docs: add releases nav and aube lock

[jdx]

Summary

• add a Releases link to the docs nav
• switch docs and CI JS installs from bun to aube via mise
• replace bun.lock with aube-lock.yaml, add docs/aube-lock.yaml, and ignore .aube/

Validation

• git diff --check
• mise run docs:build

---

Note

Medium Risk
Moderate risk because it changes the CI/autofix dependency installation command and replaces the JS lockfile, which could break builds if aube or lock resolution differs from bun. Product/runtime code is otherwise unaffected aside from a small docs nav change.

Overview
Switches CI and autofix workflows from running bun i to mise x -- aube install for JavaScript dependency installation.

Replaces bun.lock with a new aube-lock.yaml (and ignores the .aube/ directory), and adds a docs-only navigation link to GitHub Releases in docs/.vitepress/config.mts.

^{Reviewed by Cursor Bugbot for commit 0ec9137. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

This PR migrates the project's JS dependency management from bun to aube (a pnpm-compatible tool managed via mise), replacing bun.lock with aube-lock.yaml lockfiles and updating all CI, autofix, hook, and task runner references accordingly. It also adds a Releases link to the VitePress docs nav.

• The new aube-lock.yaml at the repo root matches the *.yaml prettier glob defined in hk.pkl, but .prettierignore has not been updated to exclude it — the pre-commit hook will run Prettier over the lockfile on any commit that stages it.

Confidence Score: 4/5

Safe to merge after adding lockfiles to .prettierignore to prevent the pre-commit hook from corrupting them.

One P1 finding: the new aube-lock.yaml files are not excluded from the Prettier pre-commit hook, which could reformat and corrupt them on the next relevant commit. All other changes are straightforward toolchain swaps with no logic impact.

.prettierignore — needs entries for aube-lock.yaml and docs/aube-lock.yaml.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Replaces all four mise x -- bun i install steps with mise x -- aube install; no other logic changes.
.github/workflows/autofix.yml	Switches install command from mise x -- bun i to mise x -- aube install; straightforward one-line change.
docs/.vitepress/config.mts	Adds a Releases nav entry pointing to the GitHub releases page; no logic changes.
.prettierignore	Not updated to exclude the new aube-lock.yaml files; the *.yaml glob in the Prettier hook will pick them up on commit.
mise.toml	Adds aube = "latest" to managed tools; bun is no longer listed.
hk.pkl	ESLint step prefix updated to aube run, consistent with the toolchain switch.
aube-lock.yaml	New pnpm-v9-format lockfile for root workspace dependencies, replacing bun.lock.
docs/aube-lock.yaml	Separate lockfile used when aube install is run from within the docs/ directory via mise task.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Developer commits] --> B{Staged files match *.yaml glob?}
    B -- Yes --> C[hk.pkl prettier step runs]
    B -- No --> G[Skip prettier]
    C --> D{aube-lock.yaml in .prettierignore?}
    D -- No current --> E[Prettier reformats aube-lock.yaml]
    D -- Yes fix --> F[Lockfile skipped]
    E --> H[Potentially corrupted lockfile committed]
    F --> I[Lockfile unchanged]

Loading

Comments Outside Diff (1)

1. .prettierignore, line 4 (link)

   Lockfile exposed to Prettier reformatting

   The root aube-lock.yaml matches the *.yaml glob used by the Prettier step in hk.pkl. On any commit that stages aube-lock.yaml, the pre-commit hook will run Prettier over it, which may alter formatting and produce a lockfile that aube rejects (or silently differ from what aube generates). Adding both lockfiles to .prettierignore prevents this.

   

_{Reviews (4): Last reviewed commit: "docs: match workspace importer to manife..." | Re-trigger Greptile}

[gemini-code-assist]

Code Review

This pull request migrates the project's dependency management from Bun to Aube, which includes introducing new lockfiles, updating task definitions, and adjusting tool configurations. It also adds a 'Releases' link to the documentation site. The review feedback highlights that the updated package.json manifest files were omitted from the PR; these files are necessary to maintain consistency with the new lockfiles and ensure proper dependency resolution across environments.

[gemini-code-assist]

The PR introduces aube-lock.yaml and docs/aube-lock.yaml but omits the corresponding package.json manifest files. Since the lockfiles show significant changes in the direct dependency lists (e.g., the addition of acorn in the root and numerous packages in docs), the manifests must have been modified. Please include the updated package.json files to ensure consistency and allow for proper dependency resolution by other developers and CI environments.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 0ec9137. Configure here.}

[cursor]

Lockfile lists phantom acorn root dependency not in package.json

Low Severity

The aube-lock.yaml importers section for the root workspace lists acorn as a direct dependency with specifier ^6.0.0 || ^7.0.0 || ^8.0.0, but the root package.json only declares eslint and typescript as dependencies. That specifier matches the acorn-jsx peer dependency on acorn, suggesting the lockfile generator incorrectly promoted a transitive peer dependency to a direct root dependency. This creates a mismatch between package.json and the lockfile that could cause confusion or unexpected behavior if the lockfile is used to audit or reproduce dependencies.

 

^{Reviewed by Cursor Bugbot for commit 0ec9137. Configure here.}