Skip to content

release: prepare git-cas v6.2.0#67

Merged
flyingrobots merged 2 commits into
mainfrom
release/v6.2.0
Jul 13, 2026
Merged

release: prepare git-cas v6.2.0#67
flyingrobots merged 2 commits into
mainfrom
release/v6.2.0

Conversation

@flyingrobots

Copy link
Copy Markdown
Member

Linked Issue

Refs #60
Contributes to #50

This PR prepares the reviewed v6.2.0 release candidate. It intentionally does not close #60: the issue remains open until the immutable tag workflow publishes npm provenance and the final GitHub Release.

Design / Proof

Validation

  • pnpm run release:verify: 13/13 steps passed, 6,124 observed tests across Node, Bun, Deno, and real-Git integration suites.
  • Focused version/package/docs/planning/release truth: 36 tests passed.
  • pnpm run lint: passed.
  • Pre-push gate: lint plus 1,871 Node unit tests passed.
  • npm pack --dry-run: passed and includes docs/releases/v6.2.0.md.
  • npx jsr publish --dry-run --allow-dirty: simulated @git-stunts/git-cas@6.2.0.
  • Graft review: docs/config/tests only; no source export removal. Its package-files-array warning is the intentional additive release-note inclusion.

Release Impact

  • npm, JSR, and runtime package versions agree on 6.2.0.
  • CHANGELOG, README, architecture, upgrade guide, release notes, and package contents reflect v6.2.0.
  • The release is API-additive and requires no stored-data migration.
  • The minimum plumbing dependency is @git-stunts/plumbing@^3.1.0.
  • Tag v6.2.0 exists.
  • npm reports @git-stunts/git-cas@6.2.0.
  • GitHub Release v6.2.0 exists.

The unchecked publication items are post-merge gates and remain tracked by #60.

@flyingrobots flyingrobots added this to the v6.2.0 milestone Jul 13, 2026
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 5 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 715ecce3-60ba-44f2-a153-4289bccc7dd6

📥 Commits

Reviewing files that changed from the base of the PR and between f0d30a1 and c8f39d3.

📒 Files selected for processing (1)
  • docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md
📝 Walkthrough

Walkthrough

This PR documents the v6.2.0 application storage and lifecycle APIs, updates release and upgrade materials, records release-candidate verification, synchronizes package metadata, and adds tests for version and packaged documentation consistency.

Changes

Application storage release

Layer / File(s) Summary
Architecture and lifecycle contracts
ARCHITECTURE.md
Documents application handles, lifecycle services, repository inspection, facade capabilities, and non-mutating diagnostics.
Release guidance and evidence
docs/releases/v6.2.0.md, UPGRADING.md, README.md, CHANGELOG.md, STATUS.md, docs/design/...
Adds v6.2.0 release and migration guidance, updates release references and status, and records API-0047 evidence.
Package metadata and documentation validation
package.json, jsr.json, src/package-version.js, test/unit/...
Synchronizes versions, packages the new release notes, and verifies metadata and documentation consistency.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related issues

Possibly related PRs

  • git-stunts/git-cas#61 — Defines the CacheSet, ExpiringSet, handle, and vocabulary requirements reflected in this release documentation.
  • git-stunts/git-cas#62 — Introduces the asset, retention, and publication lifecycle foundation documented and exposed by this release.

Poem

I’m a rabbit with handles, hopping through trees,
Retaining bright roots wherever I please.
Cache sets stay tidy, old markers expire,
Doctor checks Git without touching the wire.
Six-point-two blooms with a release-note cheer!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Linked Issues check ⚠️ Warning PR prepares v6.2.0, but #60 requires the actual npm/GitHub publication and tag workflow, which are still unchecked. Complete the v6.2.0 tag, npm provenance, and GitHub Release publication, and confirm npm reports @git-stunts/git-cas@6.2.0.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and clearly reflects the main change: preparing the git-cas v6.2.0 release.
Description check ✅ Passed The description follows the template sections and includes linked issue, design/proof, validation, and release impact details.
Out of Scope Changes check ✅ Passed The changes stay focused on the v6.2.0 release docs, versioning, tests, and proofs, with no clear unrelated additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

Comment @coderabbitai help to get the list of available commands.

@flyingrobots

Copy link
Copy Markdown
Member Author

Self-Review

Verdict: clean for release-candidate merge. No correctness, compatibility, packaging, or truthfulness finding remains open.

Scope and semver

This PR changes release metadata, tests, and documentation; the feature implementations were merged in PRs #61 through #66 and their exact merge provenance is recorded. Graft found no source export removal or source signature change. Its only breaking heuristic was the package.json files array growing from 29 to 30 entries; the added entry is the v6.2.0 release note, so this is additive package content with zero impacted references.
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#24-33@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: package.json#15-45@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

Version and package coherence

npm metadata, JSR metadata, and the runtime version export all report 6.2.0. A cross-runtime unit test pins both metadata relationships and the CLI output.
[cite: package.json#1-3@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: jsr.json#1-7@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: src/package-version.js#1@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: test/unit/cli/version.test.js#21-43@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

The npm package must contain all versioned public release documents, and the tests dry-run the actual package, reject missing release files, and verify local links across packaged Markdown.
[cite: test/unit/docs/package-docs.test.js#115-150@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

Release truth

The repository says release candidate, not published release. It names npm and GitHub Release as pending and distinguishes healthy JSR validation from absent JSR publication.
[cite: STATUS.md#3-5@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: STATUS.md#21-24@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

The local candidate witness records 13/13 release verification with 6,124 tests and keeps tag, npm provenance, and GitHub Release as mandatory post-merge gates. Issue #60 therefore remains open.
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#35-63@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#65-78@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

Residual risk

The external npm artifact and GitHub Release do not exist yet. That is expected and cannot be proven by this PR; the tag workflow is the next gated operation after merge.

@flyingrobots

Copy link
Copy Markdown
Member Author

Code Lawyer Review

Verdict: no blocking ambiguity or unsupported guarantee remains.

CL-001: An opaque handle could be mistaken for durable storage

The release contract explicitly separates content identity from reachability. Staging creates no root; callers must choose retention, cache, replay-window, publication, or Vault policy, and successful retaining operations return generation-scoped evidence.
[cite: docs/releases/v6.2.0.md#8-26@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-002: A release candidate could falsely claim external publication

Both the status ledger and witness state that no v6.2.0 tag, npm artifact, or GitHub Release is claimed yet. The publication checklist remains open and #60 is not closed by this PR.
[cite: STATUS.md#3-5@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#7-11@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#65-78@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-003: Distribution surfaces could silently ship different versions

npm, JSR, and runtime versions are pinned to one value by executable tests. The earlier stale runtime and JSR values are recorded rather than hidden, and the authoritative verification was rerun after both repairs.
[cite: test/unit/cli/version.test.js#8-28@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#59-63@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-004: Public release notes could be linked but absent from npm

The package allowlist includes the v6.2.0 note, and package tests inspect the real npm dry-run output plus relative links in every packaged public Markdown file.
[cite: package.json#15-45@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: test/unit/docs/package-docs.test.js#115-150@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-005: Healthy JSR validation could be read as a promise to publish JSR

The release posture says exactly the opposite: JSR dry-run is healthy, but JSR publication is outside this workflow. The workflow has npm publication and GitHub Release jobs only.
[cite: STATUS.md#21-24@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: .github/workflows/release.yml#74-118@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-006: A tag could publish a package with a different version

The release workflow checks out the release ref, requires a vX.Y.Z tag, compares it to package.json, runs lint plus unit and all three integration runtimes, and only then permits trusted npm publication. GitHub Release creation depends on successful npm publication.
[cite: .github/workflows/release.yml#23-72@f0d30a1778773ed231b3907ad1818c86bd6d0d56]
[cite: .github/workflows/release.yml#74-118@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

CL-007: API-additive language could hide a required stored-data migration

The release note keeps existing manifests, RootSets, Vaults, refs, and low-level tree callers compatible and distinguishes adoption of formerly unrooted application objects from a git-cas format migration.
[cite: docs/releases/v6.2.0.md#99-109@f0d30a1778773ed231b3907ad1818c86bd6d0d56]

@flyingrobots

Copy link
Copy Markdown
Member Author

CI Triage

The first Docker matrix attempt did not reach repository build or test execution. Docker Hub returned 500 Internal Server Error while BuildKit resolved independent base images, including both oven/bun:1 and node:22; the Ubuntu stage was then canceled. Node, Bun, and Deno jobs failed at the same image-metadata boundary.

This is external registry failure, not evidence against the release diff. The same runtime integration suites passed in the complete local release verifier. I am rerunning the failed jobs without changing source or workflow; merge remains blocked until the rerun is green.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 13, 2026
@flyingrobots

Copy link
Copy Markdown
Member Author

Review Fix

Accepted the release-witness clarity finding. The three runnable examples are now three explicit table rows, so the evidence table visibly contains all 13 verifier steps instead of compressing three steps into one row.
[cite: docs/design/0047-application-storage-cache-boundary/witness/release-candidate.md#43-59@c8f39d3395112f976a6a0c1d51e5bd7dc4dce9e7]

Validation on the review-fix commit:

  • focused release truth, planning surfaces, and Markdown links: 26 tests passed;
  • pre-commit lint: passed;
  • pre-push lint plus all 1,871 Node unit tests: passed.

No review thread was created for the expanded CodeRabbit note, so there is no thread to resolve manually. The follow-up commit is c8f39d3395112f976a6a0c1d51e5bd7dc4dce9e7.

@flyingrobots

Copy link
Copy Markdown
Member Author

Merge Gate

Current head: c8f39d3395112f976a6a0c1d51e5bd7dc4dce9e7

  • CI lint: success
  • CI unit: success
  • CI Docker Node unit/integration: success
  • CI Docker Bun unit/integration: success
  • CI Docker Deno unit/integration: success
  • Thread-aware review query: zero review threads
  • Self-review: clean
  • Code Lawyer review: clean
  • CodeRabbit initial full review: approved after identifying one witness-table clarity issue
  • Review fix: committed separately, source-cited, and fully validated
  • CodeRabbit incremental review of the single documentation file: explicit temporary rate limit

The explicit rate-limit condition is an allowed merge gate for this campaign. The PR is mergeable; the remaining blocked status is the rate-limited CodeRabbit context, not an unresolved code or review finding. Proceeding with the requested admin merge.

@flyingrobots flyingrobots merged commit 432c5d9 into main Jul 13, 2026
5 of 6 checks passed
@flyingrobots flyingrobots deleted the release/v6.2.0 branch July 13, 2026 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Publish git-cas v6.2.0 CAS ownership APIs

1 participant