docs: sync governance and validation with hardening pass

Update contributor, security, validation, and compute handoff documentation to reflect new runtime safeguards, CI gates, and expected regression checks. Made-with: Cursor
2026-04-17 08:23:37 -06:00
parent 92a417c102
commit ce137dd1c2
6 changed files with 26 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,3 +10,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added

 - Initial public-ish repository layout: `solver-c`, `solver-api`, `gui-ts`, regression data, engineering docs, and agent handoff docs.
+
+### Changed
+
+- Hardened `solver-c` JSON/input boundaries and file-loading paths to prevent buffer/partial-read edge failures.
+- Added API error envelope consistency (`schemaVersion` + `code`) for expected 4xx paths and diagnostic workflow validation.
+- Added GUI run-token protection against stale async solve responses and explicit FDM/FEA card-length mismatch messaging.
+- Switched Docker build dependency installs to `npm ci` for reproducibility and added CI dependency audit checks.
+- Added full tracked-file audit ledger at `docs/engineering/full-repo-audit-ledger.md`.