Skip to content

Releases: valkyoth/hashavatar

Hashavatar 1.1.2

Choose a tag to compare

@eldryoth eldryoth released this 10 Jul 10:37
Immutable release. Only release title and notes can be modified.
v1.1.2
ccad80b

hashavatar 1.1.2

1.1.2 is a maintenance release focused on dependency, Rust toolchain, and CI
pin freshness. It does not intentionally change the public API, avatar
rendering behavior, or visual fingerprints.

Dependencies

  • Updated sanitization from 1.2.2 to 1.2.4.
  • Updated sanitization-crypto-interop from 1.2.2 to 1.2.4.
  • Refreshed compatible transitive dependencies in the root and fuzz
    lockfiles.
  • Confirmed all other direct runtime, optional, development, and fuzz
    dependencies remain current.

Both sanitization crates continue to declare Rust 1.90 support.

Rust Support

  • Updated the pinned development and release toolchain from Rust 1.96.1 to
    Rust 1.97.0.
  • Kept Cargo.toml rust-version = "1.90" as the public MSRV.
  • Retained focused CI compatibility checks on Rust 1.90.0.
  • Retained the Kani verifier default on its documented Rust 1.90.0
    toolchain, independently of the development compiler.

CI And Tooling

  • Updated the immutable taiki-e/install-action pin from the v1.1.1 tag's
    v2.82.8 to v2.83.0 (including the intervening post-release v2.82.9
    maintenance update).
  • Confirmed actions/checkout remains current at v7.0.0.
  • Confirmed Swatinem/rust-cache remains current at v2.9.1.
  • Confirmed the repository's audit, deny, fuzz, outdated, and Kani tooling is
    current at release preparation time.
  • Updated the fuzz dependency-policy check to use the current cargo-deny
    CLI without relying on version-sensitive --config option ordering.

Compatibility

  • No intentional public API changes.
  • No intentional avatar visual fingerprint changes.
  • The default SHA-512 mode and optional BLAKE3/XXH3 feature model are
    unchanged.
  • WebP remains the default raster encoder; PNG, JPEG, and GIF remain opt-in.

Security Hardening

  • Moved identity, cache-key, and optional XXH3 chunk preimages into
    sanitization::SecretVec before sensitive bytes are written. Full allocation
    capacity is now cleared by RAII on normal return and unwinding, and secure
    growth clears an old allocation before replacement.
  • Replaced production preimage capacity assertions with debug-only correctness
    checks; cleanup no longer depends on those assertions executing.
  • Removed attacker-sized lowercase-copy allocations from all seven public enum
    parsers while preserving case-insensitive aliases.
  • Expanded the panic-policy scanner from only src/lib.rs to every production
    Rust module, excluding only dedicated tests and Kani proofs.
  • Documented that deterministic cache keys permit offline enumeration of
    low-entropy identifiers, with a keyed BLAKE3 pseudonymization example for
    sensitive service boundaries.
  • Added focused regression tests for RAII preimage guards, allocation-free
    parser implementation, case-insensitive parser behavior, and whole-source
    panic-policy coverage.

Verification

  • Passed all-format compatibility checks on Rust 1.90.0, 1.91.0,
    1.92.0, 1.93.0, 1.94.0, 1.95.0, 1.96.0, 1.96.1, and 1.97.0.
  • Passed the stable release gate: formatting, metadata, dependency boundary,
    unsafe and panic policies, clippy, unit tests, doctests, MSRV feature checks,
    documentation, cargo-deny, RustSec audit, fuzz harness compilation, four
    bounded Kani proofs, reproducible packaging, SBOM generation, and crates.io
    publish dry run.
  • Confirmed both the root and fuzz direct dependency sets are current with
    cargo outdated.

Hashavatar 1.1.1

Choose a tag to compare

@eldryoth eldryoth released this 04 Jul 16:33
Immutable release. Only release title and notes can be modified.
v1.1.1
a02824e

hashavatar 1.1.1

1.1.1 is a maintenance release for hashavatar focused on dependency and CI
pin freshness. It does not intentionally change avatar rendering behavior or
the public API.

