Skip to content

docs(release): record v0.3.2 publication evidence#53

Merged
lamemustafa merged 1 commit into
masterfrom
tapish-codex/pack-v0.3.2-publication-readiness
Jul 4, 2026
Merged

docs(release): record v0.3.2 publication evidence#53
lamemustafa merged 1 commit into
masterfrom
tapish-codex/pack-v0.3.2-publication-readiness

Conversation

@lamemustafa

Copy link
Copy Markdown
Owner

Summary

  • Updates Pack README, publication-readiness, and Chrome Web Store listing/asset docs from the verified v0.3.1 evidence set to verified v0.3.2.
  • Records the v0.3.2 GitHub release ZIP SHA-256 and Pack Release workflow run while keeping the Chrome Web Store package/listing update marked pending.
  • Updates synthetic Store asset descriptions from v0.3.1 to v0.3.2; no runtime behavior, permissions, or package contents change.

Root Cause / Decision Record

  • Pack v0.3.2 was released successfully after the Release Please PR merged, but the source-controlled public docs still named v0.3.1 as the latest verified GSTR-1 release.
  • The smallest safe fix is a docs-only update to the existing release-evidence surfaces instead of changing extension runtime code or claiming store publication.
  • This closes the release-documentation gap needed before the parent public facts snapshot can derive v0.3.2 checksum evidence from Pack source docs.

Scope

  • Runtime: none.
  • Tests: no test source changes.
  • Docs/governance: README, docs/PUBLICATION_READINESS.md, Chrome Web Store listing brief, Store asset README, and synthetic asset descriptions.
  • Explicitly out of scope: Chrome Web Store submission/review/publication, privacy-practices dashboard updates, generated PNG exports, runtime download behavior, manifest permissions, release ZIP rebuild.

Pack Workflow Preflight

  • pnpm workflow:preflight was run before editing/push, or the skip reason is documented. Ran node scripts/check-pack-workflow-preflight.mjs after the docs commit; it passed for this Pack branch against master.
  • This PR was opened from a Pack branch, not master.
  • I checked latest master Pack AGENTS guidance or recorded the stale-guidance warning.
  • PR body keeps the required Pack privacy/review/verification checklist visible.

Sanchika Adoption Gate

  • If this PR consumes @sanchika/* packages or copied Sanchika guidance, I read sanchika/docs/adoption-pack.md in the coordinated parent worktree.
  • If this PR consumes Sanchika, it links ComplyEaze and Axal completion evidence and records the Sanchika commit or copied guidance used.
  • This PR does not import ../sanchika, sanchika/packages/*/src, or parent source paths.

This PR does not consume Sanchika packages or copied Sanchika guidance.

Privacy And Data-Flow Impact

  • No new browser permissions.
  • No new host permissions.
  • No new network calls.
  • No analytics, telemetry, ads, or session replay.
  • No credential, OTP, CAPTCHA, cookie, token, GST file, or taxpayer-data capture.
  • Public copy and privacy declarations are updated if behaviour changed.

No behavior changed; public copy now points at the verified v0.3.2 GitHub release while preserving pending Chrome Web Store wording.

Sensitive Surface Review

  • Current tab / portal target binding is preserved or intentionally changed.
  • Download completion remains evidence-backed and fail-closed.
  • Ambiguous side-effect delivery cannot be reported as confirmed success.
  • Service-worker durability impact is understood and documented.
  • Real taxpayer data, local paths, raw URLs/referrers, and portal HTML are absent from the diff.

Docs-only update; the synthetic SVG descriptions still state that no real GST Portal/taxpayer data is shown.

Chrome Web Store Impact

  • This PR does not expand beyond the existing Chrome Web Store V0 listing unless every gate in docs/PUBLICATION_READINESS.md is checked.
  • Full fiscal year remains source-build alpha and is not part of the Chrome Web Store V0 listing.
  • Store copy, README status, Privacy QA, and reviewer instructions were reviewed if user-facing behavior changed.
  • CI ZIP creation, provenance, and protected publishing are treated as release evidence, not manual store-submission sign-off.
  • PR title uses Conventional Commits so Release Please can bump Pack after merge.

The docs continue to say the v0.3.2 Chrome Web Store package/listing update is pending dashboard submission, review, and publication.

Verification

  • pnpm install --frozen-lockfile (pnpm install --frozen-lockfile --ignore-scripts --offline)
  • pnpm audit --audit-level high (not run locally; docs-only change and audit needs registry/network access)
  • pnpm exec wxt prepare (./node_modules/.bin/wxt prepare)
  • pnpm exec prettier --check . (./node_modules/.bin/prettier --check --ignore-unknown README.md docs/PUBLICATION_READINESS.md docs/chrome-web-store/listing.md docs/chrome-web-store/assets/README.md docs/chrome-web-store/assets/small-promo-440x280.svg docs/chrome-web-store/assets/marquee-promo-1400x560.svg)
  • pnpm exec eslint . --max-warnings 0 (./node_modules/.bin/eslint . --max-warnings 0)
  • pnpm exec tsc --noEmit (./node_modules/.bin/tsc --noEmit)
  • pnpm exec vitest run (./node_modules/.bin/vitest run; 38 files, 438 tests)
  • pnpm exec wxt build (not run locally; docs-only change)
  • node scripts/verify-extension-package.mjs .output/chrome-mv3 (not run locally; no package rebuild)
  • pnpm exec wxt zip (not run locally; no package rebuild)
  • node scripts/verify-extension-zip.mjs (not run locally; no package rebuild)
  • node scripts/write-release-provenance.mjs (not run locally; no package rebuild)
  • node scripts/verify-github-release-assets.mjs --tag <tag> --zip <zip> --checksum <sha256> --provenance <json> when release assets exist. Evidence source: Pack Release workflow 28702352034 completed Verify uploaded GitHub release assets; GitHub release v0.3.2 exposes ZIP digest sha256:6bd41a364a2466f0f255bef1b44e93694cc8d95431e7661fea5be3d52c9cdddb.
  • node scripts/publish-chrome-web-store.mjs --zip .output/<zip> --provenance .output/pack-release-provenance.v1.json --publisher-id <id> --dry-run true (not run; Store submission remains pending)
  • git diff --check
  • pnpm review:gate -- --strict-head-review --required-review-author chatgpt-codex-connector --wait-head-review-ms 180000 before merge/readiness claim, or reason not run: will run through PR CI/review-gate after this PR exists; current local branch has no PR context yet.

Artifact Evidence

  • CI run: Pack Release 28702352034 for v0.3.2 completed successfully; Pack CI 28702352036 completed successfully.
  • ZIP artifact: complyeazepack-0.3.2-chrome.zip.
  • ZIP SHA-256: 6bd41a364a2466f0f255bef1b44e93694cc8d95431e7661fea5be3d52c9cdddb.
  • Clean source/tag or head SHA: v0.3.2 tag at 7bc2c2604f045c1d5547f6ab63a84dbb91de161e; this docs PR head updates post-tag public evidence only.

PR Review Follow-Up

  • GitHub Actions completed.
  • Autogenerated Codex/bot review comments inspected after checks completed for the latest head SHA.
  • Inline review threads are resolved, outdated, or answered with evidence.
  • No commits were pushed after the last required human/bot review without re-review.
  • Any follow-up PRs are listed here instead of being left implicit.
Thread/comment Disposition Commit or evidence
None yet pending PR review

Screenshots

Not applicable. Docs-only evidence update; SVG sources remain synthetic and contain no real GST Portal/account data.

DCO

  • Commits include Signed-off-by: trailers.

Signed-off-by: Tapish Khandelwal <tapishkhandelwal13@gmail.com>
@lamemustafa lamemustafa merged commit b85d10d into master Jul 4, 2026
7 checks passed
@lamemustafa lamemustafa deleted the tapish-codex/pack-v0.3.2-publication-readiness branch July 4, 2026 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant