@palettelab/cli 0.3.47 → 0.3.48

package/README.md

@@ -678,9 +678,10 @@ Run local contract checks before publishing.
 ```bash
 pltt test
 pltt test --json
+pltt test --publish-type preview
 ```
 
-Checks include manifest validity, SDK/platform compatibility, semver bump detection, forbidden platform imports, frontend bundling and size limits, sandbox bridge smoke, backend dependency installation/import, route permission gates, route permission declarations, migration linting, frontend sandbox policy, and dependency policy for `package.json` / `pyproject.toml`. The default frontend and backend bundle limits are 15 MiB; set `PALETTE_MAX_FRONTEND_BUNDLE_BYTES` or `PALETTE_MAX_BACKEND_BUNDLE_BYTES` for reviewed exceptions.
+Checks include manifest validity, SDK/platform compatibility, release semver bump detection, forbidden platform imports, frontend bundling and size limits, sandbox bridge smoke, backend dependency installation/import, route permission gates, route permission declarations, migration linting, frontend sandbox policy, and dependency policy for `package.json` / `pyproject.toml`. The semver bump check is skipped for `--publish-type preview` because hosted previews may reuse the current app version. The default frontend and backend bundle limits are 15 MiB; set `PALETTE_MAX_FRONTEND_BUNDLE_BYTES` or `PALETTE_MAX_BACKEND_BUNDLE_BYTES` for reviewed exceptions.
 