Dependency Updates

  • Updated rand from 0.10.1 to 0.10.2.
  • Updated optional xxhash-rust from 0.8.15 to 0.8.16.
  • Refreshed compatible transitive dependencies in the root lockfile:
    • arrayvec 0.7.7 to 0.7.8
    • chacha20 0.10.0 to 0.10.1
    • hybrid-array 0.4.12 to 0.4.13
  • Refreshed compatible transitive dependencies in the fuzz lockfile:
    • chacha20 0.10.0 to 0.10.1
    • hybrid-array 0.4.12 to 0.4.13

CI

  • Updated pinned taiki-e/install-action from v2.82.7 to v2.82.8.
  • Confirmed actions/checkout remains current at v7.0.0.
  • Confirmed Swatinem/rust-cache remains current at v2.9.1.

Documentation

  • Updated README installation snippets and release metadata for 1.1.1.
  • Updated latest-stable Rust wording to Rust 1.96.1.
  • Added local cargo check --features all-formats compatibility evidence for
    Rust 1.96.1.
  • Documented the split between the Rust 1.96.1 development toolchain and the
    Rust 1.90.0 MSRV.

Toolchain

  • Switched rust-toolchain.toml from Rust 1.90.0 to Rust 1.96.1.
  • Kept Cargo.toml rust-version = "1.90" as the public MSRV.
  • Added project checks that run focused compatibility coverage on Rust 1.90.0
    in addition to the normal development-toolchain checks.

Verification

  • Added bounded Kani proof harnesses for pure invariants that matter to this
    crate: avatar spec bounds, render-resource memory math, and rectangle
    arithmetic.
  • Added scripts/check_kani.sh, pinned by default to the Rust
    1.90.0-x86_64-unknown-linux-gnu verifier toolchain when Kani is installed.
  • Added docs/KANI.md documenting that these harnesses are scoped bounded
    evidence, not a whole-crate formal-verification claim.
  • Added the Kani check to the stable release gate. Missing or incompatible Kani
    is reported as an explicit verifier skip, not as a completed proof.

Compatibility

  • No intentional public API changes.
  • No intentional avatar visual fingerprint changes.

Hashavatar 1.1.0

Choose a tag to compare

@eldryoth eldryoth released this 24 Jun 13:07
Immutable release. Only release title and notes can be modified.
v1.1.0
3c0198c

hashavatar 1.1.0

1.1.0 is a minor release for hashavatar focused on dependency,
sanitization, tooling, source layout, and documentation freshness.

Dependency Updates

  • Replaced direct zeroize usage with the native sanitization crate API.
  • Added sanitization 1.2.2 with alloc support.
  • Added sanitization-crypto-interop 1.2.2 so SHA-512 and optional BLAKE3
    hashing use the crypto crates' own hasher-state cleanup hooks through the
    sanitization sister crate.
  • Removed direct zeroize dependency usage and the sha2/blake3 zeroize
    feature hooks.
  • Updated the fuzz harness libfuzzer-sys dependency to 0.4.13.
  • Refreshed Cargo lockfiles with the latest compatible crate versions.

Sanitization

  • Fixed-size digest and renderer seed copies now use sanitization::Secret.
  • SHA-512 identity hashing and cache-key hashing now route through the
    sanitization-crypto-interop SHA-512 helper.
  • The crate's direct sha2 dependency is now dev-only; production SHA-512
    hashing reaches sha2 through sanitization-crypto-interop.
  • Removed a redundant SHA-512 digest Secret wrapper now that the interop
    helper owns hasher-state cleanup and the caller already guards the returned
    digest.
  • Optional BLAKE3 XOF output now uses the sanitization-crypto-interop fill
    helper with a sanitization::Secret output buffer.
  • Optional XXH3 digest accumulation now uses a sanitization::Secret guard for
    the 64-byte accumulator.
  • Hash-preimage capacity checks now use release-mode assertions, so future
    size-accounting drift cannot silently bypass temporary buffer cleanup.
  • Optional XXH3 chunk capacity and length checks are collapsed into one
    release assertion per chunk.
  • Hash preimage vectors, encoded-output buffers, temporary JPEG RGB buffers,
    and owned RGBA buffers are cleared through sanitization volatile clearing
    helpers.
  • Security controls now document the sanitization-crypto-interop cleanup
    boundary for SHA-512 and optional BLAKE3.
  • cargo-deny now denies duplicate crate versions instead of only warning.

CI

  • Updated pinned GitHub Actions:
    • actions/checkout to v7.0.0
    • taiki-e/install-action to v2.82.3
  • Confirmed Swatinem/rust-cache remains current at v2.9.1.

Documentation

  • Updated README installation snippets and compatibility wording to 1.1.0.
  • Updated the changelog for the 1.1.0 release.
  • Split the former monolithic src/lib.rs into focused source files, including
    per-avatar raster and SVG renderer files, without changing the public API.
  • Clarified that preimage-capacity assertions are active in all builds as an
    intentional fail-secure sanitization guard.
  • Made starry-background seed rotation precedence explicit without changing the
    generated visuals.
  • Hardened internal gradient color interpolation against future oversized
    max_position callers.
  • Added consistent identity() accessors to hashed dog and robot renderer
    structs, matching the existing hashed cat renderer.

Compatibility

  • No intentional avatar visual fingerprint changes.
  • No public API removals.

Hashavatar 1.0.3

Choose a tag to compare

@eldryoth eldryoth released this 09 Jun 21:23
Immutable release. Only release title and notes can be modified.
v1.0.3
4f423a6

hashavatar 1.0.3

1.0.3 is a security-hardening and CI maintenance release for hashavatar.

Security And Hardening

  • Encoded output is now accumulated in a Zeroizing<Vec<u8>> until successful
    return. If an encoder returns an error after writing partial bytes, those
    partially encoded bytes are scrubbed before being dropped.
  • Identity, cache-key, and XXH3 chunk preimage builders now assert exact
    capacity in debug/test builds. This catches future component-size drift that
    would otherwise allow reallocations before zeroization.
  • AvatarBuilder debug output now redacts namespace tenant and style-version
    values, not only the raw identity input.
  • Security controls now document the accepted 1.x visual-stability tradeoff
    that some established renderers use selected upper digest bytes directly for
    visible geometry.

CI

  • Updated pinned GitHub Actions:
    • actions/checkout to v6.0.3
    • Swatinem/rust-cache to v2.9.1
    • taiki-e/install-action to v2.81.8

Compatibility

  • No intentional avatar visual fingerprint changes.
  • No public API removals.
  • No dependency version changes.

Hashavatar 1.0.2

Choose a tag to compare

@eldryoth eldryoth released this 31 May 09:39
Immutable release. Only release title and notes can be modified.
v1.0.2
49649b5

hashavatar 1.0.2

1.0.2 is an additive ergonomics and documentation release for hashavatar.

Added

  • AvatarBuilder as a fluent high-level API for common SVG, raster, encoded
    output, and cache-key workflows.
  • AvatarError as a unified high-level error type for builder-based code.
  • AvatarIdentity::cache_key() and AvatarBuilder::cache_key() for stable
    opaque cache identifiers without exposing the raw identity digest.
  • hashavatar::prelude with the common application-facing types.
  • Optional serde feature for public style enums. AvatarIdentity remains
    intentionally non-serializable.
  • AvatarStyleOptions::summary() and Display for human-readable UI/log
    labels.
  • Runnable examples for builder-based SVG rendering and cache-key derivation.

Security And Compatibility

  • The builder stores validation failures and returns them as Result values;
    invalid dimensions or namespace components do not panic.
  • AvatarBuilder uses a redacted Debug implementation so accidental builder
    logging does not print the raw identity input.
  • Cache keys are derived by hashing the internal digest under a separate
    cache-key domain. They are display-safe and opaque, but still correlate equal
    identities.
  • Serde support is limited to public style enums. The identity digest type does
    not implement Serialize or Deserialize.
  • No avatar visual fingerprints were intentionally changed.

Documentation

  • Documented the AvatarSpec::new(width, height, seed) seed as a deterministic
    style variant, not a replacement for identity hashing.
  • Updated README installation examples, builder guidance, cache-key guidance,
    dependency policy, security controls, and API summary for 1.0.2.

Verification

  • Full release gate passed.
  • Serde feature path passed.
  • Package publish dry-run passed.

Hashavatar 1.0.1

Choose a tag to compare

@eldryoth eldryoth released this 29 May 21:43
Immutable release. Only release title and notes can be modified.
v1.0.1
86cd28a

hashavatar 1.0.1

1.0.1 is a maintenance and documentation release for hashavatar.

Changed

  • Refreshed compatible transitive dependencies in Cargo.lock and
    fuzz/Cargo.lock.
  • Updated the GitHub CI taiki-e/install-action pin to v2.79.14.
  • Lowered the manifest and toolchain MSRV to Rust 1.90.0 after validating the
    release gate and compatibility matrix.
  • Added a polished README header with the project image, documentation links,
    and Rust version support table.
  • Kept the README image in the repository while excluding .github/images/**
    from the published crate package.

Security And Hardening

  • Added a debug assertion for out-of-range internal identity digest byte access
    so future renderer mistakes fail in debug/test builds while release builds
    remain non-panicking.
  • Changed AvatarSpec::pixel_count() and AvatarSpec::rgba_buffer_len() to
    use saturating multiplication as defense-in-depth for future dimension-limit
    changes.
  • Clarified that the transient by-value seed argument passed to
    StdRng::from_seed is part of the documented zeroization residual.

Compatibility Evidence

  • Rust 1.90.0: full release gate.
  • Rust 1.91.0 through 1.96.0: cargo check --features all-formats.
  • Rust 1.90.0: additional checks for blake3 all-formats and
    xxh3 all-formats.

Hashavatar 1.0.0

Choose a tag to compare

@eldryoth eldryoth released this 19 May 19:00
Immutable release. Only release title and notes can be modified.
v1.0.0
e11dca9

hashavatar 1.0.0

1.0.0 is the first stable release of hashavatar.

This release does not add new avatar families, backgrounds, visual layers,
hash modes, output formats, or runtime dependencies. It freezes the public API
shape and documents the rendering stability contract built through the 0.x
series.

Stable Contract

  • Public Rust API changes now follow Cargo semver expectations.
  • Explicit rendering output is intended to remain stable within the 1.x
    series for the same active identity hash mode, namespace, identity, avatar
    options, dimensions, and seed, except for documented correctness or security
    fixes.
  • Automatic style rendering remains deterministic, but future minor releases
    may change automatic distribution when public enum ALL lists gain new
    variants.
  • Services that need deliberate visual rollouts should use
    AvatarNamespace::new(tenant, style_version) and bump style_version only
    when they are ready for a new visual distribution.

Documentation

  • Added docs/STABILITY.md with the stable API, rendering, security/resource,
    and residual-risk policies.
  • Updated README guidance for the 1.0 stable contract.
  • Added the stability policy to release metadata validation so it remains part
    of the published crate package.

Security Posture

  • The crate remains a pure library crate with no HTTP server, CLI, filesystem
    writing API, async runtime, or network dependency.
  • Public dimensions, identity inputs, and namespace components remain bounded.
  • Public render APIs return typed errors for invalid inputs instead of
    panicking.
  • AvatarIdentityError keeps the rejected length available through structured
    accessors, but its display text no longer prints the exact rejected byte
    count.
  • Temporary renderer seed and intermediate identity digest copies are guarded
    with zeroize::Zeroizing before their final required by-value copies.
  • Starry raster backgrounds incorporate identity digest bytes in their
    deterministic local star-position generator.
  • Internal identity digest byte access is defensive against future
    out-of-range renderer mistakes, and the avatar fuzz harness now samples the
    full supported dimension range.
  • The default build remains SHA-512 identity hashing plus WebP encoding.
  • Optional BLAKE3, XXH3-128, PNG, JPEG, and GIF support remain explicit Cargo
    features.

Compatibility Notes

  • No visual variants were added in this release.
  • No intentional golden fingerprint changes were made for 1.0.0.
  • The known residuals documented in docs/STABILITY.md and
    docs/SECURITY_CONTROLS.md still apply: family-specific geometry uses some
    floating-point arithmetic, rendering is not constant-time, and service-level
    concurrency/rate limiting belongs in callers such as hashavatar-api.

base64-ng 0.13.0

Choose a tag to compare

@eldryoth eldryoth released this 18 May 12:16
Immutable release. Only release title and notes can be modified.
v0.13.0
38e92ca

hashavatar 0.13.0

0.13.0 expands the background catalog and applies targeted determinism
hardening without adding new avatar families.

Added

  • Added seven AvatarBackground values:
    • polka-dot
    • striped
    • checkerboard
    • grid
    • sunrise
    • ocean
    • starry
  • Implemented each new background in raster and SVG output.
  • Added tests that prove the new raster backgrounds are distinct and that the
    new SVG backgrounds remain well-formed XML.

Changed

  • Raster frame-shape hit-testing now uses integer arithmetic for circle,
    squircle, hexagon, and octagon masks. This reduces one source of
    platform-specific floating-point rounding in clipped output.
  • Automatic style derivation can now map some identities to different
    backgrounds because AvatarBackground::ALL contains more variants. Services
    that need old automatic output should keep their existing namespace
    style_version until they intentionally migrate.
  • Documentation now avoids cargo test --all-features guidance because
    blake3 and xxh3 are intentionally mutually exclusive crate-wide identity
    hash modes.
  • README fuzz wording now reflects default WebP coverage and feature-gated
    encoder paths instead of describing PNG as always available.

Compatibility Notes

  • Explicit AvatarOptions and AvatarStyleOptions selections remain
    deterministic for the selected kind, background, dimensions, seed, namespace,
    crate identity hash mode, and identity.
  • The new background variants are public API and therefore affect automatic
    background distribution.
  • No new avatar families were added in this release.

Hashavatar 0.12.0

Choose a tag to compare

@eldryoth eldryoth released this 18 May 09:53
Immutable release. Only release title and notes can be modified.
v0.12.0
6305106

hashavatar 0.12.0

0.12.0 expands the built-in avatar catalog while keeping hashavatar as a
single, asset-free image-generation crate.

Added

  • Added raster and SVG renderers for eight new AvatarKind values:
    • bear
    • penguin
    • dragon
    • ninja
    • astronaut
    • diamond
    • coffee-cup
    • shield
  • Added face-layer anchors for the new face families: bear, penguin,
    dragon, ninja, and astronaut.
  • Added golden visual fingerprints for every new family.
  • Updated README option catalogs and examples for the expanded family list.

Compatibility Notes

  • Explicit AvatarOptions selections remain deterministic for the selected
    kind, background, dimensions, seed, namespace, crate identity hash mode, and
    identity.
  • Automatic style derivation uses AvatarKind::ALL, so adding new family
    variants changes the automatic family distribution. Services that need old
    automatic output should keep their existing namespace style_version until
    they intentionally migrate.
  • AvatarIdentity::seed() and AvatarIdentity::as_digest() are removed from
    the public API, and the internal 256-bit RNG seed helper is private.
    Rendering callers should not handle raw identity digest bytes.
  • docs/SECURITY_CONTROLS.md now states that identity preimage allocation does
    not hide input length at the allocator level. High-assurance callers should
    pad or normalize sensitive identifiers before passing them to the crate.
  • AvatarSpec::default() is documented and tested as a fixed deterministic
    256x256 seed-1 convenience spec, not as a random or production policy
    default.
  • SVG rendering no longer uses ad-hoc String::replace minification. The test
    suite and fuzz harness now parse generated SVG with roxmltree to verify
    XML well-formedness across families, layers, and representative identities.
  • AvatarRenderResourceBudget and AvatarSpec::render_resource_budget(...)
    make raw RGBA memory estimates explicit for service-level render concurrency
    limits without adding an async runtime or semaphore dependency to the crate.
  • Polygon scanline interpolation now widens coordinate deltas before rounding,
    and the fuzz harness includes a dedicated polygon rasterizer target for
    degenerate, negative-coordinate, and extreme-point inputs.
  • Runtime identity hash algorithm selection has been removed. The crate uses
    SHA-512 by default, BLAKE3 when built with blake3, and XXH3-128 when built
    with xxh3. The blake3 and xxh3 features are mutually exclusive, and
    XXH3-128 remains documented as non-cryptographic and unsuitable for
    adversarial, user-controlled, or sensitive identifiers.
  • AvatarIdentity debug formatting is now redacted, preventing accidental
    {:?} logging from exposing the raw 64-byte identity digest.
  • AvatarIdentity rustdoc and security controls now state that clones are
    zeroized independently on drop, and that high-assurance callers should keep
    clone lifetimes short to avoid unnecessary live digest copies.
  • SHA-512 is built with upstream zeroize support so its block buffer uses
    ZeroizeOnDrop. BLAKE3 is built with upstream zeroize support, and the
    BLAKE3 hasher plus XOF reader are explicitly zeroized after digest
    derivation.
  • Digest-derived renderer RNG seed copies are now wrapped in
    zeroize::Zeroizing, so the temporary mixed seed is scrubbed immediately
    after RNG initialization. The security controls also document StdRng's
    non-zeroized expanded internal state as a known residual.
  • Owned RGBA encode buffers and JPEG RGB flattening buffers now use RAII
    zeroization guards, so temporary pixel data is scrubbed during normal
    returns, encoder errors, and unwinding panics.
  • Polygon rasterization now returns immediately for zero-width or zero-height
    images, keeping the fuzz-only polygon harness from reporting artificial
    zero-sized-image crashes.
  • PNG, JPEG, and GIF output are now behind explicit png, jpeg, and gif
    Cargo features, leaving WebP as the only default raster encoder. The
    AvatarOutputFormat::Gif rustdoc and security controls call out that the
    image crate's internal GIF quantization buffers are not zeroized by
    hashavatar, so high-assurance deployments should prefer WebP or PNG.
  • Rectangle intersection size calculation now uses saturating arithmetic for
    extreme internal coordinate ranges.
  • The hidden fuzzing feature now has a compile-time guard that rejects
    ordinary non-fuzzing release builds, reducing the chance that internal fuzz
    harness entry points are accidentally exposed in production.
  • diamond, coffee-cup, and shield are object/symbol families. They do
    not have face anchors, so accessories and expressions are deterministic
    no-ops for those families. Accent palettes and frame shapes still apply.

Deferred

  • Pattern, gradient, and environment backgrounds were not admitted in this
    release. They need their own bounded raster/SVG texture path and visual
    contrast review before becoming public API.

Hashavatar 0.11.0

Choose a tag to compare

@eldryoth eldryoth released this 17 May 18:45
Immutable release. Only release title and notes can be modified.
v0.11.0
1181d25

hashavatar 0.11.0

0.11.0 polishes the visual layer model introduced in 0.10.0.

Changes

  • Added explicit AvatarKind::supports_face_layers() support metadata.
  • Documented that non-face families accept accessory/expression options but
    skip those layers deterministically.
  • Updated SVG frame shapes so non-square shapes use clip paths, matching the
    raster renderer's transparent outside-frame masking behavior.
  • Fixed malformed Paws-family SVG output where one toe-pad ellipse emitted a
    color value in the ry radius attribute instead of a numeric radius.
  • Lowered glasses placement slightly for dog, robot, monster, ghost, wizard,
    and knight families.
  • Tuned eyepatch, horns, bowtie, crown, hat, and headphones placement for
    families where those overlays were visibly off-center.
  • Refreshed README guidance for the full layer model, single-accessory
    behavior, supported face-layer families, endpoint query mapping, and style
    recipes.
  • Added tests for supported face-layer families, unsupported fallback families,
    SVG frame clipping, and SVG radius-attribute integrity.

Compatibility

Baseline AvatarOptions rendering is unchanged. Styled SVG output for
non-square frame shapes now clips content to the selected frame shape; this is
an intentional visual polish change for style-aware SVG callers.