Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
Section titled “[Unreleased]”- Report-ingestion runners so AssayPDF is a vendor-neutral cross-engine litmus: it now scores a preflight report an engine already produced, not just engines it can drive via CLI.
pitstop-reportingests Enfocus PitStop XML;callasingests callas pdfToolbox JSON or XML (format auto-detected). Both normalize into the sameEngineResultmodel and score through the identical GWG confusion-matrix path (harness/runners/{pitstop_report,callas}.py,IngestRunnerbase,rule_maps/{pitstop-report,callas}.json). Report shapes mirror lint-pdf’spitstop_xml/callas_json/callas_xmlimporters. assay ingest-report --engine {pitstop-report,callas} --reports-dir DIRCLI command +harness.driver.ingest_reports()driver, which scans a reports directory, joins each report to the corpus by PDF basename, scores, and writes the sameresults/<engine>-<timestamp>.{json,score.json}artifacts. Unparseable reports raiseIngestParseError(clean failure with the field that broke) and are skipped with a warning — never silently counted as a clean pass.- Color-conformance verification (
src/assay_pdf/color/): G7 grayscale/highlight-range, ISO 12647 tone value increase (TVI), and Fogra (FOGRA51) ΔE*00 metrics computed over measurement data. These are checks, not transforms — AssayPDF measures and reports; thresholds are inputs (ColorTolerances) and pass/fail is deferred (lint owns policy), so each metric carrieswithin_tolerance = Nonewhen no tolerance is supplied. ColorConformanceRunner(harness/runners/colorconformance.py) following the runner shape but returning aColorConformanceReportfrom aMeasurementSet.- Local dependency-free CIE76 / CIEDE2000 ΔE math (
color/color_math.py), verified against the Sharma et al. (2005) test vectors and matching codex-pdf’s reference to 4dp. codex is not a dependency here (the integration is subprocess-only), so the math is implemented locally rather than imported/vendored. - Methodology + architecture docs for the color metrics (G7 / ISO 12647-2 / FOGRA51 references) and a deterministic fixture measurement set (
tests/fixtures/color/).
[0.1.0b3] — 2026-06-04
Section titled “[0.1.0b3] — 2026-06-04”Security
Section titled “Security”- Added blocking
securityjob to CI (semgrepp/security-audit+p/secrets+p/python, bandit medium/medium, pip-audit) that gates the test matrix. - Added top-level
permissions: contents: readto all three workflows (ci.yml,release.yml,url-liveness.yml) to enforce least-privilege token scoping. - Added
persist-credentials: falseto allactions/checkoutsteps across all workflows to prevent credential leakage after checkout. - Added
bandit>=1.8andpip-audit>=2.9to[project.optional-dependencies] devso CI and localuv sync --all-extrasinstall the same audit tools.
Changed
Section titled “Changed”- Version bump:
0.1.0b2→0.1.0b3.
[0.1.0b2]
Section titled “[0.1.0b2]”- Initial scaffold (Commit 1): pyproject.toml (uv-managed, Python 3.12+), LICENSE (AGPL-3.0-or-later), README, CHANGELOG, CONTRIBUTING, tooling configs, CI workflows, issue/PR templates.
- Project governance docs:
SECURITY.md(vulnerability reporting policy),CODE_OF_CONDUCT.md(Contributor Covenant 2.1),SUPPORT.md(where to ask for help), a feature-request issue template, andISSUE_TEMPLATE/config.ymlrouting security and questions to the right channels.
[0.1.0] — TBD
Section titled “[0.1.0] — TBD”- Spec ingestion: parser for GWG 2022 multi-tab workbook →
requirement-ids.jsonmachine-readable manifest. - Vendor asset fetcher: SHA-256-verified downloads of GWG 2022 spec docs + GOS 5.0 suites + Processing Steps Test Suite v1.
- Deterministic corpus generator: 175-file PDF/X-4 corpus across 39 GWG 2022 rules and 23 variants. Byte-identical reproducibility from a seed.
- Harness with three engine runners: callas pdfToolbox, Enfocus PitStop Server, lintPDF.
- Per-rule, per-variant, per-engine scorer producing markdown and HTML accuracy reports.
verapdfPDF/X-4 validation as part ofassay validate.- ICC profile bundle: GRACoL2013, FOGRA39, FOGRA51, sRGB IEC61966-2.1, AdobeRGB1998 (redistributed under upstream terms).