release: prepare git-cas v6.2.0#67
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 5 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR documents the v6.2.0 application storage and lifecycle APIs, updates release and upgrade materials, records release-candidate verification, synchronizes package metadata, and adds tests for version and packaged documentation consistency. ChangesApplication storage release
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
Comment |
Self-ReviewVerdict: clean for release-candidate merge. No correctness, compatibility, packaging, or truthfulness finding remains open. Scope and semverThis PR changes release metadata, tests, and documentation; the feature implementations were merged in PRs #61 through #66 and their exact merge provenance is recorded. Graft found no source export removal or source signature change. Its only breaking heuristic was the Version and package coherencenpm metadata, JSR metadata, and the runtime version export all report 6.2.0. A cross-runtime unit test pins both metadata relationships and the CLI output. The npm package must contain all versioned public release documents, and the tests dry-run the actual package, reject missing release files, and verify local links across packaged Markdown. Release truthThe repository says release candidate, not published release. It names npm and GitHub Release as pending and distinguishes healthy JSR validation from absent JSR publication. The local candidate witness records 13/13 release verification with 6,124 tests and keeps tag, npm provenance, and GitHub Release as mandatory post-merge gates. Issue #60 therefore remains open. Residual riskThe external npm artifact and GitHub Release do not exist yet. That is expected and cannot be proven by this PR; the tag workflow is the next gated operation after merge. |
Code Lawyer ReviewVerdict: no blocking ambiguity or unsupported guarantee remains. CL-001: An opaque handle could be mistaken for durable storageThe release contract explicitly separates content identity from reachability. Staging creates no root; callers must choose retention, cache, replay-window, publication, or Vault policy, and successful retaining operations return generation-scoped evidence. CL-002: A release candidate could falsely claim external publicationBoth the status ledger and witness state that no v6.2.0 tag, npm artifact, or GitHub Release is claimed yet. The publication checklist remains open and #60 is not closed by this PR. CL-003: Distribution surfaces could silently ship different versionsnpm, JSR, and runtime versions are pinned to one value by executable tests. The earlier stale runtime and JSR values are recorded rather than hidden, and the authoritative verification was rerun after both repairs. CL-004: Public release notes could be linked but absent from npmThe package allowlist includes the v6.2.0 note, and package tests inspect the real npm dry-run output plus relative links in every packaged public Markdown file. CL-005: Healthy JSR validation could be read as a promise to publish JSRThe release posture says exactly the opposite: JSR dry-run is healthy, but JSR publication is outside this workflow. The workflow has npm publication and GitHub Release jobs only. CL-006: A tag could publish a package with a different versionThe release workflow checks out the release ref, requires a vX.Y.Z tag, compares it to CL-007: API-additive language could hide a required stored-data migrationThe release note keeps existing manifests, RootSets, Vaults, refs, and low-level tree callers compatible and distinguishes adoption of formerly unrooted application objects from a git-cas format migration. |
CI TriageThe first Docker matrix attempt did not reach repository build or test execution. Docker Hub returned This is external registry failure, not evidence against the release diff. The same runtime integration suites passed in the complete local release verifier. I am rerunning the failed jobs without changing source or workflow; merge remains blocked until the rerun is green. |
Review FixAccepted the release-witness clarity finding. The three runnable examples are now three explicit table rows, so the evidence table visibly contains all 13 verifier steps instead of compressing three steps into one row. Validation on the review-fix commit:
No review thread was created for the expanded CodeRabbit note, so there is no thread to resolve manually. The follow-up commit is |
Merge GateCurrent head:
The explicit rate-limit condition is an allowed merge gate for this campaign. The PR is mergeable; the remaining blocked status is the rate-limited CodeRabbit context, not an unresolved code or review finding. Proceeding with the requested admin merge. |
Linked Issue
Refs #60
Contributes to #50
This PR prepares the reviewed v6.2.0 release candidate. It intentionally does not close #60: the issue remains open until the immutable tag workflow publishes npm provenance and the final GitHub Release.
Design / Proof
Validation
pnpm run release:verify: 13/13 steps passed, 6,124 observed tests across Node, Bun, Deno, and real-Git integration suites.pnpm run lint: passed.npm pack --dry-run: passed and includesdocs/releases/v6.2.0.md.npx jsr publish --dry-run --allow-dirty: simulated@git-stunts/git-cas@6.2.0.Release Impact
@git-stunts/plumbing@^3.1.0.v6.2.0exists.@git-stunts/git-cas@6.2.0.v6.2.0exists.The unchecked publication items are post-merge gates and remain tracked by #60.