Release XARF v4.0.0 - Production Stable

.claude-flow/metrics/performance.json

@@ -1,7 +1,7 @@
 {
-  "startTime": 1763985009551,
-  "sessionId": "session-1763985009551",
-  "lastActivity": 1763985009551,
+  "startTime": 1763991837598,
+  "sessionId": "session-1763991837598",
+  "lastActivity": 1763991837598,
   "sessionDuration": 0,
   "totalTasks": 1,
   "successfulTasks": 1,
@@ -84,4 +84,4 @@
     "cacheHits": 0,
     "cacheMisses": 0
   }
-}
+}

.claude-flow/metrics/task-metrics.json

@@ -1,10 +1,10 @@
 [
   {
-    "id": "cmd-hooks-1763985009590",
+    "id": "cmd-hooks-1763991837635",
     "type": "hooks",
     "success": true,
-    "duration": 3.3425829999999905,
-    "timestamp": 1763985009594,
+    "duration": 8.505250000000004,
+    "timestamp": 1763991837644,
     "metadata": {}
   }
-]
+]

.github/workflows/publish-pypi.yml

@@ -0,0 +1,83 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:  # Allow manual trigger
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Check package
+        run: twine check dist/*
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    needs: [build]
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/xarf
+    permissions:
+      id-token: write  # Required for trusted publishing
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  publish-to-testpypi:
+    name: Publish to TestPyPI
+    needs: [build]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch'
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/xarf
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/

CHANGELOG.md

@@ -7,13 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Changed
-- **Legacy Tag Naming**: Updated v3 compatibility tags from `legacy:class:` to `legacy:category:` to align with v4 field naming conventions
-  - Affects only v3 report conversion metadata tags
-  - Maintains consistency with `category` field terminology throughout codebase
+## [4.0.0] - 2025-11-30
 
-### Fixed
-- **Documentation Examples**: Corrected CONTRIBUTING.md sample report to use `category` field instead of outdated `class` reference
+### 🎉 Stable Release
+
+XARF v4.0.0 Python parser is now production-ready! This release includes comprehensive support for all XARF v4 categories, backwards compatibility with v3, and modern Python 3.8-3.12 support.
 
 ### Added
 - **XARF v3 Backwards Compatibility**: Automatic conversion from v3 to v4 format
@@ -27,27 +25,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Migration guide documentation at `docs/migration-guide.md`
 
 ### Changed
+- **Production Status**: Updated from Beta to Production/Stable
 - **Pydantic V2 Migration**: Updated from Pydantic V1 to V2 API
   - Replaced `@validator` with `@field_validator` for all model validators
   - Updated `Config` class to `ConfigDict` in XARFReport model
   - Changed `allow_population_by_field_name` to `populate_by_name`
   - All validators now use `@classmethod` decorator with type hints
   - Fixed Python 3.13+ datetime deprecation warnings
+- **Legacy Tag Naming**: Updated v3 compatibility tags from `legacy:class:` to `legacy:category:` to align with v4 field naming conventions
+  - Affects only v3 report conversion metadata tags
+  - Maintains consistency with `category` field terminology throughout codebase
 
 ### Fixed
 - Resolved all Pydantic V2 deprecation warnings in models
 - Fixed `datetime.utcnow()` deprecation by using `datetime.now(timezone.utc)`
 - Improved type hints for Pydantic V2 compatibility
 - Updated import statements to use `pydantic.ConfigDict` and `field_validator`
+- **Documentation Examples**: Corrected CONTRIBUTING.md sample report to use `category` field instead of outdated `class` reference
 
 ### Documentation
 - Added v3 compatibility section to README with example code
 - Created comprehensive migration guide (`docs/migration-guide.md`)
 - Updated feature list to highlight v3 support and Pydantic V2 compatibility
 - Added documentation links for migration guide
 
