docs(release): add dependency pinning policy and update check step

Release process now checks for sqlite-vec, node-llama-cpp, and
better-sqlite3 updates before cutting a release. All deps must be
pinned to exact versions.
This commit is contained in:
Tobi Lutke 2026-04-05 18:17:13 -04:00
parent 9c0d100a09
commit 79a53f856e
No known key found for this signature in database

View File

@ -46,8 +46,21 @@ When the user triggers `/release <version>`:
```
The agent will be notified when CI completes and should report the result.
7. **Check dependency updates** — before cutting the release, check for
updates to `sqlite-vec` (and platform packages), `node-llama-cpp`,
and `better-sqlite3`. Run `pnpm outdated` and report any available
updates for these packages. If updates exist, bump them (pinned, no
`^` ranges) and re-run tests before proceeding.
If any step fails, stop and explain. Never force-push or skip validation.
## Dependency Policy
All dependencies must be pinned to exact versions (no `^` or `~` ranges).
The lockfile ensures reproducible installs. When adding or updating any
dependency, always use the exact version string (e.g. `"3.18.1"` not
`"^3.18.1"`).
## Changelog Standard
The changelog lives in `CHANGELOG.md` and follows [Keep a Changelog](https://keepachangelog.com/) conventions.