Release actions begin after the candidate gate passes and the exact mutation is explicitly approved.
| Package version | npm dist-tag | GitHub release | Stable latest |
|---|---|---|---|
x.y.z |
latest |
Full release, marked latest | Moves to x.y.z |
x.y.z-<prerelease> |
next |
Prerelease | Remains on current stable |
scripts/release-version.ts is the executable channel contract. It accepts an
exact SemVer version without build metadata, emits the Git tag and release
channel, and is covered by unit tests. Release commands use its output directly.
The current native-discovery candidate is 1.0.0-rc.2. Its canonical opt-in,
test matrix, and feedback tracker is
#34.
Before proposing a release:
- Review every open PR and record a merge, close, or hold recommendation.
- Confirm the feature-parity matrix and intentional compatibility changes.
- Confirm
package.json,package-lock.json, anddocs/releases/v<version>.mdname the exact candidate. - Run
npm run release:check. - Confirm the minimum and current OpenCode CLI smoke, ACP stdio, and every plugin-facing Microsoft TUI Test view pass from source.
- Confirm
npm auditreports no vulnerabilities. - Confirm
npm pack --dry-runcontains only current build artifacts. - Test the packed tarball in a clean temporary project, including ACP.
- Verify the worktree and branch are exactly the reviewed revision.
- For prereleases, verify npm
latestpoints to the current stable version. - Show the user the evidence and exact commands that will mutate GitHub/npm.
- Wait for explicit approval before any commit, push, tag, GitHub release, or npm publish action.
npm run release:check
npm run smoke:opencode
npm run smoke:opencode:acp
npm run test:tui:checkThe preflight is intentionally non-releasing. It validates the version/channel contract and release-notes file, then runs validation, coverage, security audit, and package preview. The OpenCode smoke and TUI screenshot checks remain separate explicit gates locally and in CI.
The release workflow uses GitHub OIDC and npm provenance. The package must have exactly one trusted publisher matching this repository, workflow, and GitHub environment:
npx --yes npm@11.16.0 trust list opencode-lmstudio
npx --yes npm@11.16.0 trust github opencode-lmstudio \
--file release.yml \
--repository agustif/opencode-lmstudio \
--environment release \
--allow-publishConfiguring trust requires npm package-owner authentication and 2FA. CI
authentication is OIDC-only. Use npm 11.16.0 or newer so the trust command
includes the registry's required explicit publish permission.
The manual GitHub Actions workflow is the canonical mutation path. It defaults to validation-only.
Validation-only run:
gh workflow run release.yml \
--ref main \
-f version=<version> \
-f publish=falseApproved publication run:
gh workflow run release.yml \
--ref main \
-f version=<version> \
-f publish=trueFor every candidate the workflow:
- validates exact SemVer, manifest version, release notes, branch, and clean tree;
- runs core, minimum/current OpenCode smoke, ACP stdio, all TUI views, audit, and package gates;
- installs the packed candidate, serves it from an isolated local registry, and repeats the real OpenCode smoke, native resolver/cache, ACP, and TUI matrix before publication;
- stages a draft GitHub release, marking prereleases before publication;
- publishes with npm provenance to derived tag
nextorlatest; - verifies that the derived npm tag resolves to the exact version and stable
latestremains unchanged for a prerelease; - anonymously installs the exact public npm version and repeats the real OpenCode smoke, ACP, and every TUI view;
- gives the exact npm spec directly to minimum and current OpenCode, verifies their package resolver/cache plus chat, and repeats ACP from that resolver; and
- finalizes the GitHub prerelease or full latest release.
If npm publication fails, the workflow removes the staged draft release and tag. If npm succeeds but later verification fails, preserve the draft and published package for explicit reconciliation; npm versions are immutable.
npm view opencode-lmstudio dist-tags --json
npm view opencode-lmstudio@<version> version dist.tarball dist.integrity --json
gh release view "v<version>" --json tagName,isDraft,isPrerelease,url
npm run smoke:opencode:resolver -- opencode-lmstudio@<version>
npm run smoke:opencode:acp:package -- opencode-lmstudio@<version>
git status --short --branchFor a prerelease, also prove that opencode-lmstudio@next resolves to the
candidate and opencode-lmstudio@latest still resolves to the current stable
version. Download the registry tarball, inspect it, and install/import it in a
clean temporary project before calling the release complete.
Update the canonical feedback tracker with immutable npm and GitHub links after
publication. Publish final 1.0.0 as a separate immutable version after RC
feedback is triaged.