chore(release): v0.15.1 (Monorepo Unification)

This release fundamentally restructures the Zenzic ecosystem by unifying the Core Engine and the Documentation Portal into a single, cohesive Monorepo.

🏗️ Architectural Changes

• Monorepo Unification: The zenzic-doc repository has been fully grafted into the zenzic core repository. Documentation now resides in the /docs directory. This guarantees atomic Documentation Impact Analysis (D.I.A.) — a PR that alters CLI behavior now includes the corresponding manual update in the exact same commit.
• Native Dogfooding: Eradicated the reliance on the external zenzic-action for testing our own documentation. The CI/CD pipeline now executes uv run zenzic check all --strict natively, testing the documentation against the bleeding-edge engine code in the current branch.
• Optional Dependencies: Added mkdocs-material to pyproject.toml under the [docs] extra. Contributors can now install the full documentation build environment via uv sync --extra docs.
• DX Upgrades: Added flexible docs-build and docs-serve +args="" recipes to the justfile for seamless local authoring.
• Historical Archival: The legacy zenzic-doc changelog has been permanently archived to changelogs/v0.15-docs-archive.md. The previous repository will be tombstoned.

v0.15.0

🚀 The Semantic Sprint & Technical Debt Elimination

✨ New Features

• Dead Suppression Tracker (Z603): Introduced global tracking for <!-- zenzic:ignore --> directives via the SuppressionTracker. The engine now explicitly flags any ignore directive that no longer matches an active diagnostic finding. This effectively prevents the silent accumulation of "dead suppressions" (Technical Debt) in your codebase.

🛡️ Governance & Architecture

• Z407 Epic Deferral: Evaluated and formally deferred the Broken Code Reference epic. The heuristic approach generated unresolvable false positives on hypothetical paths typically found in technical tutorials. Implementation is officially postponed to v0.16.0, pending explicit AST Markdown opt-in attributes.

🧹 Maintenance & Chore

• Archived legacy v0.14.x changelogs into a dedicated historical ledger.
• Assorted internal refactoring and dependency synchronizations.

v0.14.1 - Core Link Parsing & Template Purification

This patch release addresses a critical bug in the Core Engine's Asset Graph construction and purges remnant technical debt from the v0.14.0 structural overhaul.

Bug Fixes

• Asset Graph Reliability (Z405): Standard Markdown links ([text](url)) and HTML anchor tags (<a href="...">) pointing to non-markdown local assets are now correctly resolved and inserted into the used-assets graph. You will no longer receive false-positive Z405 (Unused Asset) errors for validly linked standalone HTML or raw files.

Chores & Cleanup

• Init Templates: Removed legacy [i18n] configuration blocks from zenzic init templates. New projects initialized via the CLI will no longer crash due to deprecated configuration tables.
• Roadmap: Added roadmap item Z507 (Semantic Metadata Cross-Validation) for the upcoming v0.15.0 feature cycle.

Documentation (zenzic-doc)

• Migrated the entire blog corpus from legacy Docusaurus truncation tags (<!-- truncate -->) to MkDocs Material standards (<!-- more -->).
• Stripped redundant hardcoded metadata from blog posts in favor of native MkDocs frontmatter rendering.
• Eradicated legacy Docusaurus .mdx files and cleaned up .zenzic.toml blind-spot suppressions.
• Enforced a strictly native MkDocs Material layout, dropping all custom Jinja sidebar hacks.

v0.14.0

🆕 New Rule: Z506 MALFORMED_FRONTMATTER

Detects malformed YAML frontmatter delimiters that cause documentation engines to silently
render metadata as raw prose. Fires on files where the first line starts with -- but is
not exactly --- (e.g., ----, --, --- trailing text).

• Severity: error
• Penalty: −5.0 pts (Content category)
• Suppress: <!-- zenzic:ignore: Z506 -->

🗑️ ADR-034: I18N Engine Eradication

Zenzic is now an English-only tool. The Z602 I18N_PARITY bilingual scanner (443 lines) has
been permanently removed. Z602 is marked status="inactive".

Migration required: Remove [i18n] sections and Z602 suppressions from .zenzic.toml
before upgrading.

🔒 Z405 Infrastructure Exemptions

Standard CDN/hosting infrastructure files are now natively exempt from Z405 Unused Assets:
robots.txt, _redirects, CNAME, sitemap.xml.

🐛 Critical Governance Fixes

• JSON formatter: --output json now correctly applies per_file_ignores and
  directory_policies (previously bypassed governance rules).
• SARIF formatter: Governance filtering now applied to SARIF output, fixing false
  positives in GitHub Advanced Security.

✨ CLI UX

Score breakdown: negative values render in red, zero values dimmed. Immediate visual
signal for DQS regressions.

v0.13.1: SARIF Governance Fix

SARIF Formatter Bypass Fix

This patch release addresses a critical bug in the SARIF formatter where the JSON output bypassed per_file_ignores and directory_policies filtering during zenzic check all.

By properly applying governance exclusions before SARIF generation, Zenzic now ensures that only active (unsuppressed) findings are exported to GitHub Advanced Security. This prevents CI pipelines and quality gates from failing due to properly managed technical debt that was explicitly declared in .zenzic.toml.

Full Changelog

v0.13.0...v0.13.1

Zenzic v0.13.0: The Bridge Architecture & Static Purity

Zenzic Core v0.13.0

This release introduces major architectural shifts to Zenzic, enforcing tighter security policies and bridging external dynamically-generated documentation ecosystems seamlessly.

