Release Flow
Purpose #
End-to-end: developer change → changeset → CI → npm publish with provenance.
Diagram #
%%{init: {
"theme": "base",
"themeVariables": {
"fontFamily": "ui-sans-serif, system-ui, -apple-system, Segoe UI, sans-serif",
"fontSize": "14px",
"primaryColor": "#eff6ff",
"primaryTextColor": "#0f172a",
"primaryBorderColor": "#2563eb",
"lineColor": "#475569",
"secondaryColor": "#f1f5f9",
"tertiaryColor": "#ffffff",
"clusterBkg": "#f8fafc",
"clusterBorder": "#cbd5e1"
}
}}%%
flowchart TD
classDef actor fill:#ede9fe,stroke:#6d28d9,color:#1e1b4b,stroke-width:1.2px;
classDef cli fill:#dbeafe,stroke:#1d4ed8,color:#0c1f4a,stroke-width:1.4px;
classDef adapter fill:#cffafe,stroke:#0e7490,color:#083344;
classDef pack fill:#dcfce7,stroke:#15803d,color:#052e16;
classDef core fill:#fef9c3,stroke:#a16207,color:#422006;
classDef artifact fill:#f1f5f9,stroke:#475569,color:#0f172a;
classDef stop fill:#fee2e2,stroke:#b91c1c,color:#7f1d1d,stroke-dasharray:4 3;
classDef ok fill:#ecfdf5,stroke:#047857,color:#064e3b;
classDef external fill:#fff7ed,stroke:#c2410c,color:#431407;
dev(["Contributor"]):::actor
pr["PR with code + tests + .changeset/*.md"]:::artifact
ci{{"CI
lint / typecheck / test / build / conformance / dogfood"}}:::external
merge["Merge to main"]:::artifact
release["Maintainer (or CI) triggers release"]:::actor
bump["pnpm changeset version
consumes .changeset/*.md
updates package.json + per-package CHANGELOG.md"]:::cli
inst["pnpm install --frozen-lockfile=false
pnpm build
pnpm test"]:::cli
publish{"Pre-1.0 or v1.0+?"}:::stop
alpha["pnpm changeset publish --tag alpha
(latest stays unset until v1.0)"]:::cli
latest["pnpm changeset publish
(latest tag)
npm publish --provenance --access public"]:::cli
prov["npm provenance attestation
(GitHub Actions OIDC)
npm audit signatures"]:::external
user(["End user: npx aidokit@alpha init
(pre-1.0)
or
npx aidokit init
(v1.0+)"]):::actor
dev --> pr --> ci
ci -->|fail| dev
ci -->|pass| merge --> release --> bump --> inst --> publish
publish -->|< v1.0| alpha
publish -->|>= v1.0| latest --> prov
alpha --> user
latest --> user
What this shows #
- Changesets drives version coordination (ADR-0004 §4). Patch / minor / major per package.
- Pre-1.0 dist-tag is
alpha.lateststays unset until v1.0 GA sonpx aidokit initdoesn't silently grab a pre-release. - Provenance is required from v1.0:
npm publish --provenance --access public, validated bynpm audit signatures. - CI gates publication: lint, typecheck, test, build, conformance harness, dogfood byte-compare. Any failure blocks publish.
What is NOT in the flow #
- No GitHub Packages publishing.
- No container images, no Homebrew/scoop, no single-binary builds (deferred to post-v1.0; .docs/ARCHITECTURE.md §21).
- No telemetry, no "improve aidokit" pings.