Bump version to 0.2.3 and update CI/Makefile

.github/workflows/release.yml

@@ -9,8 +9,7 @@ on:
     types: [published]
 
 permissions:
-  contents: read
-  id-token: write  # Required for OIDC trusted publishing to PyPI
+  contents: write  # Required for creating releases
 
 env:
   CARGO_TERM_COLOR: always
@@ -77,13 +76,23 @@ jobs:
             echo "✅ bindings/wasm/package.json: $NPM_VERSION"
           fi
 
+          # Check Cargo.lock
+          LOCK_VERSION=$(grep -A1 '^name = "kya-validator"$' Cargo.lock | grep '^version =' | head -1 | sed 's/.*"\(.*\)".*/\1/')
+          if [ "$LOCK_VERSION" != "$RELEASE_VERSION" ]; then
+            echo "❌ Cargo.lock: $LOCK_VERSION (expected $RELEASE_VERSION)"
+            ERRORS=1
+          else
+            echo "✅ Cargo.lock: $LOCK_VERSION"
+          fi
+
           if [ $ERRORS -eq 1 ]; then
             echo ""
             echo "⚠️ Version mismatch detected!"
             echo "Please update all manifest files before creating release:"
             echo "  - Cargo.toml"
             echo "  - pyproject.toml"
             echo "  - bindings/wasm/package.json"
+            echo "  - Cargo.lock (run: cargo update -p kya-validator)"
             exit 1
           fi
 
@@ -173,16 +182,14 @@ jobs:
           echo "Package: https://www.npmjs.com/package/@open-kya/kya-validator-wasm" >> $GITHUB_STEP_SUMMARY
 
   # Publish Python wheels to PyPI (Linux + macOS ARM64)
+  # Uses token-based authentication (PYPI_TOKEN secret)
   publish-pypi:
     name: Publish to PyPI (${{ matrix.os }})
     needs: prepare
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
-    environment:
-      name: pypi
-      url: https://pypi.org/p/kya-validator
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -206,9 +213,12 @@ jobs:
           uv run maturin build --release
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          packages-dir: target/wheels
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          uv pip install twine
+          uv run twine upload target/wheels/*.whl
 
       - name: Summary
         shell: bash

Cargo.toml

@@ -3,7 +3,7 @@
 
 [package]
 name = "kya-validator"
-version = "0.2.2"
+version = "0.2.3"
 edition = "2021"
 description = "Rust core KYA (Know Your Agent) validator with Python bindings, TEE support, and blockchain integration"
 license = "MPL-2.0"

Makefile

@@ -1,7 +1,7 @@
 # kya-validator/Makefile
 PYTHON ?= $(shell (pyenv which python >/dev/null 2>&1 && pyenv which python) || which python3)
 
-.PHONY: build test fmt lint python release verify demo-install demo-backend demo-frontend run fix-verify install-tools clean get-lastest-schema install
+.PHONY: build test fmt lint python release verify demo-install demo-backend demo-frontend run fix-verify install-tools clean get-lastest-schema install check-version sync-version
 
 # Schema URL (raw content URL for downloading)
 # TODO: Update this URL when the Open KYA standard repo is available
@@ -38,6 +38,48 @@ release: build
 install-tools:
 	uv tool install maturin
 
+# Check that all version files are synchronized
+check-version:
+	@echo "Checking version consistency across all manifest files..."
+	@CARGO_VERSION=$$(grep '^version =' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/'); \
+	PYPROJECT_VERSION=$$(grep '^version =' pyproject.toml | head -1 | sed 's/.*"\(.*\)".*/\1/'); \
+	NPM_VERSION=$$(grep '"version":' bindings/wasm/package.json | head -1 | sed 's/.*: *"\([^"]*\)".*/\1/'); \
+	LOCK_VERSION=$$(grep -A1 '^name = "kya-validator"$$' Cargo.lock | grep '^version =' | head -1 | sed 's/.*"\(.*\)".*/\1/'); \
+	ERRORS=0; \
+	echo ""; \
+	echo "Cargo.toml:           $$CARGO_VERSION"; \
+	echo "pyproject.toml:       $$PYPROJECT_VERSION"; \
+	echo "package.json:         $$NPM_VERSION"; \
+	echo "Cargo.lock:           $$LOCK_VERSION"; \
+	echo ""; \
+	if [ "$$CARGO_VERSION" != "$$PYPROJECT_VERSION" ]; then \
+		echo "❌ Cargo.toml != pyproject.toml"; \
+		ERRORS=1; \
+	fi; \
+	if [ "$$CARGO_VERSION" != "$$NPM_VERSION" ]; then \
+		echo "❌ Cargo.toml != package.json"; \
+		ERRORS=1; \
+	fi; \
+	if [ "$$CARGO_VERSION" != "$$LOCK_VERSION" ]; then \
+		echo "❌ Cargo.toml != Cargo.lock (run: make sync-version)"; \
+		ERRORS=1; \
+	fi; \
+	if [ $$ERRORS -eq 1 ]; then \
+		echo ""; \
+		echo "⚠️ Version mismatch detected!"; \
+		echo "Run 'make sync-version' to sync Cargo.lock"; \
+		echo "Manually update Cargo.toml, pyproject.toml, and package.json to match"; \
+		exit 1; \
+	fi; \
+	echo "✅ All versions match: $$CARGO_VERSION"
+
+# Sync Cargo.lock with Cargo.toml version
+sync-version:
+	@echo "Syncing Cargo.lock..."
+	@cargo update -p kya-validator
+	@echo "✅ Cargo.lock updated"
+	@$(MAKE) check-version
+
 demo-install:
 	$(MAKE) -C apps/demo_backend install
 

bindings/wasm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-kya/kya-validator-wasm",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "WebAssembly bindings for KYA (Know Your Agent) Validator - browser and Node.js",
   "keywords": [
     "kya",

pyproject.toml

@@ -1,7 +1,7 @@
 # kya-validator/pyproject.toml
 [project]
 name = "kya-validator"
-version = "0.2.2"
+version = "0.2.3"
 description = "Rust core KYA (Know Your Agent) validator with Python bindings, TEE support, and blockchain integration"
 authors = [{name = "KYA Contributors", email = "lkl@cph.ai"}]
 readme = "README.md"