Skip to content

BrickflowUI 0.1.13 Stability Verification

Date: 2026-06-29 Branch: codex/stability-hardening Target: main Version: 0.1.13

Outcome

The source, frontend production bundle, automated tests, static analysis, documentation build, browser acceptance matrix, final package build, clean-wheel installation, and dependency audits are green. GitHub publication remains blocked until authentication is refreshed. No wheel from an earlier source state may be published.

Automated gates

Gate Command Result
Python tests python -m pytest -q -p no:cacheprovider 77 passed
Python lint python -m ruff check --no-cache brickflowui tests examples scripts/generate_component_reference.py passed
Python types python -m mypy --no-incremental --cache-dir NUL brickflowui passed, 16 source files
Frontend tests npm test -- --run 30 passed in 8 files
Frontend lint npm run lint passed
Frontend build npm run build passed with Vite 7.3.6
Component references python scripts/generate_component_reference.py passed; only the intentional Progress reference change remains
Documentation python -m mkdocs build --strict --site-dir site-final passed
Patch hygiene git diff --check passed

The production bundle generated by the verified frontend build references:

  • assets/index-xP_s6Cac.js
  • assets/index-6YTbxISe.css
  • assets/vendor-D_MD1exS.js
  • assets/charts-CbObG0ND.js

The final npm audit --audit-level=high registry check reported zero vulnerabilities.

Browser acceptance

The in-app browser exercised the production bundle served by the Python runtime.

Scenario Result
Initial page and WebSocket connection passed
Direct /settings deep link passed
/ to /analytics to /users navigation passed
Browser Back, Back, Forward without duplicate entries passed
Forced server disconnect and full-tree reconnect passed
Search filtering and keyboard clear passed
Table sort ascending and descending passed
Theme toggle passed
Narrow 390 x 844 viewport without horizontal overflow passed
Progress values 88, 93, and 82 width matched value and computed color was non-transparent
ChatInput Enter submission passed; rendered once and cleared the input
Browser console on verified flows no uncaught errors observed

The browser harness did not expose a Blob download event. CSV behavior is therefore covered by unit tests for formula neutralization, UTF-8 BOM and CRLF output, attached-link click order, cleanup, and deferred object-URL revocation.

Defects fixed in this release

  • transparent progress fills caused by undefined friendly color tokens;
  • duplicate browser-history pushes during popstate navigation;
  • unsafe or malformed incremental VDOM patches;
  • nested VNodes omitted from changed prop serialization;
  • lost back-to-back ChatInput change and submit events;
  • ChatInput submission during IME composition;
  • unsafe spreadsheet formula cells and fragile Blob download cleanup;
  • render-context leakage across nested renders;
  • unsafe HTML shell interpolation and active bootstrap configuration;
  • frozen pages when the packaged frontend bundle is missing;
  • unsafe CLI scaffold paths;
  • source version reporting inherited from an unrelated installed release.

Package verification

The final artifacts were built in an isolated PEP 517 environment and passed Twine metadata validation:

  • wheel: brickflowui-0.1.13-py3-none-any.whl
  • wheel SHA-256: A8A200DD110FE1C4179C9A8182BC75B861DEECD9AA6146A7AC14543D308C669A
  • sdist: brickflowui-0.1.13.tar.gz

The sdist checksum is recorded alongside the final external release artifacts rather than embedded here, because this report is itself included in the sdist.

The exact wheel installed successfully into a clean environment. An isolated import reported version 0.1.13 from site-packages, found the expected index-xP_s6Cac.js bundle, and served both / and the bundled JavaScript asset with HTTP 200. pip-audit reported no known vulnerabilities in the installed dependency set; the unpublished local brickflowui==0.1.13 distribution was the expected unaudited package.

Publication blocker

GitHub CLI authentication also reports an invalid token for AjayAJ2000. Before release:

  1. refresh authentication with gh auth refresh -h github.com;
  2. push the verified branch and open the PR to main;
  3. merge only after CI and review;
  4. publish v0.1.13 through the trusted-publishing workflow;
  5. verify the exact PyPI JSON endpoint and a fresh brickflowui==0.1.13 install.

Release status: locally verified; GitHub authentication and the reviewed merge/release workflow remain required for publication.