Prepare v6.0.0 release#35
Merged
flyingrobots merged 83 commits intomainfrom May 4, 2026
Merged
Conversation
1. Migration script (npm run upgrade) with fast/full modes 2. Breaking changes doc (UPGRADING.md) 3. Docs accuracy audit (all docs vs v6 API) 4. Signpost rewrite (README, BEARING, VISION, STATUS) 5. Version bump + tag (blocked by 1-4) Key insight: v1→current migration requires re-encryption (AAD was not present in v1), while v2→current is rename-only.
Add the migration tooling needed to upgrade vault entries from legacy encryption scheme identifiers (v1/v2) to the simplified v6 names. Migration script (scripts/migrate-encryption.js): - Two modes: fast (rename-only for v2/convergent-v1) and full (re-encrypt for v1 whole/framed that lacked AAD) - Dry-run by default, --execute to apply, --passphrase for v1 re-encryption - Iterates vault entries, classifies each, and prints a detailed report - Available as `npm run upgrade` CasService changes: - legacyMode constructor option skips assertCurrentScheme and maps legacy scheme names to current equivalents during readManifest - readManifestRaw() returns raw decoded manifest without scheme assertion or Manifest construction — migration entry point - AAD computation is conditionally skipped for v1 legacy schemes across all restore/verify paths via originalSchemeMap WeakMap tracking schemes.js additions: - mapToCurrentScheme() maps legacy identifiers to current names - isLegacyNoAad() detects v1 schemes that used no AAD
Comprehensive breaking changes doc covering: - Encryption scheme simplification (5→3) with migration matrix - Default scheme changes (CDC→convergent, fixed→framed) - CasService constructor requiring chunker + compressionAdapter - New CryptoPort methods (hmacSha256, encryptBufferWithNonce, etc.) - ManifestSchema.scheme now required - New manifest fields (formatVersion, manifestHash) - Behavioral changes (AAD always on, KDF policy enforced, caps) - Troubleshooting section with error codes and fixes
CHANGELOG: headed 6.0.0, Breaking Changes subsection, merged dupes STATUS: v6.0.0 versions, honest state updated, broken links removed README: UPGRADING.md linked, legacy scheme pointer added GUIDE: migration script description updated (no longer stub) ADVANCED_GUIDE: migration wording fixed (rename vs re-encrypt) SECURITY: sha256 snippet updated to reflect async CryptoPort ARCHITECTURE: full rewrite — all modules, ports, adapters, pipelines API.md: 13 fixes — missing params, methods, signatures, deprecations
README: verified clean — no edits needed BEARING: verified clean — no edits needed VISION: added convergent key derivation to defense-in-depth tenet STATUS: verified clean — no edits needed
Critical (4): - Migration script in npm package (scripts/ + UPGRADING.md in files) - Schemeless encrypted manifests now classified as full migration - Vault read errors propagate (only "no vault ref" is caught) - Manifest hash verified BEFORE legacy scheme mapping High (8): - convergent-v1 classified as fast rename (not re-encryption) - --key-file removed from docs (not implemented) - Full migration preserves compression metadata, uses streaming - Documented imports fixed to use root package exports - docs/WALKTHROUGH.md updated (20+ stale v1/v2 references) - .mcp.json added to .gitignore - EventEmitter claim replaced with ObservabilityPort docs - Scheme constants exported from root package Medium (6): - Migration detects JSON vs CBOR codec per entry - README AAD table fixed (whole = slug-only, not slug+frame) - API.md CasService example uses valid imports - Migration script refactored for unit testing - JSR includes migration script and UPGRADING.md - JSDoc signatures fixed in migration script Low (2): - Migration classification tests added - Legacy mode hash verification test added
Critical (4 — 2 real bugs, 2 tracked gates): - CBOR migration now preserves codec (codec-keyed writer services) - Schemeless encrypted manifests handled in legacyMode readManifest - Fast migration rewrites manifest blob directly (preserves Merkle trees) - Version 5.3.3 is tracked release gate (card 5), not a bug High (4 — 2 real, 2 tracked): - .mcp.json removed from git tracking - readManifestRaw documented as skipping hash verification - Full migration preserves chunking strategy via resolveChunker - JSR Deno panic is tracked release gate Medium (3): - Removed dead vault error handling code - Hash verification test made strict (no longer accepts both outcomes) - Backlog acceptance criteria updated Low (2): - Markdown blank line violations fixed - Backlog status reconciled with criteria
Separated value imports from type re-exports in index.d.ts to avoid dual resolution paths that trigger deno_ast text change overlaps. The JSR publish still panics on Deno 2.6.7 due to an upstream deno_ast bug with overlapping TextChange entries — filed as a known release gate issue. npm publish is unaffected.
Import types into scope (for use in class declarations) AND re-export them (for consumer access). The prior refactor only re-exported without importing, breaking tsc --noEmit. Note: JSR publish still panics on Deno 2.6.7 due to a pre-existing deno_ast bug (confirmed: also fails on main). This is not a regression — tracked as upstream issue.
git-cas --version now shows "6.0.0+abc1234" (semver + short SHA). In dev: SHA read from git at runtime. In published packages: SHA baked into build-info.json via prepublishOnly stamp script. - scripts/stamp-build.js writes build-info.json - src/build-version.js resolves version string (stamped → git → plain) - build-info.json gitignored but included in npm files - npm run stamp for manual stamping
Upgraded bijou/bijou-tui/bijou-node from v3 to v5.0.0. 12 design cards covering full TUI modernization: - TUI-001: createFramedApp + startApp (foundation) - TUI-002: boxV3 → boxSurface (breaking fix) - TUI-003: Status bar - TUI-004: Toast notifications (replace custom impl) - TUI-005: Badge components - TUI-006: Layout primitives (hstack/vstack/flex/grid) - TUI-007: Help overlay - TUI-008: Merkle DAG viewer (dagPane) - TUI-009: Interactive store wizard - TUI-010: Pager scrollable content - TUI-011: Accordion detail pane - TUI-012: Animated view transitions
Upgraded @flyingrobots/bijou, bijou-tui, bijou-node from 3.0.0 to 5.0.0. Added @flyingrobots/bijou-tui-app 5.0.0. Breaking fix: boxV3 → boxSurface (6 call sites in dashboard-view.js). 12 design cards for full TUI modernization: - TUI-001: createFramedApp + startApp (foundation) - TUI-002: boxV3 → boxSurface (done in this commit) - TUI-003–012: Status bar, toasts, badges, layout primitives, help overlay, Merkle DAG viewer, store wizard, pager, accordion detail pane, animated transitions
TUI-001 Phase 1: replaced run() from bijou-tui with startApp() from bijou-node. Added GIT_CAS_THEME via extendTheme(CYAN_MAGENTA) with palette colors mapped to v5 status tokens. Test mocks updated to mock bijou-node instead of bijou-tui for the runner.
TUI-005: Replaced custom chipSurface/chipText with Bijou v5 badge() component. Deleted CHIP_TONES, chipSurface, chipText from theme.js. 14 badge call sites in dashboard-view, manifest-view, encryption-card. TUI-004: Replaced ~260 lines of custom toast system with Bijou v5 built-in notification system (createNotificationState, pushNotification, tickNotifications, renderNotificationStack). Deleted: addToast, dismissToast, animateToast, updateToast, startToastExit, renderToastSurface, renderToastShadow, toastSlideOffset, renderToastStack, and all custom toast rendering.
The pager was set to null on move/page but never recreated from the manifest cache. Now rebuilds from cached manifest when navigating, so scrollbar persists across entry changes.
TUI-003: Persistent status bar showing vault encryption status, entry count, selected slug, view mode, and git branch. Footer condensed from 4 lines to 3. Git branch loaded asynchronously. TUI-007: Help overlay triggered by ? key. Shows all keybindings organized by group (General, Navigation, Layout, Views, Treemap, Detail). Dismisses on ? or Escape. 6 new tests. TUI-011: Collapsible accordion sections in manifest detail pane. Metadata expanded by default, other sections (Encryption, Compression, Chunking, Chunks, Sub-Manifests) collapsed. j/k navigates sections, space/enter toggles. 14 new tests.
TUI-013: Entry list now uses full terminal width — no more truncated columns. Enter/l opens full-screen manifest inspector with accordion. Escape/h returns to list. Removed splitPaneLayout, Tab pane switching, H/L resize. Treemap/refs views unchanged (already full-screen). Keybindings simplified: j/k moves cursor in list, navigates sections in detail. Space/Enter toggles accordion sections. Navigation is now drill-in/drill-out like ranger/lf.
The list pane box was capped to the table's content width and content height, creating a small floating island with empty voids to the right and below. The table columns should stay proportional, but the box itself should fill the available viewport space. Remove dead totalWidth/usedWidth from tableSchema now that the box no longer uses it for width capping.
Entries in the dashboard list are now sorted by manifest size (largest at top). Entries whose manifests haven't loaded yet sort to the bottom by slug name. The sort re-applies whenever a new manifest arrives, so the list progressively settles into size order as data loads.
Press 'm' to open an interactive DAG visualization of the selected manifest's Merkle tree structure. Shows root -> sub-manifests -> chunks topology with node labels displaying OID prefixes, chunk counts, and sizes. Navigation: arrow keys select nodes (parent/child/sibling), j/k/h/l scroll, d/u page, escape/q closes. New files: - bin/ui/merkle-dag.js — builds dagPane source nodes from manifest data Also extracts handleKeyMsg and renderNotifications/renderDagOverlay to satisfy lint complexity and line-count limits.
…TUI-006) - renderHeaderSurface: manual blitInline + y-offset arithmetic replaced with hstackSurface (horizontal badge/label rows) and vstackSurface (vertical row stacking) - renderFooterSurface: manual blit at y=0,1,2 replaced with vstackSurface - blitInline(): deleted — fully superseded by hstackSurface - Import hstackSurface and vstackSurface from bijou-tui
Press 'n' to open a 6-step guided store flow inside the dashboard: 1. File path (text input) 2. Slug name (auto-derived from filename, editable) 3. Encryption mode (none / passphrase / convergent) 4. Compression toggle (gzip on/off) 5. Chunking strategy (whole / fixed / CDC) 6. Confirm summary On confirm, executes cas.store() asynchronously and refreshes the entry list. Success/error feedback via toast notifications. New files: - bin/ui/store-wizard.js — wizard state machine, key handlers, rendering
View switches now animate with wipe (treemap) or fade (all others) effects that progressively reveal the new view over 150ms. The transition is timestamp-based — progress is computed at render time from Date.now() without extra tick commands, keeping the update pipeline zero-cost. Wipe effect reveals columns left-to-right. Fade effect reveals rows top-to-bottom. Both clear unrevealed cells to blank during the transition window. Set REDUCE_MOTION=1 to disable all animations. When motion is reduced, startTransition() returns null and no visual effects apply. Transitions fire on: drawer open/close, detail view enter/exit, treemap launch.
surface.set() expects a cell object, not a string — passing a plain
string crashed with 'Cannot read properties of undefined'. Use
fill({ char: ' ', empty: true }, ...) to clear regions during wipe
and fade transitions, which is the documented API for cell clearing.
New lane: docs/method/backlog/v6.0.0-polish/ Cards distilled from four audit documents (detailed screen breakdown, scorecard, full audit, V6 system design). Focuses on actionable fixes within git-cas — upstream bijou proposals excluded. POL-001: String sludge in manifest-view.js (toJSON in view, join) POL-002: String sludge + boundary violation in vault-report.js POL-003: String sludge in encryption-card.js (surfaceToString) POL-004: Git commit parsing in UI layer (history-timeline.js) POL-005: Raw ANSI escape codes in progress.js POL-006: Magic numbers and rhythm violations POL-007: View-state leakage (viewport logic in render functions) POL-008: Manual clipping instead of bijou clipToWidth POL-009: Pseudo-shader transitions instead of bijou shaders POL-010: Manual grid math in heatmap.js POL-011: String-based geometry in store-wizard.js Also adds .obsidian/ and docs/ to eslint ignores, and macOS junk files to .gitignore.
App-specific component blocks extracted from the Bijou BigBro audit. These are application-level compositions of bijou primitives, not upstream library features. POL-012: AssetCard block (unified asset metadata card) POL-013: MerkleExplorer block (table/tree/DAG toggle) POL-014: HealthDashboard block (structured doctor report) POL-015: WizardBlock (reusable step-based wizard infrastructure) POL-016: OperationFeed block (persistent operation log + progress) POL-017: HeatmapBlock (proper grid component)
|
Important Review skippedToo many files! This PR contains 199 files, which is 49 over the limit of 150. ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (199)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…oundary - fix(domain): buffer entire ciphertext for 'whole' scheme before decryption to maintain auth boundary - fix(infrastructure): ensure NodeCryptoAdapter.decryptBuffer uses wrapDecryptError for consistency - fix(infrastructure): return Uint8Array from NodeCompressionAdapter.decompressStream - feat(port): add supports() capability detection to CryptoPort - docs(changelog): explicitly mention JSR support removal as a breaking change - test(unit): refactor recipients test into smaller logical files - test(unit): add regression test for 'whole' scheme authentication boundary - chore: cleanup .gitignore and improve release verify error messages
Member
Author
|
PR feedback processing summary for No unresolved inline review threads or actionable top-level review comments were found. I did find and resolve validation/CI issues while processing the branch.
Validation evidence:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Prepare the v6.0.0 release branch for merge into
main.This release line includes the v6 encryption scheme simplification, the platform-neutral
Uint8Arraybyte contract, release-gate documentation cleanup, and the explicit JSR deferral because the currentjsr/Deno toolchain panics before package validation.Release Posture
npx jsr publish --dry-run --allow-dirtyis healthy again.Validation
npm run release:verify -- --skip-jsrpassed: 8/8 executable steps, 4495 observed tests, npm pack dry-run clean.npx eslint .passed.npm testpassed: 119 files, 1344 tests passed, 2 skipped.npm run upgradedry-run passed with no local vault to migrate.release/v6.0.0.Remaining Release Step
After this PR is green and merged, create and push the annotated
v6.0.0tag only with explicit operator approval.