What's new in v0.8.2
v0.8.2 extends the periodic public disclosure with a two-tier avoidable energy and carbon breakdown, and fixes a content_hash round-trip defect in disclosure verification. The disclosure report schema gains an additive v1.1 revision, so v1.0 readers and existing reports stay valid. There is no breaking change to the daemon wire protocol, the CLI surface, or the configuration format, and the minimum supported Rust version stays 1.96.0. The release-gate lab validation passed end to end.
Disclosure: canonical and operational waste tiers
The periodic disclosure now reports avoidable energy and carbon at two N+1 detection thresholds side by side. aggregate.canonical_waste is computed at a threshold pinned in the binary (2), not the operator's configuration, so the disclosed waste figure is non-manipulable. Raising the operational n_plus_one_threshold can no longer shrink it. aggregate.operational_waste carries the operator's own configured threshold next to its avoidable figures, so a reader sees the gap between what the operator detects and the canonical floor. Each tier carries its threshold, energy in kWh, carbon in kgCO2eq, the waste ratio, and the efficiency score.
The canonical figure is computed at daemon archive time over the raw traces, and disclose folds both tiers from the archived windows. The pre-existing flat avoidable fields now alias the canonical tier. The schema bumps to perf-sentinel-report/v1.1. The new fields default and are omitted from the wire when absent, so a v1.0 report re-hashed on a v1.1 binary keeps the same content_hash. For intent = official, the validator requires the canonical threshold to equal the binary's pinned value.
Disclosure content_hash round-trip fix
verify-hash could report a content_hash mismatch on an untampered official disclosure. The cause was serde_json parsing floats without the float_roundtrip feature, so a value written by the serializer could come back one unit in the last place off on re-parse, changing the canonical hash. The feature is now enabled, a freshly disclosed report verifies, and a regression test pins a value that drifts under the default parser. The defect predates this release and is resolved here.
Interactive TUI
The TUI backend moves from ratatui 0.30.0 to 0.30.1, which hardens several widgets against panics and arithmetic overflow and fixes paragraph alignment inheritance. There is no visual change to the list and paragraph views perf-sentinel renders.
Supply chain and CI
A cargo-deny gate now layers license, advisory, source, and ban checks on top of cargo-audit. The rendered Helm manifests are scanned with Checkov. The CI and security-audit workflows run under default-deny top-level permissions.
Documentation
The English and French READMEs were restructured with a table of contents, a dedicated input-formats section, collapsible performance and supported-languages sections, expanded data-handling and licensing sections, and refined wording around energy and carbon estimation. The disclosure schema reference, the reporting guide, and the design notes document the three tiers and the disclosure threat model.
Tests
The two-tier disclosure ships with focused coverage. A unit test pins the anti-gaming invariant, the canonical avoidable count is identical whether the operator threshold is sensitive or so high it finds nothing. The aggregator gains a test that drives both tiers end to end through an archived NDJSON window, and the validator gains tests for the canonical-threshold rule and for accepting a high operator threshold. The content_hash regression test serializes a report carrying a float that drifts under the default serde_json parser, parses it back, and asserts the hash is unchanged. A schema test confirms a default tier is omitted from the wire so v1.0 hashes stay stable.
Helm chart
charts/perf-sentinel 0.2.46 to 0.2.47, appVersion 0.8.1 to 0.8.2. Template surface unchanged, additive metadata only.
Operator-visible behavior change
Two changes are visible to disclosure consumers. The flat aggregate fields estimated_optimization_potential_kgco2eq, aggregate_waste_ratio, and aggregate_efficiency_score now alias the canonical tier at threshold 2 rather than the operator's configured threshold, so a consumer reading them sees the non-manipulable figure. The per-threshold detail lives in the new canonical_waste and operational_waste objects. Separately, verify-hash now reports a match on an untampered official disclosure that earlier releases could report as a mismatch, see the content_hash fix above. No detection verdict, daemon route, or metric changes.
Why this is a patch and not a minor
The release is additive and backward compatible. The disclosure feature extends the existing disclose subcommand and the report JSON with the v1.1 waste tiers. The new fields default and are omitted when absent, so v1.0 consumers ignore them and v1.0 reports stay valid. There is no new CLI flag, no configuration change, and no change to the daemon HTTP routes, the OTLP wire protocol, the co2 model enum, or the Prometheus metric names and label sets. Output outside the disclosure is unchanged. The minimum supported Rust version stays 1.96.0.
Verifying this release
# Binary integrity via SLSA Build L3 attestation
gh attestation verify perf-sentinel-linux-amd64 \
--owner robintra --repo perf-sentinel
# A periodic disclosure produced by this binary
perf-sentinel verify-hash --report perf-sentinel-report.json \
--expected-identity "https://github.com/robintra/perf-sentinel/.github/workflows/release.yml@refs/tags/v0.8.2" \
--expected-issuer "https://token.actions.githubusercontent.com"gh CLI 2.49 or newer required for gh attestation verify (unchanged from v0.7.2).
Full Changelog: v0.8.1...v0.8.2