Follows SemVer. During 0.x.y:
0.x.y. Patch / fix / docs0.X.0. New public surface or breaking change
Releases are tagged in git as vX.Y.Z and published on the GitHub Releases page.
Beta. Ship as soon as something is ready. No fixed cadence.
- Update
CHANGELOG.md. Move[Unreleased]items into the new version section. - Bump version in
package.json(and any other version-bearing file). - Run local checks:
pnpm verify pnpm api:contract -- --base-url https://nipcode.xyz
- Commit:
git commit -m "release: vX.Y.Z" - Tag:
git tag -a vX.Y.Z -m "vX.Y.Z" - Push:
git push && git push --tags - Create a GitHub Release for the tag with the changelog excerpt as body.
- Verify deploy is live on
nipcode.xyz(Vercel auto-deploys on push).
For CLI releases (when CLI ships), release sidecars are published under site/public/releases/:
.sha256checksums.sigsignatures (cosign or minisign. TBD).sbom.jsonSBOM metadata (Syft output).provenance.jsonSLSA provenance metadata
Verification flow:
curl -fLO https://nipcode.xyz/install.sh
curl -fLO https://nipcode.xyz/install.sh.sha256
shasum -a 256 -c install.sh.sha256
bash install.shvercel rollbackOr, in git:
git revert <bad-commit>
git push- Watch
prod-monitorfor 30 minutes after a release. It pings/,/docs,/api/search,/api/decision. - Sanity-check
accountsandapi_keystables for any anomalies.