Back to blog

Release

Stable public contracts with stricter fail-closed verification

Ink/charcoal doodle: published contract pages flow into a shielded verification artifact.

InvarLock 0.4.0 stabilizes contracts around policies, proof packs, and evaluation provenance while tightening verification, CI, and coverage enforcement.

2 min read
InvarLock Team

Release: InvarLock 0.4.0 - Stable contracts and a narrower trust surface

Highlights

  • InvarLock now publishes stable public contracts for support matrices, adapter capabilities, plugin compatibility, proof-pack manifests, and policy packs, with new CLI policy tooling plus shipped evidence fixtures for published-basis lanes.
  • Evaluation reports now carry dataset and RMT provenance, while verification and proof-pack paths are tightened to preserve parity and fail closed more consistently.
  • Trust-critical paths were refactored into thinner orchestration shells, the enforced coverage floor rises to 90%, and legacy CLI/reporting/config plus old proof-pack layout compatibility have been removed.

0.4.0 is a surface-stabilization release. The biggest change is not a single feature but a clearer public contract around how InvarLock describes supported adapters, plugins, proof packs, and policy artifacts. That is paired with stronger provenance in evaluation reports, so the evidence produced by the framework is easier to audit and compare across runs.

The release also hardens the implementation beneath that surface. The trust-critical verify, runner, variance, and spectral paths have been split into thinner shells with stronger per-file coverage thresholds, and the repo now enforces a 90% project-wide floor across a broader critical surface. Documentation checks are stricter as well: docs-only CI is blocking on staging/next and main, with markdown and spellcheck lint treated as required gates rather than advisory steps.

Operationally, 0.4.0 is stricter than the recent patch releases. Verify-policy parity, baseline evidence reuse, proof-pack verification, and release-bundling flows are all hardened for fail-closed behavior, while legacy CLI/reporting/config surfaces and the older proof-pack layout compatibility are intentionally removed. If you maintain downstream tooling around older pack layouts or command surfaces, this is the release to re-check against the current docs and published contracts.

For more details, see CHANGELOG.md.

More from the blog

Continue through recent releases and implementation notes.

Release

Coverage hardening across CLI, reporting, and observability paths

Coverage thresholds now enforce split-module branch floors for critical CLI/reporting paths.

Release

Targeted regression hardening for quantization and reporting paths

A focused hardening release: safer AWQ plugin discovery, stronger quantization clipping behavior, and broader report-schema acceptance for edge payloads.

Release

Bigger proof-pack coverage with stronger CI reproducibility

Proof packs add new showcase and evidence artifacts, while CI and release flows become more deterministic and easier to validate repeatedly.