@easonwumac/computer-linker 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/README.md +6 -3
  3. package/docs/architecture.md +3 -3
  4. package/docs/release-checklist.md +8 -5
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,29 @@ All notable changes to Computer Linker will be documented in this file.
5
5
  This project follows a small pre-1.0 changelog: breaking contract changes are
6
6
  called out even when the package version is still `0.x`.
7
7
 
8
+ ## 0.1.7 - 2026-06-27
9
+
10
+ ### Changed
11
+
12
+ - Public release audit now scans tracked and packed text files for suspicious
13
+ third-party provenance markers, including source-copy, adaptation,
14
+ snippet-site, and vendored-code references before public release.
15
+ - Public release audit now blocks retired product-name markers without keeping
16
+ that retired name in repository text.
17
+ - Release checklist now documents the provenance marker scan alongside license
18
+ and secret checks.
19
+
20
+ ## 0.1.6 - 2026-06-27
21
+
22
+ ### Changed
23
+
24
+ - The local npm release wrapper now loads `NODE_AUTH_TOKEN` from the Windows
25
+ User environment when the current shell process has not inherited it, avoiding
26
+ a false `npm whoami` 401 after saving a token with `setx` or the Windows
27
+ environment UI.
28
+ - README and release checklist now document that Windows release token
29
+ hydration behavior.
30
+
8
31
  ## 0.1.5 - 2026-06-27
9
32
 
10
33
  ### Changed
package/README.md CHANGED
@@ -491,9 +491,12 @@ release tag after a successful npm publish. After npm accepts the publish, the
491
491
  wrapper waits for registry metadata, verifies the npm dist-tag, and runs the
492
492
  published CLI from a clean temporary directory. Use `npm run release:verify` to
493
493
  repeat that post-publish check for the current `package.json` version.
494
-
495
- For a public alpha from this private dogfooding checkout, use the fresh public
496
- snapshot path:
494
+ On Windows, if `NODE_AUTH_TOKEN` is saved in the User environment but the
495
+ current shell has not picked it up yet, the release wrapper loads it only into
496
+ the current release process before running `npm whoami` or `npm publish`.
497
+
498
+ For a public alpha from this private dogfooding checkout, use the fresh public
499
+ snapshot path:
497
500
 
498
501
  ```bash
499
502
  npm run public:release-ready
package/docs/architecture.md CHANGED
@@ -5,9 +5,9 @@ architecture should serve that spec: a local computer MCP service for controlled
5
5
  file access, commands, Codex, screenshots, computer info, and audit history.
6
6
  ChatGPT-specific setup is a client helper, not the product axis.
7
7
 
8
- ## Product Name
9
-
10
- The product is named **Computer Linker**. It intentionally does not reuse DevSpace.
8
+ ## Product Name
9
+
10
+ The product is named **Computer Linker**.
11
11
 
12
12
  ## Mental Model
13
13
 
package/docs/release-checklist.md CHANGED
@@ -56,8 +56,10 @@ release tag automatically before publishing, `--otp <code>` for npm 2FA, and
56
56
  version metadata, verifies the configured npm dist-tag, and runs the published
57
57
  CLI from a clean temporary directory. `release:verify` repeats only that
58
58
  post-publish registry check for the current `package.json` version.
59
-
60
- For the one-command local alpha readiness gate, run:
59
+ On Windows, a `NODE_AUTH_TOKEN` saved in the User environment is loaded into
60
+ the release process automatically when the current shell has not inherited it.
61
+
62
+ For the one-command local alpha readiness gate, run:
61
63
 
62
64
  ```bash
63
65
  npm run alpha:check
@@ -128,9 +130,10 @@ This is the release-oriented alpha readiness gate. It requires fresh external
128
130
  MCP evidence and a dated `CHANGELOG.md` heading for the current package version,
129
131
  so it reports both final blockers in one place before `public:mirror`.
130
132
 
131
- This adds the public-release audit: packed-file inspection, tracked and
132
- non-ignored untracked file secret-shape scanning, production `npm audit`,
133
- dependency license allowlist checks, and a high-risk Git history secret scan.
133
+ This adds the public-release audit: packed-file inspection, tracked and
134
+ non-ignored untracked file secret-shape scanning, production `npm audit`,
135
+ dependency license allowlist checks, third-party provenance marker scanning,
136
+ retired product-name marker scanning, and a high-risk Git history secret scan.
134
137
 
135
138
  Before changing the current GitHub repository to public visibility while
136
139
  preserving its Git history, run the stricter one-command gate:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@easonwumac/computer-linker",
3
- "version": "0.1.5",
3
+ "version": "0.1.7",
4
4
  "description": "One computer, one permissioned MCP linker for local workspaces.",
5
5
  "type": "module",
6
6
  "main": "dist/client.js",