🚀 Highlights

• The Bridge Architecture (ADR-080): Introduced PrebuiltVSMAdapter for Inversion of Control, allowing Zenzic to validate dynamic documentation generated by frameworks like Docusaurus via static .zenzic-vsm.json payloads.
• TOML Strict Validation: Implemented the "TOML Root Key Law" to actively defend against misconfigurations where root keys are swallowed by [tables].
• CLI UX Refinements: inspect codes and check now provide explicitly clear FATAL/HALT flags and detailed footer metrics (e.g., DQS Final Score: X/100).
• Engine-Neutral Defaults: Zenzic .zenzic.toml templates and initialization default cleanly to MkDocs, completing the strategic pivot away from Docusaurus.

🛡️ Integrity

Signed, reproducible releases. Code strictly validated with 1403 tests passed.

Full Changelog: v0.12.0...v0.13.0

v0.12.0

Full Changelog: v0.11.0...v0.12.0

v0.11.0: Monorepo Scalability & Docusaurus VSM Emulation

Architectural Upgrades

This release establishes native support for nested monorepo architectures and introduces a complete static emulation of the Docusaurus Webpack routing lifecycle, eliminating heuristic-derived false positives.

Core Engine & DX

• Path-Aware Exclusion Engine: excluded_dirs now strictly implements .gitignore slash semantics. Paths containing a slash are evaluated relative to repo_root, while basename-only strings evaluate globally.
• Python 3.12+ RE2 Parity: Replaced the standard library fnmatch with a custom translate_glob_to_re2 implementation. This eradicates atomic group crashes (?>...) in Python 3.12+ and guarantees Google RE2 $O(N)$ linear-time DFA execution.
• Mathematical Transparency: The zenzic score command now accepts a --breakdown flag, exposing the exact algorithmic penalty deductions (including 0-point info findings).
• Visual Telemetry: Interactive progress indicators implemented for the I/O harvesting phase (automatically bypassed in CI environments via the Strict Gate).

Docusaurus Adapter (Static Routing Emulation)

• Monorepo Dynamic Roots: The adapter natively traverses upwards from docs_root to locate docusaurus.config.{js,ts}, setting a dynamic docusaurus_site_root to prevent Virtual Site Map (VSM) collapse in nested monorepos.
• Frontmatter Routing Overrides: Zenzic now parses YAML frontmatter during the I/O phase. Absolute and relative slug declarations correctly override or concatenate with the routeBasePath, mirroring upstream Docusaurus semantics.
• Blog Date Extraction: Complex blog filenames (e.g., 2021-03-09-release.mdx) are statically translated into their canonical /blog/YYYY/MM/DD/release/ VSM routes.
• File-Based Linking Support: Markdown links pointing to physical files (../intro.mdx) are now natively resolved to their logical VSM targets without requiring Node.js.
• Logical Partial Exclusion: Docusaurus partials (_) are logically excluded from the VSM to suppress structural noise, while remaining physically visible to the Z201/Z204 credential scanner (Zero-DBT Security Override).

zenzic 0.10.4 — Security patch & CI hardening

What's changed

Security

• urllib3 2.6.3 → 2.7.0 — CVE-2026-44431, CVE-2026-44432
• idna 3.11 → 3.18 — CVE-2026-45409
• pip 26.0.1 → 26.1.2 — CVE-2026-6357, CVE-2026-3219
• actions/checkout pinned to v6.0.3 SHA (closes #98)
• amannn/action-semantic-pull-request pinned to v6.1.1 SHA (closes #99)

CI

• Removed pull_request.paths filter from ci.yml so the required Audit check is always created for every PR — eliminates false-pending states in branch protection

Documentation

• SSH commit signing setup instructions added to CONTRIBUTING.md
• Badge centering fixed in README.md / README.it.md

Full changelog

https://github.com/PythonWoods/zenzic/blob/main/CHANGELOG.md

v0.10.3: Core AST Parsers & Custom YAML Support Patch

This patch release resolves critical false-positive findings identified during static analysis audits of MkDocs and Docusaurus projects. It also introduces hardened enterprise-grade contribution standards and PR compliance workflows.

🐛 Bug Fixes

• Footnote Link Resolution (Z104): Refactored the AST reference link builder (_build_ref_map) to properly recognize and ignore footnote definitions (e.g., [^1]:). This prevents footnote descriptions from being mistakenly processed as broken filesystem paths.
• Heading Attribute Lists & Custom Block Anchors (Z102):
  • Implemented stripping of markdown attribute list metadata (e.g., { data-toc-label="..." }) from ATX headings prior to slugification, preventing mismatched heading anchor findings.
  • Added native support for explicit block-level custom anchors ({#id}) and footnote targets (#fn:1), aligning the validator with Python-Markdown and Docusaurus anchor resolution.
• Custom YAML Tag Constructors (Z503): Registered standard PyYAML type tags (e.g., !!python/name:) and custom unregistered tags (e.g., !ENV) in the snippet validator's PermissiveSafeLoader. This enables MkDocs config validations to pass cleanly without throwing syntax validator exceptions.

🛡️ Enterprise Governance & Compliance

• Issue-First Policy: PRs must now be linked to an approved and discussed issue before review.
• Conventional Commits & DCO: Enforced Conventional Commits formatting and DCO sign-offs (git commit -s) via a new automated PR workflow (compliance.yml).
• AI-Slop Prevention: Strict requirement for contributors to understand and justify all code alterations.