.3.1

v0.3.1 Metadata-Only Patch Prep

This metadata-only patch prepares agent-evidence v0.3.1 after GitHub Release
v0.3.0 was archived by Zenodo.

Changed

• Primary project citation now uses the Zenodo concept DOI:
  10.5281/zenodo.19334061.
• The exact v0.3.0 version DOI is documented for release-specific citation:
  10.5281/zenodo.19998176.
• Release metadata, citation guidance, generated agent metadata, and release
  readiness docs are aligned on version 0.3.1.

Scope

• Metadata-only patch.
• No code behavior changes.
• No OpenAPI, MCP, schema, or core validation changes.
• No PyPI/TestPyPI release was made for 0.3.0.

agent-evidence v0.3.0

Release Notes

v0.3.0 Release Prep

This release-prep entry summarizes the agent-native discovery and local
callable-surface work merged after v0.2.0. This file prepares the repository
for a v0.3.0 release; it does not publish the release by itself.

Added

• Agent-native discovery surfaces:
  • AGENTS.md
  • llms.txt
  • llms-full.txt
  • agent-index.json
  • agent-index.schema.json
  • docs/for-agents.md
• Citation, attribution, and recommendation-policy metadata:
  • CITATION.cff
  • codemeta.json
  • ATTRIBUTION.md
  • RECOMMENDATION_POLICY.md
  • docs/how-to-cite.md
• Development ledger and metadata validation workflow.
• agent-evidence capabilities --json for machine-readable callable-surface
  metadata.
• Generated agent metadata checks for agent-index.json and llms-full.txt.
• Local OpenAPI thin wrapper:
  • openapi.yaml
  • agent-evidence serve --host 127.0.0.1 --port 8765
  • local endpoints for health, capabilities, profile validation, and bundle
    verification.
• Local MCP stdio read-only / verify-first wrapper:
  • agent-evidence mcp --transport stdio
  • fixed tools: list_capabilities, list_schemas, validate_profile,
    verify_bundle
  • fixed read-only resources under agent-evidence://.
• LangChain 5-minute runnable path with offline/mock behavior and
  verify-export coverage.
• OpenAI-compatible minimal evidence path with mock/offline default behavior.
• OpenAI-compatible hardening tests for live configuration errors,
  no-network mock behavior, and no provider-secret leakage into artifacts.

Safety Boundaries

• No telemetry is added.
• No automatic star, follow, fork, recommendation, or promotion mechanism is added.
• No legal non-repudiation, court-grade proof, or regulatory certification
  claim is made.
• agent-evidence is not a full AI governance platform.
• The CLI/core remains canonical; local OpenAPI and MCP surfaces are wrappers.
• OpenAPI is local-only and is not a hosted API product.
• MCP is local stdio only and is not a remote or registry-published service.

Non-Goals

• No remote MCP.
• No MCP registry publication.
• No GitHub Pages or ADOPTERS.md.
• No Review Pack commercial feature.
• No AI Act Pack.
• No canonical schema rewrite.
• No core validation rewrite.
• No old NCS/media work.

Release Actions Still Required

• Confirm final version and release date.
• Confirm whether the existing DOI remains the concept/repository DOI or
  whether release-specific archive metadata should be added after publication.
• Create the GitHub release if approved.
• Publish to PyPI if approved.
• Confirm release notes and package metadata after publication.

agent-evidence v0.1.0 RC1

agent-evidence v0.1 RC

Scope: bounded release candidate for agent-evidence only.

1. Release Title And Scope

agent-evidence v0.1 RC is the first bounded release candidate for the current
single-repo product surface.

This release candidate is intentionally narrow:

• local-first
• adapter-first
• review-pack-enabled
• no hosted control plane
• no new canonical artifact type beyond bundle, receipt, and summary

2. What Is New In v0.1 RC

This release candidate brings the current repository into one coherent product
line:

• a developer-product README and bounded quickstart
• one recommended LangChain integration entry point:
  LangChainAdapter
• one recommended OpenAI-compatible integration entry point:
  OpenAICompatibleAdapter
• one Review Pack path with:
  • assembler
  • deterministic renderer
  • developer-facing example
  • smoke gate

The result is one bounded workflow that can capture a run, export it, verify
it, and package it for review without expanding into a hosted platform or a
larger governance system.

3. Primary Supported Surfaces

Quickstart

Current bounded first-run path:

• install from source
• run examples/langchain_minimal_evidence.py
• produce bundle
• verify to produce receipt
• review summary

Reference:

• docs/quickstart.md

LangChainAdapter

Recommended entry point:

• agent_evidence.integrations.langchain.LangChainAdapter

Current role:

• capture LangChain runtime events
• export a signed JSON bundle
• verify and write receipt
• write reviewer-facing summary

OpenAICompatibleAdapter

Recommended entry point:

• agent_evidence.integrations.openai_compatible.OpenAICompatibleAdapter

Current role:

• wrap provider calls without moving provider logic into core evidence logic
• keep config propagation bounded
• preserve the same bundle / receipt / summary contract

Review Pack Path

Current path:

• agent_evidence.review_pack.ReviewPackAssembler
• agent_evidence.review_pack.ReviewPackRenderer
• examples/review_pack/build_review_pack.py

Current role:

• assemble a stable review pack from existing artifacts
• render deterministic review/report.md
• keep supporting files optional
• exclude private keys by default

4. Artifact Contract Boundary

The primary artifact contract remains:

• bundle
• receipt
• summary

Supporting files remain supporting only:

• manifest sidecar
• verification public key
• runtime JSONL capture
• local signing private key

Source-of-truth boundaries remain intact:

• evidence payload lives in bundle
• machine-readable verification facts live in receipt
• reviewer-facing orientation lives in summary
• Review Pack layout and renderer labels stay presentation-only

5. Validation And Test Status

Current bounded release-path gates are in place:

• tests/test_quickstart_smoke.py
• tests/test_langchain_adapter.py
• tests/test_langchain_integration.py
• tests/test_openai_compatible_adapter.py
• tests/test_review_pack_assembler.py
• tests/test_review_pack_renderer.py
• tests/test_review_pack_example_smoke.py

Current release-gate result:

• 15 passed

That gate covers:

• quickstart path
• LangChain wrapper path
• OpenAI-compatible wrapper path
• Review Pack assembler
• Review Pack renderer
• Review Pack example-level smoke path

6. Known Limitations

• no Review Pack CLI
• no OpenAI-compatible CLI
• no hosted delivery
• no live-provider tests
• no cross-repo integration
• no LangGraph-specific implementation surface
• no claim of full platform coverage

Current warning note:

• Python 3.14 currently surfaces non-blocking langchain_core compatibility and
  deprecation warnings in the bounded test path

7. Explicit Non-Goals

• no schema changes
• no exporter expansion
• no new canonical artifact type
• no hosted audit plane
• no provider-specific business logic in core
• no Review Pack promotion to the main quickstart or README entry at this stage

8. Upgrade / Adoption Notes

This is the first bounded release candidate, so adoption guidance is simple:

• install from source
• start with the LangChain quickstart path
• treat bundle, receipt, and summary as the only primary outputs
• treat supporting files as optional adjunct material
• use Review Pack only as a packaging/rendering layer above those artifacts

For OpenAI-compatible adoption:

• use the provider-agnostic wrapper
• keep provider client logic outside core evidence logic
• treat current examples as bounded configuration surfaces, not as a claim of
  live-provider certification

9. Recommended Next Follow-Ups After RC

At most three low-risk follow-ups should be prioritized next:

1. Reduce the current Python 3.14 langchain_core warning surface.
2. Add one bounded release-facing note or packaging step around the v0.1 RC
   position.
3. Harden non-live OpenAI-compatible edge-case tests without changing the
   artifact contract.

Agent Evidence v0.2.0

This release freezes the first minimal package for the Execution Evidence and Operation Accountability Profile v0.1 in the agent-evidence repository.

Included in this release:

• profile spec
• JSON schema
• one valid and three invalid examples
• profile-aware validator
• single-chain demo
• acceptance, release-readiness, and handoff documents
• research brief (ZH) and abstract (EN)

Versioning note:

• Repository release version: v0.2.0
• OAP package version inside this release: v0.1

Validation summary:

• ruff check: passed
• pytest: passed
• profile validation on valid/invalid examples: passed
• demo run: passed

Known non-blocking notes:

• Python 3.14 .venv may emit one langchain_core warning
• legacy historical materials remain in the repository but are separated from the v0.1 OAP path