-## [4.0.0] - 2024-01-20
-
 ### Breaking Changes
 
 #### Field Rename: `class` → `category`

README.md

@@ -179,7 +179,7 @@ validation_result = validate_xarf_report(
 - ✅ **Generation**: Create XARF v4 reports programmatically
 - ✅ **Evidence Handling**: Support for text, images, and binary evidence
 - ✅ **Category Support**: All 7 categories (messaging, connection, content, infrastructure, copyright, vulnerability, reputation)
-- ✅ **Reporter Info**: Including `on_behalf_of` for infrastructure providers
+- ✅ **Reporter/Sender**: Separate reporter and sender fields for third-party reporting
 - ✅ **XARF v3 Compatibility**: Automatic conversion with deprecation warnings
 - ✅ **Pydantic V2**: Modern validation with full type safety
 - ✅ **Python 3.8-3.12**: Full compatibility
@@ -233,7 +233,12 @@ spam_report = {
     "reporter": {
         "org": "Spam Detection Service",
         "contact": "noreply@spamdetect.example",
-        "type": "automated"
+        "domain": "spamdetect.example"
+    },
+    "sender": {
+        "org": "Spam Detection Service",
+        "contact": "noreply@spamdetect.example",
+        "domain": "spamdetect.example"
     },
     "source_identifier": "192.0.2.100",
     "category": "messaging",
@@ -282,30 +287,53 @@ print(f"Attack lasted {ddos_report.duration_minutes} minutes")
 print(f"Total packets: {ddos_report.packet_count}")
 ```
 
-### Using `on_behalf_of` for Infrastructure Providers
+### Reporter vs Sender: Third-Party Reporting
+
+XARF v4 uses separate `reporter` and `sender` fields to distinguish between who created the report and who sent it.
 
+**Direct Reporting** (reporter = sender):
 ```python
 from xarf.generator import XARFGenerator
 
 generator = XARFGenerator()
 
-# Infrastructure provider (Abusix) sending report for client (Swisscom)
+# Organization reporting abuse they directly observed
 report = generator.create_report(
     category="messaging",
     report_type="spam",
     source_identifier="192.0.2.150",
-    reporter_org="Abusix",
-    reporter_contact="reports@abusix.com",
-    on_behalf_of={
-        "org": "Swisscom",
-        "contact": "abuse@swisscom.ch"
-    },
-    description="Spam detected by Swisscom's infrastructure"
+    reporter_org="Security Team",
+    reporter_contact="abuse@example.com",
+    reporter_domain="example.com",
+    sender_org="Security Team",
+    sender_contact="abuse@example.com",
+    sender_domain="example.com",
+    description="Spam detected in our infrastructure"
 )
 
-# The report clearly shows Abusix is reporting on behalf of Swisscom
 print(f"Reporter: {report.reporter.org}")
-print(f"On behalf of: {report.reporter.on_behalf_of.org}")
+print(f"Sender: {report.sender.org}")
+```
+
+**Third-Party Reporting** (reporter ≠ sender):
+```python
+# Infrastructure provider (Abusix) sending report on behalf of client (Swisscom)
+report = generator.create_report(
+    category="messaging",
+    report_type="spam",
+    source_identifier="192.0.2.150",
+    reporter_org="Swisscom",
+    reporter_contact="abuse@swisscom.ch",
+    reporter_domain="swisscom.ch",
+    sender_org="Abusix",
+    sender_contact="reports@abusix.com",
+    sender_domain="abusix.com",
+    description="Spam detected by Swisscom, transmitted by Abusix"
+)
+
+# The report clearly shows Swisscom is the reporter, Abusix is the sender
+print(f"Reporter (who detected): {report.reporter.org}")
+print(f"Sender (who transmitted): {report.sender.org}")
 ```
 
 ## 🔍 Validation
@@ -495,7 +523,7 @@ This project follows semantic versioning with alpha/beta releases:
 
 - `4.0.0a1`, `4.0.0a2` - Alpha releases (current)
 - `4.0.0b1`, `4.0.0b2` - Beta releases (planned)
-- `4.0.0` - Stable release (Q2 2024)
+- `4.0.0` - Stable release (Q1 2026)
 
 ## 🎯 Roadmap
 
@@ -505,19 +533,19 @@ This project follows semantic versioning with alpha/beta releases:
 - [x] JSON schema validation
 - [x] messaging, connection, content categories
 - [x] Generator functionality
-- [x] `on_behalf_of` support
+- [x] Reporter/sender separation for third-party reporting
 - [ ] Evidence handling improvements
 - [ ] Performance benchmarks
 
-### Beta Phase (Q1 2024)
+### Beta Phase (Q4 2025)
 
 - [ ] Complete category coverage (all 7)
 - [ ] XARF v3 compatibility layer
 - [ ] Advanced validation rules
 - [ ] CLI tools
 - [ ] Comprehensive documentation
 
-### Stable Release (Q2 2024)
+### Stable Release (Q1 2026)
 
 - [ ] Production-ready performance
 - [ ] >95% test coverage