release: v0.2.0 — TaxDiagnosticResult + fail-closed guards + README repositioning

[Rahul Dass (rahuldass19)]

Summary

This is the v0.2.0 release PR. It bumps version numbers across PyPI, npm, and adds the CHANGELOG entry. Merge this PR before cutting the GitHub release / tag.

Version bumps

File	Old	New
pyproject.toml	0.1.0	0.2.0
npm/package.json	0.1.0	0.2.0
qwed_tax/__init__.py	0.2.0	✅ already bumped
CHANGELOG.md	v0.1.0 only	v0.1.0 + v0.2.0

Also updated package descriptions to align with the new README positioning:

• pyproject.toml: "Deterministic Verification for Payroll and Tax Compliance." → "The Verification Gate for AI-Generated Tax Decisions."
• package.json: "Deterministic Tax Verification for Agentic Finance (Browser/Node)" → "The Verification Gate for AI-Generated Tax Decisions"

What shipped in v0.2.0

Features

• Structured Verification Diagnostics — 3-Layer TaxDiagnosticResult Model #39 — TaxDiagnosticResult 3-layer model (agent message / developer fields / proof ref)
• Migrate remaining 9 guards to TaxDiagnosticResult model #47 — All 12 guards migrated to to_diagnostic() with build_trace() + RuleRef

Bug fixes

• [Bug]: Unknown, unsupported, or partially modeled tax rules are treated as verified #16 — Fail-closed on unknown/unmodeled tax rules
• [Bug]: Legal and tax classifications are guessed instead of blocked when facts are ambiguous #17, [Bug]: Verification outputs overstate assurance by returning success without comparing a claim to the computed truth #18 — Classification fail-closed on ambiguous facts + claim comparison
• [Bug]: Middleware and facade APIs declare full verification after checking only a subset of tax legality #19, [Bug]: ReciprocityGuard Z3 solver always returns sat — dead == True check, every input passes as verified #40 — Middleware success label narrowed + ReciprocityGuard Z3 removed
• [Bug]: Tolerance-based acceptance allows financially incorrect results to pass deterministic checks #20, [Bug]: Edge-case inputs like zero, negative, empty, and degenerate values are not consistently blocked #21, [Bug]: Input models do not strictly reject unexpected fields and malformed payload shapes #22 — Input strictness (exact paise, edge cases, extra="forbid")
• [META] Define QWED-Tax scope: a deterministic verification layer, NOT a GST/tax platform (non-goals) #34, Docs honesty: README claims India GST is "Production Ready" — reposition as a verification layer, not a compliance product #31 — README repositioned as verification layer, not tax platform

Stats

• 270 tests (up from 83 in v0.1.0)
• 8 PRs merged (fix: fail-closed on unknown/unmodeled tax rules (#16) #41-Migrate remaining 9 guards to TaxDiagnosticResult model #47, docs: reposition README as verification layer (refs #34, #31) #46)
• 15 new RuleRef constants in audit.py
• 12/12 guards with to_diagnostic() coverage

After merge

1. Create GitHub release with tag v0.2.0
2. PyPI publish: python -m build && twine upload dist/*
3. npm publish: cd npm && npm publish
4. Close [META] Define QWED-Tax scope: a deterministic verification layer, NOT a GST/tax platform (non-goals) #34 (if not already closed)

Summary by CodeRabbit

Release 0.2.0

• New Features

  • Structured diagnostic results with multiple outcome states
  • Audit tracing and deterministic proof binding
  • Enhanced advisory check metadata support

• Bug Fixes

  • Fail-closed behavior for unknown rules
  • Stricter validation and classification handling

• Changed

  • Improved input validation precision
  • Updated verification semantics

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Warning

Review limit reached

@rahuldass19, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 10 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5296b295-106e-4f44-8334-adae431aea86

📥 Commits

Reviewing files that changed from the base of the PR and between 296141f and fdd63a8.

⛔ Files ignored due to path filters (1)

• npm/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• pyproject.toml
• sonar-project.properties

📝 Walkthrough

Walkthrough

Version bumped from 0.1.0 to 0.2.0 in pyproject.toml and npm/package.json, with updated descriptions. CHANGELOG.md gains a new [0.2.0] section documenting new diagnostic models, audit tracing, fail-closed behavior, input-validation tightening, and expanded test coverage.

