docs(v1.23): post-release documentation perfection + dependabot cooldown + CI fixes#168
Conversation
…ory archival Reconcile all repo documentation with the shipped v1.23.0 code: - README metrics re-synced (2706->2709 keys, 481->485 test files) via sync-readme-metrics - AUDIT.md header advanced v1.22.0->v1.23.0 (version, quality gate, follow-up chain) + new post-release pass section - CLAUDE.md feature flags corrected 21->23; default model was inverted (full set on, only 5 opt-in off); retired flags removed - featureFlagsSlice JSDoc: 3 (default: true) annotations that contradicted runtime defaults fixed to (default: false) - AGENTS.md bundle budget 6500/4000 -> 6200/2500 - ROADMAP/TODO: v1.23 ACTIVE -> RELEASED 2026-06-16; forward work consolidated into Upcoming block - ADR-0008 present-tense brand StoryCraft -> WorldScript Studio - Archived finished plans + checkpoints into docs/history/ (git mv); inbound links repaired Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- dependabot.yml: add cooldown default-days:3 to npm/cargo/github-actions so new releases age 3 days before a PR is opened (dependabot.yml equivalent of the .npmrc minimum-release-age already set for pnpm install-time) - tauri-build.yml: normalize space->dot in updater asset URLs (GitHub renames uploaded assets) and pass --repo to gh release upload (job has no checkout) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
The prior cooldown used default-days: 3, but .npmrc enforces minimum-release-age=10080 (7 days) at `pnpm install --frozen-lockfile`. A 3-day cooldown still produces PRs that fail CI for 4 more days with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION (e.g. #154/#155). Raise all three ecosystems (npm, cargo, github-actions) to default-days: 7 so a release is never PR'd before the install gate would accept it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Remove enableCrossProjectSearch as a feature flag (promoted to permanent core behaviour in v1.8; the slice has no such flag). - enableIdbAtRestEncryption is on by default since v1.23 (slice default true), not off — correct the IDB at-rest encryption section. Brings top-level README in lockstep with featureFlagsSlice.ts defaults and the AUDIT.md v1.23.0 doc-corpus claim. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
@CodeAnt-AI review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Sequence DiagramThis PR fixes the Tauri desktop auto-updater by generating latest.json with GitHub-normalized asset names and uploading it using an explicit repository flag so update checks no longer 404 in a no-checkout GitHub Actions job. sequenceDiagram
participant Maintainer
participant GitHubActions
participant ReleaseAssets
participant GitHubReleases
participant DesktopApp
Maintainer->>GitHubActions: Push version tag for desktop release
GitHubActions->>ReleaseAssets: Build and upload signed bundles for each platform
GitHubActions->>GitHubActions: Generate latest.json with normalized asset names and URLs
GitHubActions->>GitHubReleases: Upload latest.json using release upload with explicit repo
DesktopApp->>GitHubReleases: Request latest.json for update check
GitHubReleases-->>DesktopApp: Return latest.json with correct platform URLs
DesktopApp->>GitHubReleases: Download platform bundle using normalized asset URL
Generated by CodeAnt AI |
CodeAnt flagged the post-release section still documenting a 3-day cooldown while .github/dependabot.yml configures default-days: 7. Align the AUDIT entry to 7 days, cite dependabot.yml as the source of truth, and refresh the open-queue status (candle-nn merged, dev-tooling playwright-core dedup, #154/#155 minimum-release-age quarantine). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
@CodeAnt-AI review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Sequence DiagramThis diagram shows how the Tauri desktop release workflow now normalizes asset names and uploads latest.json so auto updates succeed, and how Dependabot waits seven days before opening dependency update pull requests to match the minimum release age policy. sequenceDiagram
participant Maintainer
participant CI
participant GitHubReleases
participant DesktopApp
participant PackageRegistry
participant Dependabot
Maintainer->>CI: Tag release and push
CI->>GitHubReleases: Upload signed desktop bundles
CI->>CI: Build latest.json with normalized asset URLs
CI->>GitHubReleases: Upload latest.json with explicit repo
DesktopApp->>GitHubReleases: Fetch latest.json and platform bundle
GitHubReleases-->>DesktopApp: Return bundle download for auto update
PackageRegistry->>Dependabot: New dependency version available
Dependabot->>CI: After 7-day cooldown, open update pull request
CI->>PackageRegistry: Install updated dependency after cooldown
Generated by CodeAnt AI |
CodeAnt flagged that AUDIT's "doc corpus in lockstep" claim was contradicted by stale flag metadata across the corpus. Bring every current-state flag reference into line with featureFlagsSlice.ts (23 flags, 18 default-on, 5 opt-in default-off): - docs/FEATURE-PARITY.md: correct the Default column, drop the four retired/promoted flags (enableCodexAutoTracking, enableCrossProjectSearch, enablePlotBoardV2, enableCloudSync), add the four newer flags (enableWorkerBusV2, enableRustCompute, enableGlobalCopilot, enableLocalFirstSync); refresh header + drift summary. - AGENTS.md: featureFlags count + the WorkerBus/RustCompute/DuckDB "off by default" notes (all on); replace the "~20 flags, a few on" blurb with the full-set-on model. - .github/copilot-instructions.md: 23-flag model, enableProForge on, drop retired enableCloudSync from the v2.0-stubs list. - docs/PLUGINS-BETA.md, docs/IDB-ENCRYPTION.md, .github/SECURITY.md: enablePluginSystem / enableIdbAtRestEncryption are on by default. - AUDIT.md: implementation-map flag bullet refreshed. Dated historical audit sections (v1.9.0 "12 flags" etc.) left intact. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
@CodeAnt-AI review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Sequence DiagramThis PR fixes the desktop auto updater by normalizing asset names in the release manifest and passing the repository explicitly when uploading, and it aligns Dependabot's update cadence with a seven day minimum release age policy before opening dependency PRs. sequenceDiagram
participant Dev as Developer
participant CI as CI workflows
participant Release as Release storage
participant App as Desktop app
participant Registry as Package registry
participant Bot as Dependabot
Dev->>CI: Push desktop release tag
CI->>Release: Upload signed desktop bundles
CI->>CI: Generate normalized asset names and latest manifest
CI->>Release: Upload manifest with explicit repository setting
App->>Release: Fetch manifest and download matching update asset
Bot->>Registry: Check for new dependency versions
Registry-->>Bot: Report newer package release
Bot->>Dev: Open update pull request after seven day cooldown aligned with install policy
Generated by CodeAnt AI |
|
@CodeAnt-AI review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Sequence DiagramThis PR fixes the Tauri auto-updater metadata generation so asset URLs match GitHub's normalized names, and aligns Dependabot's cooldown with the existing minimum release age policy to keep CI green for dependency PRs. sequenceDiagram
participant Build as Tauri build workflow
participant Releases as GitHub releases
participant Updater as Tauri updater
participant Bot as Dependabot
participant Repo as Repository
participant CI as CI pipeline
%% Tauri updater asset URL flow
Build->>Build: Derive normalized asset URLs from signed bundles
Build->>Releases: Upload latest.json with asset URLs and explicit repo
Updater->>Releases: Fetch latest.json and request update bundle
Releases-->>Updater: Return signed bundle for current platform
%% Dependabot cooldown and CI policy alignment
Bot->>Bot: Delay opening update PR until new version has aged 7 days
Bot->>Repo: Open dependency update pull request
CI->>Repo: Run pnpm install with matching 7 day minimum release age
CI-->>Bot: Report green CI without minimum release age errors
Generated by CodeAnt AI |
User description
Summary
Post-v1.23.0 housekeeping: bring all repo documentation into lockstep with the shipped code, curate/restructure the doc corpus, harden Dependabot, and land the staged Tauri updater fix.
Documentation (commit 1)
scripts/sync-readme-metrics.mjs: README 2706→2709 keys, 481→485 test files.enableRtlLayout,enableVoiceSupport,enableVoiceWasm,enableGlobalCopilot,enableLocalFirstSync). Retired/promoted flags (enableCodexAutoTracking,enableCrossProjectSearch,enablePlotBoardV2,enableCloudSync) removed from the live list.(default: true)annotations that contradicted the runtime defaults corrected to(default: false).6500/4000 → 6200/2500.ACTIVE→ RELEASED 2026-06-16 with real deliverables; forward P1/P2 work consolidated into an Upcoming — v1.24 / v2.0 block.StoryCraft → WorldScript Studio.docs/history/(git mv, history preserved); inbound links repaired (0 broken).CI / config (commit 2)
cooldown: default-days: 3on all three ecosystems — new releases age 3 days before a PR opens (the dependabot.yml equivalent of the.npmrcminimum-release-agealready set for pnpm install-time).--repotogh release upload(job has no checkout).Out of band (already done on GitHub)
storycraft-studioGHCR package deletion pending a maintainerdelete:packagestoken-scope refresh.Verification
pnpm run lint✅ (1351 files) · metric drift guard ✅ (in sync) · dependabot.yml YAML ✅ · 0 broken relative links · remainingstorycraft*hits are intentional historical records.🤖 Generated with Claude Code
CodeAnt-AI Description
Update release docs and CI settings for the v1.23.0 ship state
What Changed
Impact
✅ Fewer stale release notes✅ Fewer broken updater downloads✅ Fewer Dependabot PRs for too-fresh releases💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.