release: v0.0.15 (onboarding guidance + PATH-warning fixes)#45
Conversation
… PATH warning) Ships PR #44 in the binary: stdin='ignore' so the piped install script's Get-started guidance is no longer eaten; false 'another insta on PATH' warning suppressed for our own symlink; '(~20s)' label dropped. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GMbAe5K1RfwaAcge5inX7P
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
jwfing
left a comment
There was a problem hiding this comment.
Review: release v0.0.15
Summary: Clean, minimal release PR — a single patch version bump 0.0.14 → 0.0.15 in package.json to ship #44; correct and complete.
Requirements context
No docs/superpowers/ or docs/specs/ directory exists at this commit, so no matching spec/plan was found — assessing against the PR description alone. Intent (per body): bump to v0.0.15 so the #44 onboarding/PATH-warning fixes ship in the binary + npm, with the v0.0.15 tag triggering the release pipeline. Verified the PR's base commit (94901fc) is the #44 fix, so the release genuinely includes it.
Findings
Critical
(none)
Suggestion
(none)
Information
- Software engineering —
package.json:3is the only change. No test/spec impact:.github/workflows/ci.ymlgates arenpm ci+tsc --noEmit+vitest run, none of which are exercised by a version-string change. The PR follows the established release-PR convention (cf.release: v0.0.14 (#43)), andv0.0.14 → v0.0.15is an appropriate patch bump for bug fixes. - Functionality — The bump is necessary, not cosmetic:
npm publish(release.yml:121) derives the published version frompackage.json, so without it the pipeline would attempt to republish0.0.14and fail. The binary version is injected separately from the tag (INSTA_CLI_VERSIONvia--define, release.yml:47), and grep found no other0.0.14references insrc/,install.sh, or docs — sopackage.jsonis the sole source of truth that needed updating. Thev*tag trigger (release.yml:7) matches the "tag after merge" plan in the PR body. - Functionality (lockfile) —
package-lock.jsonis not touched; its rootversionremains the placeholder"0.0.0". This is intentional and safe:npm ci(release.yml:119 and ci.yml) does not validate the root project's own version field, only dependency sync — and the lockfile has held"0.0.0"across the 0.0.12–0.0.14 releases that all published successfully through this identical flow. No action needed.
Security — No security-relevant changes (no new input paths, dependencies, secrets, or auth logic).
Performance — No performance-relevant changes.
Verdict
approved — no Critical findings. Correct, in-scope release bump. (Informational; explicit GitHub approval remains a separate human action.)
jwfing
left a comment
There was a problem hiding this comment.
Review: release v0.0.15
Summary: Single-line version bump (0.0.14 → 0.0.15) in package.json to cut the release that ships #44; the change is correct, matches the title, and follows the established one-release-PR-per-version pattern.
Requirements context
No docs/superpowers/ or docs/specs/ directory exists in this repo (no docs/ at all) — no matching spec/plan found, so assessed against the PR description alone plus the version-release conventions. Per those conventions this PR is exactly the expected step: bump version in package.json, merge to main, then tag v0.0.15 to trigger the release pipeline.
Verified intent:
package.json:3→"version": "0.0.15"— matches the PR title. Patch bump is appropriate for onboarding-guidance + PATH-warning fixes.- The PR claims to ship #44. Confirmed: #44 (
fix(onboarding): stop skill-install from eating the piped install script; drop false PATH warning— commit94901fc) is the base commit of this branch, so the release genuinely includes it. ✅
Findings
Critical
(none)
Suggestion
- Software engineering —
package-lock.json:3,9: the lockfile's rootversionis still0.0.0and does not trackpackage.json. This is pre-existing (it was0.0.0for v0.0.12/0.0.13/0.0.14 too) and non-blocking —npm ciruns in bothci.ymland thepublish-npmjob (.github/workflows/release.yml:119) and has tolerated the mismatch across every prior release, becausenpm civalidates the dependency tree, not the root project version. Worth cleaning up eventually by bumping vianpm version 0.0.15(updates both files) rather than hand-editingpackage.json, so tooling that reads the lockfile version stays accurate.
Information
- Functionality — Version provenance is split by design and both resolve to
0.0.15as long as the tag is exactlyv0.0.15: the built binary's version comes from the tag via--define process.env.INSTA_CLI_VERSION(release.yml:47), while the npm package version comes frompackage.json. Just a reminder for the release operator to tagv0.0.15(not a code issue). - Security — No security-relevant changes; the diff is a single version-string literal. No new inputs, dependencies, secrets, or auth changes.
- Performance — No performance-relevant changes.
Verdict
approved (informational — human still approves via the GitHub approve flow). No Critical findings; the one Suggestion is a pre-existing, non-blocking lockfile hygiene note. The version bump is correct and the release correctly ships #44.
Bumps to v0.0.15 to ship #44 in the binary + npm. Tag
v0.0.15after merge triggers the release pipeline.🤖 Generated with Claude Code
https://claude.ai/code/session_01GMbAe5K1RfwaAcge5inX7P
Summary by cubic
Release
instav0.0.15 to improve the curl|sh onboarding flow and clean up PATH detection. Users now see the get-started guidance, and noisy warnings are gone.Written for commit 759dbd9. Summary will update on new commits.