Summary
Confirm npm scope access and publish the first verified scoped release only after an explicit maintainer go-ahead.
Context
Implementation Notes
- Refresh package-name availability and maintainer scope access immediately before publication because registry state can change.
- Use the exact tarball produced from the reviewed commit.
- Record an explicit approval before any publish, tag, or release mutation.
- Stop if version selection, scope access, package name, or required checks are unclear.
Acceptance Criteria
Tests/Evals
- Re-run package boundary, installed-package smoke, deterministic verification, and security verification before approval.
- No live provider generation is part of release validation.
Verification
npm run pack:check
- Run the installed-tarball smoke against the exact release tarball.
npm run verify
npm run verify:security
- Verify the published package, tag, and GitHub release resolve to the approved commit.
Agent Instructions
- Do not publish, tag, or create a release without a fresh explicit approval in the execution turn.
- Do not print registry tokens or environment values.
- Do not choose a new version silently.
Human Checkpoints
- The entire external-state mutation is maintainer-gated.
- KK must approve the package version, public access, tag, and GitHub release.
Out of Scope
- Code changes or dependency upgrades.
- Provider credentials, deployments, or generated assets.
- Legacy route retirement.
- Automatic publishing.
Linear
Not applicable. Rafiki delivery is GitHub-only; do not create or update a Linear issue.
Summary
Confirm npm scope access and publish the first verified scoped release only after an explicit maintainer go-ahead.
Context
main.Implementation Notes
Acceptance Criteria
npm publish --access publicaction.Tests/Evals
Verification
npm run pack:checknpm run verifynpm run verify:securityAgent Instructions
Human Checkpoints
Out of Scope
Linear
Not applicable. Rafiki delivery is GitHub-only; do not create or update a Linear issue.