Skip to content

release: prep v0.7.0 for PyPI publication#57

Merged
kmadan merged 1 commit into
mainfrom
release/v0.7.0-pypi
May 14, 2026
Merged

release: prep v0.7.0 for PyPI publication#57
kmadan merged 1 commit into
mainfrom
release/v0.7.0-pypi

Conversation

@kmadan
Copy link
Copy Markdown
Contributor

@kmadan kmadan commented May 14, 2026

Three coordinated changes that unblock the first `pip install aicertify`.

What this PR does

Change Why
langfair @ git+...langfair-mantric.gitlangfair>=0.8.0,<1.0 PyPI rejects git URLs in install_requires. Upstream langfair 0.8.0 now supports Python 3.9–3.13 natively, so the mantric fork is no longer necessary.
rich >=13.9.4rich >=13.8.0,<14.0.0 langfair 0.8.0 pins rich==13.8.0 strictly; this relaxes our floor to match. The rich APIs AICertify uses (Console, Progress, Spinner, Live, Panel, Text) are stable across 13.8 → 13.9.
De-duplicate langchain-openai dep Was listed in both the main deps block and the transitive-pin block. PyPI accepts the dupe but it shows up awkwardly on the project page.
Restructure CHANGELOG.md v0.7.0 section Consolidates the entire 0.7.0 release into a single comprehensive entry dated 2026-05-14 (first PyPI release) — covers skills, AGENTS.md, diagrams, translations, marketing overhaul, ~95 Dependabot advisory fixes, CodeQL clean-up.

Verified locally

  • poetry lock --regenerate succeeded — clean resolve, LangChain 1.x stack preserved
  • poetry builddist/aicertify-0.7.0-py3-none-any.whl (265 KB) + dist/aicertify-0.7.0.tar.gz (195 KB)
  • twine check dist/*PASSED on both wheel and sdist
  • pip install dist/aicertify-0.7.0-py3-none-any.whl in a fresh Python 3.12 venv: succeeds
  • aicertify --help prints the CLI usage
  • from aicertify import regulations, application works (the canonical README pattern)
  • Wheel METADATA has all 15 PyPI keywords, 13 classifiers, the full [project.urls] block, the aicertify console-script entry point, and zero git URLs anywhere in the requires-dist list

After merge

Next steps (separate from this PR):

  1. Tag v0.7.0 on the post-merge main commit
  2. Create a GitHub Release tied to the tag with the CHANGELOG [0.7.0] section as the body
  3. twine upload dist/* — needs your PYPI_API_TOKEN. I'll print the exact command after this merges so you can run it under your account.

@kmadan
release: prep v0.7.0 for PyPI publication
b56fcb5 
Three coordinated changes that unblock the first \"pip install aicertify\".

## langfair: git URL -> PyPI

PyPI rejects packages whose install_requires contain direct git URLs.
The previous dep

    langfair @ git+https://github.com/mantric/langfair-mantric.git@python-3.12-support

was a stand-in for upstream not yet supporting Python 3.12. That has since
landed in upstream langfair 0.8.0 (requires-python <3.14,>=3.9), so we can
switch to the PyPI release:

    langfair >=0.8.0,<1.0

AICertify's actual API surface against langfair is small (counterfactual,
stereotype, and toxicity metrics under langfair.metrics) and is stable in
the upstream 0.8.x line.

## rich: align with langfair's pin

langfair 0.8.0 pins rich==13.8.0 strictly. The previous AICertify pin
(>=13.9.4) conflicted. Relax to >=13.8.0,<14.0.0 — the rich APIs we use
(Console, Progress, Spinner, Live, Panel, Text) are stable across both.

## langchain-openai: de-duplicate

The dep appeared twice (once in the main list, once in the transitive-pin
block). PyPI accepts duplicate Requires-Dist lines but it shows up
awkwardly on the project page. Kept the single entry with the explicit
security floor (>=1.1.14, image-token-counting DNS-rebind SSRF fix).

## CHANGELOG

Restructured the [0.7.0] section into a single comprehensive entry dated
2026-05-14 (first PyPI release). The release notes cover:

- Everything previously in [Unreleased] (skills, AGENTS.md, diagrams,
  translations, marketing overhaul, SECURITY.md, why-aicertify.md, demo
  PDF, forkable examples, repo metadata, labels, issues)
- The reporting subsystem + quickstart + pluggable evaluators
- The gopal migration
- ~95 Dependabot advisory fixes (direct + transitive bumps, CodeQL false
  positives dismissed, workflow permissions added)

## Verified

- poetry lock --regenerate: clean resolve
- poetry build: aicertify-0.7.0-py3-none-any.whl (265 KB) +
  aicertify-0.7.0.tar.gz (195 KB)
- twine check dist/*: PASSED on both
- pip install dist/...whl into a clean venv 3.12: succeeds
- aicertify --help: works
- from aicertify import regulations, application: works
@github-actions github-actions Bot added 📝 documentation Improvements or additions to documentation 🚀 enhancement New feature or request labels May 14, 2026
@kmadan kmadan merged commit f3eb042 into main May 14, 2026
7 checks passed
@kmadan kmadan deleted the release/v0.7.0-pypi branch May 14, 2026 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

📝 documentation Improvements or additions to documentation 🚀 enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmadan