Skip to content

Add VERSIONING.md — SDK and CLI versioning policy#2

Open
pimfeltkamp wants to merge 4 commits intomainfrom
versioning-doc
Open

Add VERSIONING.md — SDK and CLI versioning policy#2
pimfeltkamp wants to merge 4 commits intomainfrom
versioning-doc

Conversation

@pimfeltkamp
Copy link
Copy Markdown

@pimfeltkamp pimfeltkamp commented Apr 24, 2026

Summary

  • Adds VERSIONING.md at the repo root as the single source of truth for how the official SDKs and CLI are versioned, released, and deprecated.
  • Updates the main README's directory listing to include openapi/ and VERSIONING.md.

What it covers

  • SemVer rules — what is / isn't public surface (classes, CLI flags, error code enum, runtime floors are in; _internal, log text, transitive deps are out).
  • Pre-release naming per ecosystem (0.3.0-alpha.1 for npm/Go/Ruby/Rust, 0.3.0a1 for PyPI).
  • 0.x policy vs 1.x policy — what breaks when, and the deprecation window (one full MAJOR before removal).
  • Tag prefix conventions per repo (sdk-v*, py-v*, bare v* for Go, rb-v*, rs-v*, cli-v*) and the tag↔manifest parity check that's already landed in every release workflow.
  • Publishing auth model (Trusted Publishing via OIDC for PyPI + RubyGems; classic tokens for npm + crates.io).
  • Security release fast-track (PATCH same-day, through GitHub Security Advisories).
  • The independence between SDK versions and the server's /v1 API — upgrading an SDK major does not imply a server-side break.

Each SDK repo's README will link here so the policy lives in one place.

Test plan

  • Render on GitHub and confirm the table layouts + anchors look right
  • Follow-up PRs on each SDK repo to add a ## Versioning link pointing at this doc

pimfeltkamp and others added 4 commits April 24, 2026 21:14
@pimfeltkamp @claude
Add VERSIONING.md — SDK and CLI versioning policy
ff24bc3 
Covers SemVer rules, pre-release naming per ecosystem, tag prefix
conventions, tag/manifest parity checks, deprecation policy, security
release fast-track, and the independence between SDK versions and the
public /v1 API. Each SDK repo's README will link here as the single
source of truth.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pimfeltkamp @claude
Add PHP SDK to VERSIONING.md
5778f8c 
The PHP SDK ships as cryptohopper/sdk on Packagist. It uses bare v* tags
(like the Go SDK) because Packagist reads Git tags directly as SemVer
and rejects prefixed tags such as php-v0.1.0-alpha.1.

Also documents the Packagist auth model (none in-repo — a GitHub webhook
pings Packagist, which pulls the tag itself).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pimfeltkamp @claude
VERSIONING.md: add Dart SDK row
7b64e2a 
Dart joins Go and PHP as the third SDK that publishes from bare v* tags,
because pub.dev (like the Go module proxy and Packagist) reads tags
directly as the SemVer version and rejects prefixed names.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pimfeltkamp @claude
VERSIONING.md: add Swift SDK row
74d9d2b 
Swift joins the bare-v*-tag group (Go, PHP, Dart, Swift) since SwiftPM
resolves dependency versions from the git tag, same way Go's module
proxy and pub.dev work.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pimfeltkamp pimfeltkamp mentioned this pull request Apr 25, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pimfeltkamp