release: v0.0.16 (project create never prompts)#47
Conversation
Ships PR #46: insta project create auto-generates a friendly name instead of hanging on an interactive prompt. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GMbAe5K1RfwaAcge5inX7P
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
jwfing
left a comment
There was a problem hiding this comment.
Review — release: v0.0.16
Summary: A one-line, version-only bump (package.json 0.0.15 → 0.0.16) to cut a release that ships #46; the change is correct and matches the repo's established release convention.
Requirements context
No matching spec/plan found under a docs/ spec directory — release PRs are process changes, not feature work, so this is assessed against the PR description, the version-release conventions, and the repo's prior release history (#45, #43, #39, #36 follow the identical release: vX.Y.Z (summary) + single-line package.json bump pattern).
Findings
Critical — (none)
Suggestion — (none)
Information
- Software engineering: No tests/code accompany the diff, which is correct for a pure version bump — nothing behavioral changed. Title/shape match the prior release PRs exactly. ✅
- Functionality: Semver is appropriate — v0.0.16 is a patch bump shipping the bugfix #46 (
fix(project create): never block on a name prompt). Verified #46 is actually onmain: the PR base SHAdfd013ais the #46 fix commit, so the release genuinely contains what it claims to ship. - Functionality (release-time note, not a code issue): Per the release flow, before tagging please confirm
v0.0.16doesn't already exist on GitHub — a tag push triggersrelease.yml(GitHub Release +npm publish --provenance), and a published npm version can't be cleanly unpublished. Thepublish-npmjob runsnpm cithennpm publish;prepublishOnly: npm run buildcompilesdist/first, so the tarball will contain the built CLI. No action needed in this PR. - Software engineering (informational):
package-lock.jsonstill records"version": "0.0.0"(both root andpackages[""]) and was not bumped here. This is consistent with every prior release — the lockfile's root version has never been maintained,npm civalidates the dependency tree rather than the rootversionfield, andnpm publishuses thepackage.jsonversion. Not a blocker; if you ever want the lockfile to reflect reality,npm version --no-git-tag-versionwould keep both in sync, but that's a separate cleanup. - Security: No security-relevant changes — no code, no dependency changes, no secrets in the diff. The release workflow's publish credentials are unchanged.
- Performance: No runtime code changed — N/A.
Verdict
approved — no Critical findings. This is a straightforward, correctly-scoped release bump. (Posted as a comment; explicit GitHub approval remains a human action.)
jwfing
left a comment
There was a problem hiding this comment.
Review: release v0.0.16
Summary: A single-line package.json version bump (0.0.15 → 0.0.16) to ship #46; matches the established release convention exactly.
Requirements context
No /docs/superpowers/ (or docs/specs/) directory exists in this repo — no spec/plan to match, so this is assessed against the PR description, the version-release conventions, and the git history. Intent per PR body: "Bumps to v0.0.16 to ship #46. Tag after merge triggers the release pipeline."
Findings
Critical — (none)
Suggestion — (none)
Information
- Software engineering / convention:
package.json:3bumps0.0.15 → 0.0.16. This is the correct monotonic semver increment and follows the repo's release pattern precisely — the two immediately prior release PRs (v0.0.15398c5e4, v0.0.14715fe33) each touched onlypackage.json, exactly as this one does. Commit-message format (release: v0.0.16 (...)) also matches. - Functionality: The fix being shipped, #46 (
dfd013a fix(project create): never block on a name prompt), is already merged and is in fact this PR's base commit — so the version being released genuinely contains it. Tagv0.0.16does not yet exist (existing tags stop atv0.0.15), so the post-merge tag/release will not collide (idempotency check inversion-releasewill pass). Per.github/workflows/release.yml, the pushed tag drives the Bun binary build, theINSTA_CLI_VERSIONdefine, and the OIDCnpm publish— bumpingpackage.jsonbefore tagging is required and correctly ordered here. - Release hygiene (pre-existing, non-blocking):
package-lock.jsonis a stale placeholder — its root isname: "insta-cli",version: "0.0.0"and it does not track the real package version at all. This is not introduced by this PR (it was already this way through v0.0.12–v0.0.15, all of which released successfully), andnpm ciin the release job does not fail on a root-version mismatch, so it does not block this release. Worth a separate cleanup PR at some point (npm installto regenerate name/version), but out of scope here.
Security — no code, dependency, or secret changes. npm publish uses OIDC trusted publishing (no token secret). Nothing security-relevant in this PR.
Performance — not applicable (metadata-only change).
Verdict
approved (informational — a human still gives the explicit GitHub approval). Zero Critical findings: a correct, in-scope, convention-compliant release bump. Recommend merging, then tagging v0.0.16 per the version-release flow.
Bumps to v0.0.16 to ship #46. Tag after merge triggers the release pipeline.
🤖 Generated with Claude Code
https://claude.ai/code/session_01GMbAe5K1RfwaAcge5inX7P
Summary by cubic
Release v0.0.16 to ship non-interactive project creation.
insta project createnow auto-generates a friendly name instead of prompting, preventing hangs in CI and scripts.Written for commit 15c7831. Summary will update on new commits.