Changes

v0.2.0 Release Metadata

Layer / File(s)	Summary
Version bump and changelog entry pyproject.toml, npm/package.json, CHANGELOG.md	version updated from 0.1.0 to 0.2.0 and description reworded in both package manifests; CHANGELOG.md adds the full 0.2.0 release notes with Added, Fixed, Changed, and Tests subsections.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐇 A version hops forward, from one to two,
The changelog unfurls with features brand new!
Diagnostics and traces, fail-closed with care,
The gate checks AI taxes with rigor and flair.
squeak 0.2.0 is here — off we go! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and concisely summarizes the main changes: version bump to 0.2.0 with the three key features (TaxDiagnosticResult, fail-closed guards, README repositioning).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/v0.2.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This is a release-packaging PR for v0.2.0, bumping version numbers across PyPI (pyproject.toml), npm (package.json / package-lock.json), and SonarQube (sonar-project.properties), and adding the corresponding CHANGELOG entry. All underlying feature work was merged separately via PRs #39–#47.

• Version bumped to 0.2.0 in all four version-bearing files; qwed_tax/__init__.py was already bumped in a prior commit and is not in this diff.
• Description updated in both pyproject.toml and npm/package.json to "The Verification Gate for AI-Generated Tax Decisions" — trailing period removed, making both consistent.
• CHANGELOG entry covers the full v0.2.0 feature set (TaxDiagnosticResult, fail-closed guards, 270 tests) with correct date and issue cross-references.

Confidence Score: 5/5

Pure release-packaging change — all five files are version bumps or a CHANGELOG addition with no logic, no executable code, and no dependency changes.

All changes are mechanical: four version strings updated from 0.1.0 to 0.2.0 across pyproject.toml, npm/package.json, npm/package-lock.json, and sonar-project.properties, plus a CHANGELOG entry. There is nothing here that can regress behavior — the actual feature code was merged in prior PRs.

No files require special attention.

Important Files Changed

Filename	Overview
CHANGELOG.md	Adds v0.2.0 changelog entry dated 2026-06-22 with Added/Fixed/Changed/Tests sections; date and version are consistent with the rest of the PR.
pyproject.toml	Version bumped 0.1.0 → 0.2.0 and description updated; trailing period removed, now consistent with npm/package.json.
npm/package.json	Version bumped 0.1.0 → 0.2.0 and description updated to match new positioning; description now consistent with pyproject.toml.
npm/package-lock.json	Lock file version bumped in both root and packages[""] entries to match package.json; no dependency changes.
sonar-project.properties	sonar.projectVersion bumped 0.1.0 → 0.2.0; straightforward version tracking update.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR 49 merged to main] --> B[Tag v0.2.0 on GitHub]
    B --> C[PyPI publish\npython -m build && twine upload dist/*]
    B --> D[npm publish\ncd npm && npm publish]
    C --> E[qwed-tax 0.2.0 on PyPI]
    D --> F[qwed-ai/tax 0.2.0 on npmjs.com]
    E --> G[Close issue 34]
    F --> G

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[PR 49 merged to main] --> B[Tag v0.2.0 on GitHub]
    B --> C[PyPI publish\npython -m build && twine upload dist/*]
    B --> D[npm publish\ncd npm && npm publish]
    C --> E[qwed-tax 0.2.0 on PyPI]
    D --> F[qwed-ai/tax 0.2.0 on npmjs.com]
    E --> G[Close issue 34]
    F --> G

Loading

_{Reviews (2): Last reviewed commit: "fix: sync version across package-lock.js..." | Re-trigger Greptile}

[Rahul Dass (rahuldass19)]

CodeRabbit (@coderabbitai) review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@npm/package.json`:
- Around line 3-4: Update the version field in package-lock.json to match the
version in package.json. Currently package.json shows version 0.2.0 while
package-lock.json still records 0.1.0. Find the version field in
package-lock.json and change it from 0.1.0 to 0.2.0 to maintain consistency
between the two files and avoid confusion for developers and deployment
processes.

In `@pyproject.toml`:
- Around line 3-4: The version in pyproject.toml has been updated to 0.2.0, but
the sonar-project.properties file still contains the old version 0.1.0 in the
sonar.projectVersion property. Update the sonar.projectVersion value in
sonar-project.properties from 0.1.0 to 0.2.0 to keep the project metadata
synchronized across configuration files.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 34662a10-e26c-4621-9c15-c78965143749

📥 Commits

Reviewing files that changed from the base of the PR and between babcda8 and 296141f.

📒 Files selected for processing (3)

• CHANGELOG.md
• npm/package.json
• pyproject.toml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud