Release notes
Detailed notes on the features, improvements, and fixes shipped in each C5-DEC CAD release. For the full list of all changes see the changelog.
v1.3
March 2026Dependency content fingerprinting & impact analysis
Every Doorstop specification item that references one or more source files or artifacts
(via the references: field) now carries a
SHA‑256 content fingerprint stored directly in its YAML frontmatter.
The fingerprint is computed over the actual bytes of each referenced file, giving an
objective, tamper-evident snapshot of the dependency state at the time of the last
spec publish run.
When any of those files changes — a Python module is patched, an XML rules file is
updated, an architecture diagram is revised — the next run of the
c5fingerprint.py SpecEngine script detects the divergence and flags
the owning spec item as stale. This gives engineers an immediate, traceable
impact signal without manual cross-referencing: you know exactly which TCS test cases,
TRP test reports, MRS market requirements, SRS requirements, or ARC/SWD design items
are affected by a given change.
The feature is document-type agnostic — it works across MRS, SRS, ARC, SWD, TCS, TRP,
and any other Doorstop document in the spec tree that uses references:.
| Frontmatter field | Content |
|---|---|
references_content_fingerprint.combined |
16-char hex SHA-256 over all referenced file hashes (sorted). Changes when any file changes. |
references_content_fingerprint.files |
Dict of path → 16-char hash. Pinpoints which specific file changed. |
Files that cannot be resolved at the time of the run are recorded as
"missing" in the per-file dict and excluded from the combined hash, so a
missing dependency is surfaced without masking changes in the files that are present.
| Flag | Behaviour |
|---|---|
--dry-run |
Compute and report fingerprints; write nothing. Exit 0. |
--check |
Compute and report fingerprints; write nothing. Exit 1 if any stale items are found — suitable as a CI gate that blocks merges when unreviewed dependencies have changed. |
--verbose |
Print per-file hash details for each item alongside the stale/ok status. |
--specs-dir |
Override the root of the Doorstop specs tree (default: the docs/specs/ folder). |
--repo-root |
Override the repository root used to resolve reference paths (default: three levels above the script). |
On first run the script also automatically registers
references_content_fingerprint: {} as an attribute default in the
.doorstop.yml of every document whose items carry
references: fields, so no manual configuration is needed.
The script is integrated as the final step of publish.sh, running after all
keyword-substitution and Mermaid undo steps so that fingerprints are always computed
against the canonical source state.
v1.2
March 2026DocEngine CLI, CRA, SBOM, native cryptography, CPSSA package, and SpecEngine expansion
Major release adding the DocEngine CLI (c5dec docengine report|presentation),
the EU CRA compliance module (Annex I/V/VII), SBOM lifecycle management (Syft, CycloneDX,
SPDX), a native Python cryptography module (SHA-256, GnuPG, Shamir, NaCl Ed25519),
the CPSSA multi-subsystem package with Threagile / pytm / FAIR support, and five new
SpecEngine tools including c5graph.py, prune_bad_links.py,
c5mermaid.py, and doorstop_yml_to_md.py.
v1.1
May 2025Organize tool, custom workspace management, SSDLC enhancements
Added the organize-tool to the dev container, custom workspace management
via c5dec.sh session <workspace>, and an updated user manual covering
the new SSDLC workspace and AI-enabled design features.
v1.0
May 2025Stable release of C5-DEC CAD
First stable release including project creation (c5dec.sh new), DocEngine
templates, ETR evaluation spreadsheets, interactive session mode, OQS-OpenSSL PQC
container, and the C5-DEC project template with full Doorstop-backed specifications.