release(v4.0.0): Shade GA — V3.x consolidation + audit prep

V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
parent 8b055912b7
commit e6fdf31b49
298 changed files with 37909 additions and 256 deletions
--- a/scripts/publish-all.ts
+++ b/scripts/publish-all.ts
@@ -1,36 +1,47 @@
 #!/usr/bin/env bun
 /**
- * Publish all @shade/* packages to the Gitea npm registry.
+ * Headless publisher for all `@shade/*` packages.
 *
- * Expects these env vars:
+ * Use `scripts/publish-shade.sh` for the interactive human flow (token
+ * prompt, conflict detection, version bump-on-conflict). This script is
+ * the env-driven variant — designed for `DRY_RUN=1` smoke tests, CI
+ * pipelines, and any context where prompts are not appropriate.
+ *
+ * Required env (when not DRY_RUN):
 *   GITEA_TOKEN  — publish token from Gitea (Settings → Applications)
- *   GITEA_USER   — Gitea username that owns the registry (e.g. "Stian")
+ *   GITEA_USER   — Gitea username that owns the registry (default: Stian)
 *
 * Optional:
- *   DRY_RUN=1    — build tarballs but don't publish
- *
- * Usage:
- *   bun run scripts/publish-all.ts
+ *   DRY_RUN=1    — pack tarballs but do not publish (no token required)
 */
 import { readFileSync, writeFileSync, existsSync } from 'fs';
 import { join } from 'path';
 import { $ } from 'bun';

-// Order matters: each package only depends on packages above it. Publishing
-// in this order means a consumer fetching mid-publish never sees a manifest
-// pointing at an unpublished version.
+// Order matters: each package only depends on packages above it.
+// Mirrors the PACKAGES list in scripts/publish-shade.sh.
 const PACKAGES = [
  'shade-core',
  'shade-proto',
  'shade-crypto-web',
+  'shade-observability',
+  'shade-keychain',
+  'shade-key-transparency',
  'shade-storage-sqlite',
  'shade-storage-postgres',
+  'shade-storage-encrypted',
  'shade-streams',
  'shade-transport',
+  'shade-transport-bridge',
+  'shade-transport-webrtc',
  'shade-server',
+  'shade-inbox-server',
+  'shade-inbox',
  'shade-transfer',
  'shade-files',
+  'shade-recovery',
  'shade-observer',
+  'shade-dashboard',
  'shade-sdk',
  'shade-widgets',
  'shade-cli',
@@ -54,7 +65,6 @@ async function main() {
  console.log(`Dry run: ${dryRun ? 'yes' : 'no'}`);
  console.log();

-  // Write a temporary .npmrc at the root
  const npmrcPath = join(ROOT, '.npmrc.publish');
  const npmrc = [
    `@shade:registry=${registryUrl}`,
@@ -62,11 +72,6 @@ async function main() {
  ].filter(Boolean).join('\n');
  writeFileSync(npmrcPath, npmrc);

-  // Build a name → version map across all workspace packages so we can rewrite
-  // `workspace:*` (and friends) into concrete `^<version>` specifiers before
-  // publishing. Without this, the registry stores the literal `workspace:*`
-  // string in published package.json, which then fails to resolve in any
-  // consumer (e.g. Dispatch) outside the Shade monorepo.
  const versionByName = new Map<string, string>();
  for (const pkg of PACKAGES) {
    const pkgDir = join(ROOT, 'packages', pkg);
@@ -108,9 +113,6 @@ async function main() {
      const out = `${err instanceof Error ? err.message : String(err)} ${
        (err as { stderr?: { toString(): string } }).stderr?.toString() ?? ''
      } ${(err as { stdout?: { toString(): string } }).stdout?.toString() ?? ''}`;
-      // Gitea (and npm) report already-published versions as 409 / EPUBLISHCONFLICT.
-      // Skip silently rather than failing the whole run — bumping the version
-      // is the user's explicit decision via `bun run version <new>`.
      if (/409|EPUBLISHCONFLICT|already exists|already been published/i.test(out)) {
        alreadyPublished++;
        console.log(`  ⊙ already published — skipping`);
@@ -120,13 +122,10 @@ async function main() {
        process.exitCode = 1;
      }
    } finally {
-      // Always restore the original package.json so the workspace stays usable
-      // for `bun install` after publish, regardless of success or failure.
      writeFileSync(pkgJsonPath, originalPkgJson);
    }
  }

-  // Clean up temp npmrc
  try {
    await $`rm ${npmrcPath}`.quiet();
  } catch {}
@@ -137,11 +136,6 @@ async function main() {
  );
 }

-/**
- * Rewrite `workspace:*` (and `workspace:^`, `workspace:~`, `workspace:<v>`)
- * specifiers in dependency sections to concrete `^<version>` specifiers.
- * Mutates the passed-in object.
- */
 function rewriteWorkspaceSpecs(
  pkgJson: Record<string, unknown>,
  versionByName: Map<string, string>,