@nettoolskit/det 0.0.1-preview.1 → 0.0.1-preview.2

package/README.md

@@ -17,10 +17,15 @@ run with semantic grounding, traceability, safety, and measurable performance.
 It is not an agent framework and it does not own provider execution, memory
 storage, machine control, or downstream product orchestration.
 
+The primary operating model is host-controlled: Codex, Copilot, the CLI, or
+another host invokes DET for semantic planning, admission, verification, and
+traceability. Provider-mediated LLM calls are auxiliary admitted steps inside
+the DET graph, not the product's main control mode.
+
 MEVRA proposes operational meaning. Meaning Memory validates and persists
 meaning. Metacognition monitors objective, focus, uncertainty, conflict, and
 risk. Verification validates. Anti-Deception protects. The LLM verbalizes. DET
-arbitrates and executes.
+arbitrates the execution graph.
 
 ---
 
@@ -31,6 +36,7 @@ arbitrates and executes.
 - ✅ Meaning Memory integration boundaries for global, catalog, project-registry, and project-local memory layers.
 - ✅ Agent and Codegen consumption boundaries that avoid duplicating deterministic function implementations.
 - ✅ Operational `det run --task` dry-run entrypoint for governed route planning and traceability.
+- ✅ Host-controlled DET invocation model with LLM use limited to admitted auxiliary steps.
 - ✅ Harness-derived evidence, benchmark, and effectiveness contracts inside the DET workspace.
 - ✅ River-first validation model for Rust quality, package validation, and CI/CD governance.
 
@@ -79,6 +85,9 @@ and verification boundaries. It consumes `nettoolskit-agent` and
 `nettoolskit-codegen` deterministic functions without duplicating their code.
 It integrates with `nettoolskit-memory` through Meaning Memory contracts and
 keeps storage, indexing, retrieval, and persistence in Memory.
+Shared Rust abstractions come from `nettoolskit-rust` when they are product
+neutral; for example, DET runtime reference validation uses
+`nettoolskit-validation` instead of duplicating relative-path safety logic.
 
 `nettoolskit-copilot` is a product surface that can use DET and remote control
 services. DET does not depend on Copilot or Control.
@@ -137,6 +146,7 @@ Supported operator paths and release-readiness details live in
 Operational details are intentionally kept out of the root README:
 
 - Basic usage: [docs/getting-started/basic-usage.md](docs/getting-started/basic-usage.md)
+- First real use: [docs/getting-started/first-real-use.md](docs/getting-started/first-real-use.md)
 - Operational task runtime: `det run --task --json <run-task-request.json>`
 - DET home and Meaning Memory layers: [docs/det-home-memory.md](docs/det-home-memory.md)
 - Local validation and CI/CD routing: [docs/operations/local-validation.md](docs/operations/local-validation.md)
@@ -250,4 +260,7 @@ and Git.
 This project is licensed under the MIT License. See the LICENSE file at the
 repository root for details.
 
----
+---
+## Package publication
+
+Current source preview target: `@nettoolskit/det@0.0.1-preview.2`. The public npm registry may still expose `0.0.1-preview.1` until an authenticated preview publication runs. Use `npx @nettoolskit/det` for ephemeral execution or `det` or `ntk-det` after global installation. GitRiver stage `river/package` runs package dry-run validation on pull requests, and `river/release` owns mutating publication only from `main` or `v*` source refs.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nettoolskit/det",
-  "version": "0.0.1-preview.1",
+  "version": "0.0.1-preview.2",
   "description": "NetToolsKit DET command-line wrapper.",
   "license": "MIT",
   "keywords": [
@@ -27,14 +27,20 @@
     "npm/cli/det.js",
     "npm/native/",
     "npm/runtime/bootstrap.js",
+    "scripts/npm/guard-preview-publish.js",
     "scripts/npm/postinstall.js"
   ],
   "scripts": {
     "test:postinstall-integrity": "node scripts/npm/test-postinstall-integrity.js",
-    "postinstall": "node scripts/npm/postinstall.js"
+    "postinstall": "node scripts/npm/postinstall.js",
+    "pack:dry-run": "npm pack --ignore-scripts --dry-run",
+    "prepublishOnly": "node scripts/npm/guard-preview-publish.js",
+    "publish:preview": "npm publish --access public --tag preview",
+    "publish:preview:dry-run": "npm publish --dry-run --access public --tag preview"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "tag": "preview"
   },
   "engines": {
     "node": ">=18"

package/scripts/npm/guard-preview-publish.js

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+
+const packageJson = require("../../package.json");
+
+const version = packageJson.version || "";
+const tag = process.env.npm_config_tag || process.env.NPM_CONFIG_TAG || "";
+
+function fail(message) {
+  console.error(message);
+  process.exit(1);
+}
+
+if (!version.includes("-preview.")) {
+  fail(`Refusing npm publish: ${packageJson.name}@${version} is not a preview version.`);
+}
+
+if (tag !== "preview") {
+  fail("Refusing npm publish: preview packages must be published with --tag preview.");
+}