@outcomeeng/spx 0.6.7 → 0.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -164,7 +164,7 @@ sonar auth login -o outcomeeng # opens a browser; the token is stored in the O
164
164
 
165
165
  Until then the MCP server entry is inert: it does not affect builds, tests, or validation.
166
166
 
167
- A Lefthook **pre-push** hook runs `sonar analyze --base origin/main` so SonarQube Cloud findings on the pushed changeset surface before the code leaves your machine, and a finding blocks the push. It uses the same `sonar` CLI and authentication as the MCP server above, so install the CLI and run `sonar auth login` before pushing. When the CLI is genuinely unavailable, `git push --no-verify` skips the hook.
167
+ The local static-analysis gate is `pnpm run validate`, which includes the ESLint mirror of SonarQube findings. SonarQube Cloud automatic analysis still runs server-side on pushes and pull requests. Contributors with SonarQube Cloud plan access for local CLI analysis can set `SPX_SONAR_CLI_ANALYZE=1`; the Lefthook **pre-push** hook then runs `sonar analyze --base origin/main` and blocks the push on findings.
168
168
 
169
169
  ## CI/CD
170
170
 
@@ -194,6 +194,23 @@ npm view @outcomeeng/spx version
194
194
  npm audit signatures
195
195
  ```
196
196
 
197
+ 8. Refresh the operator-visible CLI from the release tag in the main worktree
198
+ and confirm it reports the released version:
199
+
200
+ ```bash
201
+ git fetch --tags origin
202
+ git switch --detach vX.Y.Z
203
+ pnpm run build
204
+ spx --version
205
+ git switch main
206
+ git pull --ff-only origin main
207
+ ```
208
+
209
+ Do not refresh the CLI with `pnpm install`, global `pnpm add -g`, or package
210
+ manager update commands during release close-out. The operator-visible binary
211
+ comes from the release tag after the main worktree checks out that tag and
212
+ rebuilds it; return the worktree to current main after the version check.
213
+
197
214
  ## Technical Stack
198
215
 
199
216
  - TypeScript — type-safe implementation (ESM)