Summary: v0.7.0 post-release audit PASSED. All immediate checks, public-promise checks, scanner-safe bundle verify/inspect/export, and evidence-promise commands succeed. Sole outstanding item is docs.rs build (queued, not yet built as of audit time) — no action required, recheck only.
Post-release audit for v0.7.0
- Release visible: PASS —
gh release view v0.7.0 shows tag v0.7.0, draft=false, published 2026-05-11T15:20:22Z by github-actions[bot]; body includes the "Claim boundary" stanza confirming uselesskey is a test-fixture layer. Link: https://github.com/EffortlessMetrics/uselesskey/releases/tag/v0.7.0
- Crates.io facade visible: PASS —
cargo search uselesskey --limit 5 returns uselesskey = "0.7.0" plus four sibling crates at 0.7.0. 20-crate spot check via https://crates.io/api/v1/crates/<name> confirmed max_version=0.7.0 for: uselesskey, uselesskey-core, uselesskey-cli, uselesskey-rsa, uselesskey-ecdsa, uselesskey-ed25519, uselesskey-hmac, uselesskey-token, uselesskey-jwk, uselesskey-x509, uselesskey-jsonwebtoken, uselesskey-rustls, uselesskey-tonic, uselesskey-aws-lc-rs, uselesskey-ring, uselesskey-rustcrypto, uselesskey-core-seed, uselesskey-core-cache, uselesskey-core-x509, uselesskey-core-rustls-pki.
- Docs.rs visible: QUEUED —
https://docs.rs/crate/uselesskey/0.7.0 and https://docs.rs/crate/uselesskey-core/0.7.0 both return HTTP 404 ("requested version does not exist") as of 2026-05-11T17:26:48Z. The crates do appear in https://docs.rs/releases/queue indicating builds are accepted/queued, not failed. Recheck required; no republish needed (per audit doc "do not republish solely for docs.rs lag").
- Public-surface/docs/package checks: PASS
cargo xtask public-surface — checked 64 workspace crates (17 public promises, 9 adapter promises, 27 published internals, 11 workspace-only); exit 0.
cargo xtask docs-sync --check — inventory matched (README.md, crates/uselesskey/README.md, docs/how-to/choose-features.md); exit 0.
cargo xtask publish-preflight — completed in 49.7s; all 55 preflight package + public-surface + doc-versions + metadata stages succeeded.
cargo xtask no-blob — exit 0; no secret-shaped blobs detected.
- Scanner-safe bundle verify/export/inspect: PASS
bundle --profile scanner-safe produced 10 files (rsa/ecdsa/ed25519/hmac JWKs, token, x509.pem, jwk, jwks, materialization receipt, audit-surface receipt) under target/post-release-bundle.
verify-bundle returned status: "ok" over 10 files.
inspect-bundle reported: profile=scanner-safe, artifacts=8, verified=10, scanner-safe=yes, private-key-material=no, symmetric-secret-material=no, runtime-material-artifacts=0, verification=ok, receipts=materialization+audit-surface.
export k8s wrote target/post-release-bundle/secret.yaml (4339 bytes).
export vault-kv-json wrote target/post-release-bundle/kv-v2.json (3611 bytes).
- Receipts: PASS
cargo xtask economics — wrote target/xtask/economics/latest.json + .md covering entropy-only, token-shape-only, runtime-rsa, build-time-shape-fixtures, build-time-rsa-fixtures.
cargo xtask audit-surface — wrote target/xtask/audit-surface/latest.json + .md covering entropy, token, rsa, materialize-shape, materialize-rsa, jsonwebtoken-adapter, pgp-adapter.
cargo xtask perf --compare — wrote target/xtask/perf/latest.json; all 14 benchmarks within thresholds (exit 0). One run flagged a transient WARN on cli.materialize_verify.shape (+141.88%, attributed to Windows clock jitter on cold start); a second run confirmed -18.94% under threshold. No action required.
cargo xtask mutants-nightly --scope public --dry-run — scope plan resolved 9 crates: uselesskey-core, uselesskey-jwk, uselesskey-token, uselesskey-x509, uselesskey-rsa, uselesskey-ecdsa, uselesskey-ed25519, uselesskey-hmac, uselesskey-cli. Survivor ledger parsing validated. Actual mutation evidence remains the scheduled nightly workflow.
Open Follow-ups
Recovery-lane issues filed during/after the v0.7.0 release lane
External follow-up
- shipper#173 (post-v0.7.0; CI release publish migration to shipper)
Open release label tracking issues (DO NOT CLOSE here — owner closes)
These v0.7.0 "prove" checklist issues remain open. Each can be closed by the owner if its criteria are satisfied by the evidence above and the release-evidence matrix (target/release-evidence/summary.md, release-evidence.md, scanner-safe-bundle-proof.md, oidc-contract-pack-proof.md, target/mutation/nightly-receipt.md, target/xtask/perf/latest.md):
Docs.rs recheck
- Recheck
https://docs.rs/crate/uselesskey/0.7.0 and other workspace crates. Builds are queued (visible in https://docs.rs/releases/queue) but not yet rendered as of 2026-05-11T17:26:48Z. If still 404 after 24h, file a docs.rs follow-up issue and link the build log.
Summary: v0.7.0 post-release audit PASSED. All immediate checks, public-promise checks, scanner-safe bundle verify/inspect/export, and evidence-promise commands succeed. Sole outstanding item is docs.rs build (queued, not yet built as of audit time) — no action required, recheck only.
Post-release audit for v0.7.0
gh release view v0.7.0shows tagv0.7.0, draft=false, published 2026-05-11T15:20:22Z by github-actions[bot]; body includes the "Claim boundary" stanza confirming uselesskey is a test-fixture layer. Link: https://github.com/EffortlessMetrics/uselesskey/releases/tag/v0.7.0cargo search uselesskey --limit 5returnsuselesskey = "0.7.0"plus four sibling crates at 0.7.0. 20-crate spot check viahttps://crates.io/api/v1/crates/<name>confirmedmax_version=0.7.0for:uselesskey,uselesskey-core,uselesskey-cli,uselesskey-rsa,uselesskey-ecdsa,uselesskey-ed25519,uselesskey-hmac,uselesskey-token,uselesskey-jwk,uselesskey-x509,uselesskey-jsonwebtoken,uselesskey-rustls,uselesskey-tonic,uselesskey-aws-lc-rs,uselesskey-ring,uselesskey-rustcrypto,uselesskey-core-seed,uselesskey-core-cache,uselesskey-core-x509,uselesskey-core-rustls-pki.https://docs.rs/crate/uselesskey/0.7.0andhttps://docs.rs/crate/uselesskey-core/0.7.0both return HTTP 404 ("requested version does not exist") as of2026-05-11T17:26:48Z. The crates do appear in https://docs.rs/releases/queue indicating builds are accepted/queued, not failed. Recheck required; no republish needed (per audit doc "do not republish solely for docs.rs lag").cargo xtask public-surface— checked 64 workspace crates (17 public promises, 9 adapter promises, 27 published internals, 11 workspace-only); exit 0.cargo xtask docs-sync --check— inventory matched (README.md, crates/uselesskey/README.md, docs/how-to/choose-features.md); exit 0.cargo xtask publish-preflight— completed in 49.7s; all 55 preflight package + public-surface + doc-versions + metadata stages succeeded.cargo xtask no-blob— exit 0; no secret-shaped blobs detected.bundle --profile scanner-safeproduced 10 files (rsa/ecdsa/ed25519/hmac JWKs, token, x509.pem, jwk, jwks, materialization receipt, audit-surface receipt) undertarget/post-release-bundle.verify-bundlereturnedstatus: "ok"over 10 files.inspect-bundlereported: profile=scanner-safe, artifacts=8, verified=10, scanner-safe=yes, private-key-material=no, symmetric-secret-material=no, runtime-material-artifacts=0, verification=ok, receipts=materialization+audit-surface.export k8swrotetarget/post-release-bundle/secret.yaml(4339 bytes).export vault-kv-jsonwrotetarget/post-release-bundle/kv-v2.json(3611 bytes).cargo xtask economics— wrotetarget/xtask/economics/latest.json+.mdcovering entropy-only, token-shape-only, runtime-rsa, build-time-shape-fixtures, build-time-rsa-fixtures.cargo xtask audit-surface— wrotetarget/xtask/audit-surface/latest.json+.mdcovering entropy, token, rsa, materialize-shape, materialize-rsa, jsonwebtoken-adapter, pgp-adapter.cargo xtask perf --compare— wrotetarget/xtask/perf/latest.json; all 14 benchmarks within thresholds (exit 0). One run flagged a transient WARN oncli.materialize_verify.shape(+141.88%, attributed to Windows clock jitter on cold start); a second run confirmed -18.94% under threshold. No action required.cargo xtask mutants-nightly --scope public --dry-run— scope plan resolved 9 crates: uselesskey-core, uselesskey-jwk, uselesskey-token, uselesskey-x509, uselesskey-rsa, uselesskey-ecdsa, uselesskey-ed25519, uselesskey-hmac, uselesskey-cli. Survivor ledger parsing validated. Actual mutation evidence remains the scheduled nightly workflow.Open Follow-ups
Recovery-lane issues filed during/after the v0.7.0 release lane
mode = "no-new-debt")External follow-up
Open
releaselabel tracking issues (DO NOT CLOSE here — owner closes)These v0.7.0 "prove" checklist issues remain open. Each can be closed by the owner if its criteria are satisfied by the evidence above and the release-evidence matrix (
target/release-evidence/summary.md,release-evidence.md,scanner-safe-bundle-proof.md,oidc-contract-pack-proof.md,target/mutation/nightly-receipt.md,target/xtask/perf/latest.md):Docs.rs recheck
https://docs.rs/crate/uselesskey/0.7.0and other workspace crates. Builds are queued (visible in https://docs.rs/releases/queue) but not yet rendered as of 2026-05-11T17:26:48Z. If still 404 after 24h, file a docs.rs follow-up issue and link the build log.