Skip to content

docs(v1.23): post-release documentation perfection + dependabot cooldown + CI fixes#168

Merged
qnbs merged 6 commits into
mainfrom
chore/v1.23.0-post-release
Jun 16, 2026
Merged

docs(v1.23): post-release documentation perfection + dependabot cooldown + CI fixes#168
qnbs merged 6 commits into
mainfrom
chore/v1.23.0-post-release

Conversation

@qnbs

@qnbs qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner

User description

Summary

Post-v1.23.0 housekeeping: bring all repo documentation into lockstep with the shipped code, curate/restructure the doc corpus, harden Dependabot, and land the staged Tauri updater fix.

Documentation (commit 1)

  • Metrics re-synced via scripts/sync-readme-metrics.mjs: README 2706→2709 keys, 481→485 test files.
  • AUDIT.md header advanced v1.22.0 → v1.23.0 (version line, quality gate, follow-up chain) + new Post-Release Documentation Perfection Pass section.
  • CLAUDE.md feature flags 21 → 23. The documented default model had inverted — new installs get the full feature set; only 5 default off (enableRtlLayout, enableVoiceSupport, enableVoiceWasm, enableGlobalCopilot, enableLocalFirstSync). Retired/promoted flags (enableCodexAutoTracking, enableCrossProjectSearch, enablePlotBoardV2, enableCloudSync) removed from the live list.
  • featureFlagsSlice JSDoc: 3 (default: true) annotations that contradicted the runtime defaults corrected to (default: false).
  • AGENTS.md bundle budget 6500/4000 → 6200/2500.
  • ROADMAP/TODO: v1.23 ACTIVERELEASED 2026-06-16 with real deliverables; forward P1/P2 work consolidated into an Upcoming — v1.24 / v2.0 block.
  • ADR-0008 present-tense brand StoryCraft → WorldScript Studio.
  • Archived finished plans + checkpoints into docs/history/ (git mv, history preserved); inbound links repaired (0 broken).

CI / config (commit 2)

  • dependabot.yml: cooldown: default-days: 3 on all three ecosystems — new releases age 3 days before a PR opens (the dependabot.yml equivalent of the .npmrc minimum-release-age already set for pnpm install-time).
  • tauri-build.yml: normalize space→dot in updater asset URLs (GitHub renames uploaded assets) + pass --repo to gh release upload (job has no checkout).

Out of band (already done on GitHub)

  • 6 historical release titles renamed StoryCraft → WorldScript (v1.3.0/v1.5.0/v1.7.0/v1.17.0/v1.20.0/v1.21.0); v1.23.0 release/tag verified.
  • Orphaned storycraft-studio GHCR package deletion pending a maintainer delete:packages token-scope refresh.

Verification

  • pnpm run lint ✅ (1351 files) · metric drift guard ✅ (in sync) · dependabot.yml YAML ✅ · 0 broken relative links · remaining storycraft* hits are intentional historical records.

🤖 Generated with Claude Code


CodeAnt-AI Description

Update release docs and CI settings for the v1.23.0 ship state

What Changed

  • Marked v1.23.0 as released across the roadmap, TODOs, audit notes, and history files, with the old in-progress v1.23 section moved into upcoming work
  • Reconciled documentation to the shipped app state: feature flags now reflect 23 flags, the new default-on setup, and the retired flags that no longer appear in the product
  • Refreshed README and audit metrics to match current counts for translated strings and test files
  • Tightened Dependabot timing so update PRs wait until releases are old enough to pass the project’s package-age policy
  • Fixed the desktop updater release job so release asset links work with GitHub’s renamed asset paths and the release upload step no longer fails without a checkout

Impact

✅ Fewer stale release notes
✅ Fewer broken updater downloads
✅ Fewer Dependabot PRs for too-fresh releases

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

qnbs and others added 2 commits June 16, 2026 21:03
…ory archival

Reconcile all repo documentation with the shipped v1.23.0 code:
- README metrics re-synced (2706->2709 keys, 481->485 test files) via sync-readme-metrics
- AUDIT.md header advanced v1.22.0->v1.23.0 (version, quality gate, follow-up chain) + new post-release pass section
- CLAUDE.md feature flags corrected 21->23; default model was inverted (full set on, only 5 opt-in off); retired flags removed
- featureFlagsSlice JSDoc: 3 (default: true) annotations that contradicted runtime defaults fixed to (default: false)
- AGENTS.md bundle budget 6500/4000 -> 6200/2500
- ROADMAP/TODO: v1.23 ACTIVE -> RELEASED 2026-06-16; forward work consolidated into Upcoming block
- ADR-0008 present-tense brand StoryCraft -> WorldScript Studio
- Archived finished plans + checkpoints into docs/history/ (git mv); inbound links repaired

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- dependabot.yml: add cooldown default-days:3 to npm/cargo/github-actions so new
  releases age 3 days before a PR is opened (dependabot.yml equivalent of the
  .npmrc minimum-release-age already set for pnpm install-time)
- tauri-build.yml: normalize space->dot in updater asset URLs (GitHub renames
  uploaded assets) and pass --repo to gh release upload (job has no checkout)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@vercel

vercel Bot commented Jun 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
worldscript-studio Ready Ready Preview, Comment Jun 16, 2026 9:47pm

@codeant-ai codeant-ai Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files label Jun 16, 2026
Comment thread AUDIT.md
qnbs and others added 2 commits June 16, 2026 22:53
The prior cooldown used default-days: 3, but .npmrc enforces
minimum-release-age=10080 (7 days) at `pnpm install --frozen-lockfile`.
A 3-day cooldown still produces PRs that fail CI for 4 more days with
ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION (e.g. #154/#155). Raise all three
ecosystems (npm, cargo, github-actions) to default-days: 7 so a release is
never PR'd before the install gate would accept it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Remove enableCrossProjectSearch as a feature flag (promoted to permanent
  core behaviour in v1.8; the slice has no such flag).
- enableIdbAtRestEncryption is on by default since v1.23 (slice default
  true), not off — correct the IDB at-rest encryption section.

Brings top-level README in lockstep with featureFlagsSlice.ts defaults and
the AUDIT.md v1.23.0 doc-corpus claim.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner Author

@CodeAnt-AI review

@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@codeant-ai codeant-ai Bot added size:XXL This PR changes 1000+ lines, ignoring generated files and removed size:XXL This PR changes 1000+ lines, ignoring generated files labels Jun 16, 2026
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Sequence Diagram

This PR fixes the Tauri desktop auto-updater by generating latest.json with GitHub-normalized asset names and uploading it using an explicit repository flag so update checks no longer 404 in a no-checkout GitHub Actions job.

sequenceDiagram
    participant Maintainer
    participant GitHubActions
    participant ReleaseAssets
    participant GitHubReleases
    participant DesktopApp

    Maintainer->>GitHubActions: Push version tag for desktop release
    GitHubActions->>ReleaseAssets: Build and upload signed bundles for each platform
    GitHubActions->>GitHubActions: Generate latest.json with normalized asset names and URLs
    GitHubActions->>GitHubReleases: Upload latest.json using release upload with explicit repo
    DesktopApp->>GitHubReleases: Request latest.json for update check
    GitHubReleases-->>DesktopApp: Return latest.json with correct platform URLs
    DesktopApp->>GitHubReleases: Download platform bundle using normalized asset URL
Loading

Generated by CodeAnt AI

Comment thread AUDIT.md Outdated
CodeAnt flagged the post-release section still documenting a 3-day
cooldown while .github/dependabot.yml configures default-days: 7. Align
the AUDIT entry to 7 days, cite dependabot.yml as the source of truth,
and refresh the open-queue status (candle-nn merged, dev-tooling
playwright-core dedup, #154/#155 minimum-release-age quarantine).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner Author

@CodeAnt-AI review

@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@codeant-ai codeant-ai Bot added size:XXL This PR changes 1000+ lines, ignoring generated files and removed size:XXL This PR changes 1000+ lines, ignoring generated files labels Jun 16, 2026
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Sequence Diagram

This diagram shows how the Tauri desktop release workflow now normalizes asset names and uploads latest.json so auto updates succeed, and how Dependabot waits seven days before opening dependency update pull requests to match the minimum release age policy.

sequenceDiagram
    participant Maintainer
    participant CI
    participant GitHubReleases
    participant DesktopApp
    participant PackageRegistry
    participant Dependabot

    Maintainer->>CI: Tag release and push
    CI->>GitHubReleases: Upload signed desktop bundles
    CI->>CI: Build latest.json with normalized asset URLs
    CI->>GitHubReleases: Upload latest.json with explicit repo
    DesktopApp->>GitHubReleases: Fetch latest.json and platform bundle
    GitHubReleases-->>DesktopApp: Return bundle download for auto update

    PackageRegistry->>Dependabot: New dependency version available
    Dependabot->>CI: After 7-day cooldown, open update pull request
    CI->>PackageRegistry: Install updated dependency after cooldown
Loading

Generated by CodeAnt AI

Comment thread AUDIT.md
CodeAnt flagged that AUDIT's "doc corpus in lockstep" claim was
contradicted by stale flag metadata across the corpus. Bring every
current-state flag reference into line with featureFlagsSlice.ts
(23 flags, 18 default-on, 5 opt-in default-off):

- docs/FEATURE-PARITY.md: correct the Default column, drop the four
  retired/promoted flags (enableCodexAutoTracking, enableCrossProjectSearch,
  enablePlotBoardV2, enableCloudSync), add the four newer flags
  (enableWorkerBusV2, enableRustCompute, enableGlobalCopilot,
  enableLocalFirstSync); refresh header + drift summary.
- AGENTS.md: featureFlags count + the WorkerBus/RustCompute/DuckDB
  "off by default" notes (all on); replace the "~20 flags, a few on"
  blurb with the full-set-on model.
- .github/copilot-instructions.md: 23-flag model, enableProForge on,
  drop retired enableCloudSync from the v2.0-stubs list.
- docs/PLUGINS-BETA.md, docs/IDB-ENCRYPTION.md, .github/SECURITY.md:
  enablePluginSystem / enableIdbAtRestEncryption are on by default.
- AUDIT.md: implementation-map flag bullet refreshed.

Dated historical audit sections (v1.9.0 "12 flags" etc.) left intact.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner Author

@CodeAnt-AI review

@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@codeant-ai codeant-ai Bot added size:XXL This PR changes 1000+ lines, ignoring generated files and removed size:XXL This PR changes 1000+ lines, ignoring generated files labels Jun 16, 2026
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Sequence Diagram

This PR fixes the desktop auto updater by normalizing asset names in the release manifest and passing the repository explicitly when uploading, and it aligns Dependabot's update cadence with a seven day minimum release age policy before opening dependency PRs.

sequenceDiagram
    participant Dev as Developer
    participant CI as CI workflows
    participant Release as Release storage
    participant App as Desktop app
    participant Registry as Package registry
    participant Bot as Dependabot

    Dev->>CI: Push desktop release tag
    CI->>Release: Upload signed desktop bundles
    CI->>CI: Generate normalized asset names and latest manifest
    CI->>Release: Upload manifest with explicit repository setting
    App->>Release: Fetch manifest and download matching update asset

    Bot->>Registry: Check for new dependency versions
    Registry-->>Bot: Report newer package release
    Bot->>Dev: Open update pull request after seven day cooldown aligned with install policy
Loading

Generated by CodeAnt AI

@qnbs

qnbs commented Jun 16, 2026

Copy link
Copy Markdown
Owner Author

@CodeAnt-AI review

@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@codeant-ai codeant-ai Bot removed the size:XXL This PR changes 1000+ lines, ignoring generated files label Jun 16, 2026
@codeant-ai codeant-ai Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files label Jun 16, 2026
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Sequence Diagram

This PR fixes the Tauri auto-updater metadata generation so asset URLs match GitHub's normalized names, and aligns Dependabot's cooldown with the existing minimum release age policy to keep CI green for dependency PRs.

sequenceDiagram
    participant Build as Tauri build workflow
    participant Releases as GitHub releases
    participant Updater as Tauri updater
    participant Bot as Dependabot
    participant Repo as Repository
    participant CI as CI pipeline

    %% Tauri updater asset URL flow

    Build->>Build: Derive normalized asset URLs from signed bundles
    Build->>Releases: Upload latest.json with asset URLs and explicit repo
    Updater->>Releases: Fetch latest.json and request update bundle
    Releases-->>Updater: Return signed bundle for current platform

    %% Dependabot cooldown and CI policy alignment

    Bot->>Bot: Delay opening update PR until new version has aged 7 days
    Bot->>Repo: Open dependency update pull request
    CI->>Repo: Run pnpm install with matching 7 day minimum release age
    CI-->>Bot: Report green CI without minimum release age errors
Loading

Generated by CodeAnt AI

@qnbs
qnbs merged commit 7604070 into main Jun 16, 2026
18 checks passed
@qnbs
qnbs deleted the chore/v1.23.0-post-release branch June 16, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:XXL This PR changes 1000+ lines, ignoring generated files

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant