release: v0.19.0 — plans-tree audit

imanimanyara · imanimanyara · commit a0fbcc1067ca · 2026-05-16T04:45:13.000-04:00
Finalize the two [Unreleased] entries (future-additions.md +
shipping-audit.md) into a tagged release. Doc-only.

The two plans docs were already pushed to main as chores
yesterday and earlier today; v0.19.0 doesn't change their
content. What it adds:

1. A release-notes entry pointing at where the plans-tree
   audit lives.
2. A bump of the version so external consumers of the JSON
   schema / wheel see the latest tagged release reflects the
   complete-as-of-now state.
3. A CHANGELOG section heading promoting [Unreleased] →
   [0.19.0], which is what the release.yml guard job checks.

The audit's key finding, in section J of shipping-audit.md:

  Bucket                                  Count   Status
  Migration W-items                       9       shipped
  Defer-list items                        4 + 1   shipped/rejected
  Validation-report TODOs                 5       shipped
  Cleanup deferrals                       2       shipped
  Shipping-checklist (in-code)            all     shipped
  Shipping-checklist (user-action)        2       PENDING (user)
  Shipping-checklist (optional)           3       available
  Permanent skips                         16      documented
  Future additions                        14      captured

The plans tree is drained. No documented intent is silently
orphaned — every item is in one of: shipped, pending-on-user,
permanently-rejected, or future-additions.

Gates: pytest 1130 passed, ruff clean, mypy strict clean.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [0.19.0] — 2026-05-16
+
 ### Added
 
 - `docs/plans/future-additions.md` — captures the naturally-
@@ -32,6 +34,16 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 Both files linked from docs/README.md Development section.
 
+### Notes
+
+Doc-only release. No source-code changes. The two plans docs were
+already pushed to `main` as chores ahead of this release; v0.19.0
+tags the existing tree and ships a release-notes entry so the
+docs index has a clear "this is the version where the audit
+landed" pointer.
+
+Gates: pytest 1130 passed, ruff clean, mypy strict clean.
+
 ## [0.18.0] — 2026-05-16
 
 ### Changed
diff --git a/docs/README.md b/docs/README.md
@@ -108,6 +108,9 @@ Top-level utilities (not tools):
 
 Per-version, user-facing summaries (newest first):
 
+- **[`v0.19.0`](release-notes/v0.19.0.md)** — plans-tree audit.
+  Two new plans docs: `future-additions.md` (no-demand items) +
+  `shipping-audit.md` (comprehensive shipped-vs-pending walk).
 - **[`v0.18.0`](release-notes/v0.18.0.md)** — doc-sync pass.
   README + architecture + onboarding + cron tool doc + JSON schema
   brought current with v0.17.0 reality.
diff --git a/docs/release-notes/v0.19.0.md b/docs/release-notes/v0.19.0.md
@@ -0,0 +1,129 @@
+# shimkit 0.19.0
+
+Plans tree drained. Two new plans-docs land in `docs/plans/`. No
+source-code changes.
+
+For the full machine-readable changelog, see
+[`CHANGELOG.md`](../../CHANGELOG.md).
+
+---
+
+## TL;DR
+
+```
+docs/plans/future-additions.md     items with concrete patterns, no demand
+docs/plans/shipping-audit.md       what shipped vs what's pending
+```
+
+Together they answer the question "is there anything in any plan,
+design spec, or doc that's silently orphaned?" — and the answer
+is **no**.
+
+---
+
+## What got documented
+
+### `future-additions.md`
+
+Items with a clear pattern + LOC estimate but **no current user
+demand**. Graduation rule: "someone is asking for it" — not "it
+would be nice to have."
+
+- More TLS DNS-01 providers (DigitalOcean, Hurricane Electric,
+  Google Cloud DNS, Linode, OVH).
+- More framework recipes (Rails, Next.js, Flask).
+- More db engines (valkey, elasticsearch, opensearch, kafka,
+  minio, clickhouse).
+- `--on-host` for `stack lemp` — explicitly **rejected** with
+  rationale: stack is intrinsically multi-container; the v0.9.0
+  `db --on-host` covers the "local db without Docker" need
+  without inheriting the recipe's coupling complexity.
+
+### `shipping-audit.md`
+
+Comprehensive walk through every plan / design spec / doc in the
+repo. Ten sections covering:
+
+| Section | Bucket | Count |
+|---------|--------|-------|
+| A | Migration W1-W9 | 9/9 shipped |
+| B | feature-gap-analysis defer list | 4 shipped + 1 rejected |
+| C | validation-report TODOs | all closed out |
+| D | cleanup-2026-05-14 deferrals | 2 shipped (v0.10 / v0.12) |
+| E | shipping-checklist | all in-code shipped |
+| F | Permanent skips | 16 documented with rationale |
+| G | **User-side actions still pending** | 2 |
+| H | Future additions | cross-ref |
+| I | Chronological release list | 13 releases this session |
+| J | Audit conclusion | "the plans tree is drained" |
+
+---
+
+## Section G — the only items still genuinely outstanding
+
+These are **not** deferrals. shimkit's code is ready; the
+**human** isn't.
+
+### G.1 — PyPI trusted-publisher config (~10 min)
+
+The `publish-pypi` job has failed on v0.11.0 through v0.18.0
+because the user-side trusted-publisher config isn't done yet.
+The wheel + sdist are live on the GitHub Release page for every
+version; PyPI is empty.
+
+To fix (see shipping-audit.md G.1 for full step-by-step):
+
+1. PyPI → <https://pypi.org/manage/account/publishing/> → add
+   pending publisher with `simtabi` / `shimkit` / `release.yml`
+   / Environment `pypi`.
+2. GitHub → Settings → Environments → "New environment" named
+   `pypi`.
+3. Re-run failed jobs:
+
+   ```bash
+   gh run list --workflow=release.yml | grep failure
+   # for each failed run id:
+   gh run rerun <run-id> --failed
+   ```
+
+   That backfills PyPI with the 10+ tags' wheels in ~5 minutes.
+
+### G.2 — Branch protection on `main` (~3 min)
+
+Settings → Branches → Add rule for `main` requiring the named
+status checks (`test (matrix cells)`, `security`, `build`,
+`smoke`).
+
+---
+
+## Why ship the docs as their own release
+
+The two plans docs were already pushed to `main` as chores
+yesterday. Tagging v0.19.0 today doesn't change the docs
+themselves — it gives the docs-index release-notes table a clear
+"this is the version where the plans-tree audit landed" pointer.
+
+The next maintainer (or future me) reading the GitHub Release
+page can see "v0.19.0 — plans-tree audit" and know exactly where
+the durable record of what's done / what's pending / what's
+rejected lives.
+
+---
+
+## Stats
+
+- Tests: 1130 (unchanged)
+- Source LOC: 0 changed
+- Doc LOC: ~500 added (across the two plans docs)
+- Gates: pytest, ruff, mypy strict — all green
+
+---
+
+## Upgrading
+
+```bash
+uv tool upgrade shimkit
+pipx upgrade shimkit
+```
+
+No behavioural changes.
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "shimkit"
-version = "0.18.0"
+version = "0.19.0"
 description = "A toolkit of developer utilities — Java version manager, shell upgrader, and more. Python tools, shimmed by bash."
 readme = "README.md"
 license = { file = "LICENSE" }
diff --git a/src/shimkit/__init__.py b/src/shimkit/__init__.py
@@ -3,5 +3,5 @@
 Python tools, shimmed by bash.
 """
 
-__version__ = "0.18.0"
+__version__ = "0.19.0"
 __all__ = ["__version__"]
