diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c8a6a1..8078b18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,24 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). --- +## [1.2.0] — 2026-05-18 + +### Changed + +- Declared npm publication readiness for `@commandlayer/runtime-core` with release metadata aligned to `dist/` exports and packaged artifacts. +- Canonical CLAS proof envelope documentation now explicitly tracks: + - `metadata.proof.canonicalization = "json.sorted_keys.v1"` + - `metadata.proof.hash.alg = "SHA-256"` + - `metadata.proof.signature.alg = "Ed25519"` (with legacy lowercase verification compatibility only) +- README installation guidance now points to npm package installs rather than GitHub git/tarball installs. + +### Notes + +- This release is a **minor bump** (1.1.0 → 1.2.0) because it preserves current public runtime behavior while formalizing release packaging and documentation for downstream consumption. +- A major bump (`2.0.0`) is not required here because no additional breaking API change is introduced beyond the already-landed 1.1.0 breaking changes. + +--- + ## [1.1.0] — 2026-05-12 ### Breaking Changes diff --git a/README.md b/README.md index 85c6248..0e76619 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,14 @@ Canonical crypto and receipt verification primitives for CommandLayer CLAS. +## Installation + +Install from npm (not GitHub tarball/git dependency): + +```bash +npm install @commandlayer/runtime-core@1.2.0 +``` + ## Canonical proof envelope (CLAS) `signCommandLayerReceipt()` writes the canonical proof envelope: diff --git a/RELEASE_CHECKLIST.md b/RELEASE_CHECKLIST.md new file mode 100644 index 0000000..8718223 --- /dev/null +++ b/RELEASE_CHECKLIST.md @@ -0,0 +1,46 @@ +# Release Checklist — @commandlayer/runtime-core + +This checklist is for preparing npm releases of `@commandlayer/runtime-core`. + +## Package metadata + +- [ ] `package.json` name is `@commandlayer/runtime-core` +- [ ] `package.json` version matches intended semver bump +- [ ] `main`, `types`, and `exports` point to `dist/` outputs +- [ ] `files` includes `dist/`, `README.md`, `LICENSE`, `CHANGELOG.md` + +## Protocol and API compatibility + +- [ ] CLAS canonicalization remains `json.sorted_keys.v1` +- [ ] Hash algorithm remains `SHA-256` +- [ ] Signature algorithm remains `Ed25519` (legacy lowercase only for compatibility in verification) +- [ ] Verification remains fail-closed for malformed/invalid proofs +- [ ] Any public API change is documented in `CHANGELOG.md` + +## Documentation + +- [ ] README install instructions use npm registry package (`npm install @commandlayer/runtime-core@`) +- [ ] README proof envelope docs match current implementation +- [ ] CHANGELOG contains release entry with migration notes when needed + +## Local release-readiness checks + +Run and verify all pass: + +- [ ] `npm install` +- [ ] `npm run build` +- [ ] `npm test` +- [ ] `npm run typecheck` +- [ ] `npm pack --dry-run` + +## Package content review + +- [ ] Tarball includes only intended publish artifacts +- [ ] Tarball excludes secrets, local env files, and irrelevant test/dev junk +- [ ] Dist output contains JS and `.d.ts` for exported entry points + +## Finalization + +- [ ] Commit release-readiness updates +- [ ] Open PR with checks/results and any publish blockers +- [ ] Do **not** publish from this checklist workflow diff --git a/package-lock.json b/package-lock.json index 92a6312..8423a96 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@commandlayer/runtime-core", - "version": "1.1.0", + "version": "1.2.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@commandlayer/runtime-core", - "version": "1.1.0", + "version": "1.2.0", "license": "Apache-2.0", "devDependencies": { "@types/node": "^20.0.0", diff --git a/package.json b/package.json index da48153..dd5e29a 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@commandlayer/runtime-core", - "version": "1.1.0", - "description": "CommandLayer protocol core — canonicalization, Ed25519 crypto, receipt signing/verification, ENS resolution", + "version": "1.2.0", + "description": "CommandLayer protocol core \u2014 canonicalization, Ed25519 crypto, receipt signing/verification, ENS resolution", "license": "Apache-2.0", "author": "CommandLayer ", "homepage": "https://commandlayer.org", @@ -85,4 +85,4 @@ "signing", "canonicalization" ] -} \ No newline at end of file +}