 ### `pltt package`
 
@@ -706,7 +707,7 @@ pltt publish --env staging --json
 pltt publish --env staging --ttl-hours 24
 ```
 
-Publishing first runs the same contract checks as `pltt test`. If preflight passes, it bundles frontend/backend artifacts, uploads them, creates a `pending_review` publish record, and prints review/preview URLs when the platform returns them.
+Publishing first runs the same contract checks as `pltt test`. Preview publishes skip the release semver bump check, while release publishes still require a version newer than the last release. If preflight passes, it bundles frontend/backend artifacts, uploads them, creates a review record, and prints review/preview URLs when the platform returns them.
 
 `--ttl-hours` sets an expiration on the preview URL. It is mainly used by `pltt dev --sandbox`, which defaults previews to 24 hours.
 

package/lib/commands/publish.js

@@ -138,9 +138,9 @@ function printPreflightFailure(payload, fallbackOutput) {
   console.error("[pltt] Need machine-readable details? Run `pltt test --json`.")
 }
 
-function runPreflight(cwd, json) {
+function runPreflight(cwd, json, publishType = "release") {
   const cliBin = path.resolve(__dirname, "..", "..", "bin", "pltt.js")
-  const res = spawnSync(process.execPath, [cliBin, "test", "--json"], {
+  const res = spawnSync(process.execPath, [cliBin, "test", "--json", "--publish-type", publishType], {
     cwd,
     encoding: "utf8",
     env: process.env,
@@ -296,7 +296,7 @@ async function run(argv, { cwd }) {
     process.exit(1)
   }
 
-  runPreflight(cwd, flags.json)
+  runPreflight(cwd, flags.json, publishType)
 
   log(
     `[pltt] publishing ${manifest.id}@${manifest.version} → ${env.name} (${env.url})`,
@@ -368,28 +368,28 @@ async function run(argv, { cwd }) {
     method: "POST",
     body: publishBody,
   })
+  const lastPublish = {
+    id: record.id,
+    plugin_id: record.plugin_id,
+    version: record.version,
+    env: env.name,
+    url: env.url,
+    publish_type: record.publish_type || publishType,
+    preview_url: record.preview_url,
+    preview_expires_at: record.preview_expires_at,
+    published_at: new Date().toISOString(),
+  }
 
   try {
     const dir = path.join(cwd, ".palette")
     fs.mkdirSync(dir, { recursive: true })
     fs.writeFileSync(
       path.join(dir, "last-publish.json"),
-      JSON.stringify(
-        {
-          id: record.id,
-          plugin_id: record.plugin_id,
-          version: record.version,
-          env: env.name,
-          url: env.url,
-          publish_type: record.publish_type || publishType,
-          preview_url: record.preview_url,
-          preview_expires_at: record.preview_expires_at,
-          published_at: new Date().toISOString(),
-        },
-        null,
-        2,
-      ),
+      JSON.stringify(lastPublish, null, 2),
     )
+    if ((record.publish_type || publishType) === "release") {
+      fs.writeFileSync(path.join(dir, "last-release.json"), JSON.stringify(lastPublish, null, 2))
+    }
   } catch (err) {
     // best-effort
   }

package/lib/commands/test.js

@@ -554,17 +554,51 @@ function scanForbiddenImports(cwd, manifest, out) {
   return issues.length
 }
 
-function checkSemverBump(cwd, manifest, out) {
-  const statePath = path.join(cwd, ".palette", "last-publish.json")
+function parsePublishType(argv) {
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = argv[i]
+    if (arg === "--preview") return "preview"
+    if (arg === "--release") return "release"
+    if (arg === "--publish-type") return argv[i + 1] === "preview" ? "preview" : "release"
+    if (arg.startsWith("--publish-type=")) {
+      return arg.slice("--publish-type=".length) === "preview" ? "preview" : "release"
+    }
+  }
+  return "release"
+}
+
+function readPublishState(statePath) {
   if (!fs.existsSync(statePath)) {
-    out.ok("semver bump check skipped; no previous publish state")
-    return 0
+    return { state: null, invalid: false }
   }
-  let previous
   try {
-    previous = JSON.parse(fs.readFileSync(statePath, "utf8"))
+    return { state: JSON.parse(fs.readFileSync(statePath, "utf8")), invalid: false }
   } catch (_err) {
-    out.warn("semver bump check skipped; .palette/last-publish.json is invalid JSON")
+    return { state: null, invalid: true }
+  }
+}
+
+function checkSemverBump(cwd, manifest, out, publishType = "release") {
+  if (publishType === "preview") {
+    out.ok("semver bump check skipped for preview publish")
+    return 0
+  }
+
+  const releaseStatePath = path.join(cwd, ".palette", "last-release.json")
+  const publishStatePath = path.join(cwd, ".palette", "last-publish.json")
+  let { state: previous, invalid } = readPublishState(releaseStatePath)
+  if (!previous && !invalid) {
+    const lastPublish = readPublishState(publishStatePath)
+    invalid = lastPublish.invalid
+    if (lastPublish.state?.publish_type !== "preview") previous = lastPublish.state
+  }
+
+  if (!previous && !invalid) {
+    out.ok("semver bump check skipped; no previous release state")
+    return 0
+  }
+  if (invalid) {
+    out.warn("semver bump check skipped; previous publish state is invalid JSON")
     return 0
   }
   const previousVersion = previous.version || previous.manifest?.version
@@ -574,7 +608,7 @@ function checkSemverBump(cwd, manifest, out) {
   }
   if (compareVersions(manifest.version, previousVersion) <= 0) {
     return out.fail(
-      `plugin version ${manifest.version} is not newer than last publish ${previousVersion}`,
+      `plugin version ${manifest.version} is not newer than last release ${previousVersion}`,
       "Bump manifest.version before publishing another build.",
       { current: manifest.version, previous: previousVersion },
     )
@@ -683,6 +717,7 @@ function checkFrontendSecretLeaks(cwd, frontendBuffer, manifest, out) {
 
 async function run(args, { cwd }) {
   const json = args.includes("--json")
+  const publishType = parsePublishType(args)
   let failures = 0
   const results = []
   const out = reporter(json, results)
@@ -709,7 +744,7 @@ async function run(args, { cwd }) {
 
   failures += checkSdkCompatibility(cwd, manifest, out)
   failures += scanForbiddenImports(cwd, manifest, out)
-  failures += checkSemverBump(cwd, manifest, out)
+  failures += checkSemverBump(cwd, manifest, out, publishType)
   failures += checkDeclaredSecrets(cwd, manifest, out)
 
   for (const permission of manifest.permissions || []) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@palettelab/cli",
-  "version": "0.3.47",
+  "version": "0.3.48",
   "description": "Developer CLI for building Palette platform plugins — no platform source access required.",
   "bin": {
     "pltt": "bin/pltt.js"