First release cut through the OIDC pipeline โ and the one that reconciles npm โ PyPI to content + version parity.
repository.url normalization. The 19 events + schemas are unchanged.A bump that misses any one trips the parity preflight. 0.1.1 touched all four:
| source | file | 0.1.1? |
|---|---|---|
| npm package | packages/hook-contract/package.json | โ |
| runtime const | src/index.ts ยท HOOK_CONTRACT_VERSION | โ |
| PyPI project | hook-contract-py/pyproject.toml | โ |
| py runtime | __init__.py ยท __version__ (preflight blind-spot!) | โ |
Note: the py preflight only checks pyproject; __init__.py is a 4th source that can silently drift โ bumped here, worth adding to the py preflight later.
git tag hook-contract-npm/v0.1.1 hook-contract-py/v0.1.1 git push origin hook-contract-npm/v0.1.1 hook-contract-py/v0.1.1
Each tag โ its OIDC publish workflow โ preflight parity gate โ publish with provenance โ you approve the npm environment gate โ live.