This checklist records the completed 0.1.0-beta.1 prerelease gate and defines the repeatable evidence procedure for the next release-candidate or stable promotion review.
Readiness verification is separate from any future stable release, npm latest dist-tag promotion, marketplace publication, or GitHub Action stable-ref promotion.
Before any future tag is pushed, confirm the intended package versions, dist-tags, package contents, and npm token availability. Prerelease packages must publish under an explicit prerelease npm dist-tag (beta for beta versions, rc for release candidates), never latest.
- Root CLI package:
@codeagora/review, including thecodeagoraandagorabinaries. - MCP package:
@codeagora/mcp, including thecodeagora-mcpbinary and package-local onboarding. - GitHub Action: repo-native composite Action backed by
dist/action.js. - Desktop private preview:
@codeagora/desktopTauri app evidence only. It is not a stable public desktop support claim.
- Confirm package version consistency between release notes, root
package.json, supported workspace package manifests, andpackages/mcp/package.json; note desktop private-preview metadata separately if touched. - Run
pnpm typecheck. - Run
pnpm test --no-file-parallelism. - Run
pnpm build. - Run
pnpm bench:cito validate deterministic benchmark schema/reference gates without live providers. - Run
pnpm release:beta-smoketo validate local package and Action smoke behavior without publishing. - Run root package pack dry-run and confirm runtime files for
codeagora/agoraare included while tests,.env,bench-out*, and.sisyphus/evidenceare excluded. - Run
pnpm --filter @codeagora/mcp pack --dry-runand confirmdist/index.js,package.json, andREADME.mdare included while tests and secrets are excluded. - Run the GitHub Action smoke path through
pnpm build:actionand the release smoke script. - Confirm
.github/workflows/release.ymlcomputes the expected prerelease publish tag and runs npm publish with--tag betafor beta versions and--tag rcfor release candidates. - Confirm
.github/workflows/npm-dist-tags.ymloffersbetaandrc, and blocks assigning prerelease versions tolatest. - Review README, CLI docs, MCP onboarding,
.env.example, and Action docs for current install and secret requirements, includingbssm-oss/CodeAgora@v0.1.0-rc.3for RC Action examples rather than legacy@v2or stable-looking refs. - Confirm release workflow publish jobs require the
npm-publishenvironment, npm provenance, npm version preflight, and uploaded release evidence artifacts. - Open the PR and verify remote checks: CI Node 20/22, CodeAgora review or documented provider-only skip, and PR size label.
- Confirm P6 beta readiness only after P4 deterministic benchmark gates and P5 security abuse gates pass.
- For any RC after
0.1.0-beta.1, runpnpm rc:desktop-gateand attach.sisyphus/evidence/desktop-evidence-manifest.jsonbefore RC handoff.
For 0.1.0-beta.1, 0.1.0-beta.2, 0.1.0-rc.0, 0.1.0-rc.1, and 0.1.0-rc.2, the tags, prerelease GitHub Releases, and npm prerelease dist-tag publications are complete. For 0.1.0-rc.3, keep stable promotion blocked until the rc.4 false-positive/noise blockers from the real-repo baseline are resolved.
Current RC handoff status: on 2026-05-14, the 0.1.0-rc.3 real-repository
baseline completed with blockers recorded in docs/rc-evidence/rc3-real-repo-qa.md.
Stable promotion remains blocked; tag creation, GitHub Release creation, and npm
publication require the release gates below to pass for the rc.3 metadata commit.
The planned rc.3 through rc.8 validation sequence is tracked in
docs/archived/RC3_TO_RC8_PRERELEASE_ROADMAP.md.
Capture command output under .sisyphus/evidence/ for typecheck, test, build, bench:ci, release:beta-smoke, root package dry-run, MCP package dry-run, release-safety tests, and security regression tests.
Use the following stable filenames for locally captured release-candidate evidence:
| Evidence | Filename | Command |
|---|---|---|
| Typecheck | typecheck.log |
pnpm typecheck |
| Lint | lint.log |
pnpm lint |
| Build | build.log |
pnpm build |
| Full deterministic tests | test.log |
pnpm test --no-file-parallelism |
| Cross-surface parity | cross-surface-parity.log |
pnpm vitest run src/tests/cross-surface-parity.test.ts |
| Deterministic benchmark gate | bench-ci.log |
pnpm bench:ci |
| Beta package and Action smoke | beta-smoke.log |
pnpm release:beta-smoke |
| Root package dry-run | package-root-dry-run.log |
pnpm pack --dry-run |
| MCP package dry-run | package-mcp-dry-run.log |
pnpm --filter @codeagora/mcp pack --dry-run |
| Action smoke bundle | action-smoke.log |
pnpm build:action && pnpm release:beta-smoke |
| MCP smoke | mcp-smoke.log |
covered by pnpm release:beta-smoke |
| Desktop RC UI/package gate | desktop-gate.log |
pnpm rc:desktop-gate |
| Desktop evidence manifest | desktop-evidence-manifest.json |
pnpm desktop:evidence |
| Desktop RC distribution evidence | desktop-rc-distribution-evidence.json |
capture after signed/notarized/stapled macOS arm64 RC artifacts exist |
| Desktop RC distribution gate | desktop-rc-distribution-gate.log |
pnpm rc:desktop-distribution-gate |
| Security regression gate | security-regression.log |
pnpm test:security |
| Live benchmark report | live-benchmark-report.md |
pnpm bench:fn:run with provider credentials or GitHub Models |
| Live GitHub Action PR smoke | live-github-action-pr-smoke.md |
pnpm evidence:github-action-pr-smoke from a real pull_request workflow context plus degraded-path evidence |
| Evidence manifest | evidence-manifest.json |
generated or filled during release prep |
cross-surface-parity.log must show the deterministic CLI/MCP/GitHub Action parity fixture passing. beta-smoke.log remains the provider-free packed CLI/MCP/Action runtime smoke.
desktop-gate.log must show desktop typecheck, desktop smoke, Tauri check,
backend app E2E, macOS WebDriver E2E on macOS preview hardware, desktop evidence
generation, and bundle smoke passing. desktop-rc-distribution-gate.log is
separate and is required only for official macOS arm64 Desktop RC distribution:
it validates X.Y.Z-rc.N versions, Developer ID signature, notarization,
stapled tickets, updater .sig, and same-line latest-X.Y-rc.json; the
release workflow also verifies the actual versioned prerelease and
desktop-X.Y-rc updater-channel asset lists after upload. Stable Desktop distribution and stable updater channels
remain out of scope.
Generate the RC manifest after the logs are captured:
pnpm evidence:manifest -- --require=rcSee docs/archived/RELEASE_EVIDENCE.md for the skipped/live-only register and stricter
--require=rc / --require=stable promotion checks.