docs(release): adapt lifecycle runbook

[flyingrobots]

Linked Issue

None.

Summary

Adapt the Continuum release lifecycle into Wesley's repo-local release doctrine and profile.

Why

Wesley needs the shared release philosophy without importing rules that conflict with its current GitHub tracker model. This keeps the release spine intact while preserving Wesley's existing split: goalpost milestones for implementation slices, release milestones for release-gate issues, and concrete vX.Y.Z labels for version scheduling.

Changes

• Add .continuum/release.yml with Wesley's version sources, publish crates, signposts, validation commands, release workflow, and evidence surfaces.
• Expand docs/method/release.md into the Wesley release doctrine: lifecycle, release types, version selection, scope buckets, goalposts, signposts, and non-negotiables.
• Update the release runbook, release topic, release policy, checklist, crates.io release doc, truth manifest, and changelog to point at the profile and doctrine.
• Fix the Release Crates workflow so post-publish crates.io visibility checks include wesley-emit-codec.
• Add Bats guards for the release profile, doctrine, and published-crate workflow verification.

Method Evidence

• Design doc linked or not required.
• Tests or validation evidence included.
• Playback/witness included or not required.
• Retro or closeout evidence included or not required.

Tracker Hygiene

• Linked issue had work-in-progress while active, or no linked issue was used.
• Linked issue lane/status/legend labels are current, or no linked issue was used.
• Follow-up work is captured as GitHub Issues, not hidden in chat or local-only backlog files.

Risk

Low runtime risk. This is release governance, documentation, workflow verification, and tests. The only workflow behavior change widens an existing crates.io visibility loop to include a crate already declared as published.

Backout

Revert the commit. This removes the release profile/doctrine updates and restores the previous post-publish crate visibility loop.

Testing

• cargo xtask docs-check
• bats test/release-governance.bats test/ci-workflows.bats
• git diff --check
• pnpm exec prettier --check .continuum/release.yml docs/method/release.md docs/method/release-runbook.md docs/topics/releases.md docs/topics/README.md docs/governance/RELEASE_POLICY.md docs/governance/RELEASE_CHECKLIST.md docs/CRATES_IO_RELEASE.md CHANGELOG.md .github/workflows/release-crates.yml
• cargo xtask preflight
• pre-push hook: cargo xtask preflight plus repo Bats smoke suite

Merge Strategy

• Merge commit only; no rebase.
• Delete branch after merge.

Checklist

• One-topic PR with tight diff
• Rust-native preflight passes (cargo xtask preflight)
• Legacy package preflight not required
• No widened permissions/secrets in workflows
• Docs updated if behavior changed

[coderabbitai]

Warning

Review limit reached

@flyingrobots, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 48 minutes and 24 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d7be10a2-ce60-48c8-bbea-f115228ecd34

📥 Commits

Reviewing files that changed from the base of the PR and between 0c42621 and c2dd64a.

📒 Files selected for processing (17)

• .continuum/release.yml
• .github/workflows/cert-shipme.yml
• .github/workflows/release-crates.yml
• CHANGELOG.md
• docs/CRATES_IO_RELEASE.md
• docs/governance/RELEASE_CHECKLIST.md
• docs/governance/RELEASE_POLICY.md
• docs/method/release-runbook.md
• docs/method/release.md
• docs/topics/README.md
• docs/topics/assurance-evidence.md
• docs/topics/ci-workflows.md
• docs/topics/releases.md
• docs/truth-manifest.json
• test/ci-workflows.bats
• test/release-governance.bats
• xtask/src/main.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/release-lifecycle-profile

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[flyingrobots]

Code Lawyer Self-Audit Findings

Cc: @codex

ID	Severity	Source	File	Lines	Issue	Planned Resolution
CL-001	P2	Self	.continuum/release.yml, xtask/src/main.rs	profile version_sources; check_publish_manifest_versions	The new release profile declares root package.json as a required version source, but the executable release guards only validate Cargo publish manifests. This contradicts the added release doctrine that every declared version source must agree and that release law lives in executable gates.	Add a deterministic regression proving the guard fails when root package.json drifts from the release version, then enforce the root package version in check_publish_manifest_versions.

[chatgpt-codex-connector]

Summary

• Added root package.json enforcement to the release manifest version guard so the declared root package version must match the requested release version before release checks pass. xtask/src/main.rsL661-L762
• Added a deterministic xtask regression proving the guard reports drift when root package.json has a different version than the release version. xtask/src/main.rsL3590-L3616
• Committed the change with commit 81ceb57 (fix(release): guard root package version) and created the follow-up PR via make_pr.

Testing

• ✅ cargo fmt --check
• ✅ git diff --check
• ⚠️ cargo test -p xtask release_manifest_guard_rejects_root_package_version_drift (blocked by environment network restriction: crates.io index fetch returned HTTP 403)
• ⚠️ CARGO_NET_OFFLINE=true cargo test -p xtask release_manifest_guard_rejects_root_package_version_drift (blocked because required crates were not cached locally)

View task →

[flyingrobots]

Code Lawyer Activity Summary

ID	Severity	Source	File	Commit	Outcome
CL-001	P2	Self	.continuum/release.yml, xtask/src/main.rs, docs/governance/RELEASE_POLICY.md, docs/CRATES_IO_RELEASE.md, CHANGELOG.md	1559702b	Fixed. Release version-source enforcement now rejects root package.json version drift anywhere check_publish_manifest_versions is used, and release policy/docs now describe all declared release version sources instead of Cargo-only lockstep.

Verification

• RED: cargo test -p xtask root_package_json_version_mismatch_blocks_release_manifest_check -- --nocapture failed because mismatched root package.json returned Ok(()).
• GREEN: cargo test -p xtask root_package_json_version_mismatch_blocks_release_manifest_check passed.
• Focused: cargo fmt --check, cargo xtask docs-check, bats test/release-governance.bats test/ci-workflows.bats, git diff --check passed.
• Broad: cargo xtask preflight passed.
• Release-specific: cargo xtask release-prep-guard --version 0.2.0 and cargo xtask package-crates --version 0.2.0 passed.
• Push gate: pre-push reran cargo xtask preflight and passed.

No PR review threads required resolution; reviewThreads was empty.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a368051c49

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[flyingrobots]

Code Lawyer Activity Summary

ID	Severity	Source	File	Commit	Outcome
CL-001	P2	Self	.continuum/release.yml, xtask/src/main.rs, release docs	1559702b	Fixed. Required root package.json version-source drift is rejected by release/package guards.
PR-001	P2	PR thread	.continuum/release.yml, xtask/src/main.rs	431d2dec	Fixed. crates/wesley-holmes/Cargo.toml is now a required unpublished version source, and xtask rejects unpublished manifest version drift.
PR-002	P2	PR thread	.continuum/release.yml, xtask/src/main.rs	c3be0a74	Fixed. Release tracker checks now query the declared Release: vX.Y.Z milestone bucket.
PR-003	P2	PR thread	.continuum/release.yml	f4dad39a	Fixed. The release profile now declares cargo audit as the Rust advisory audit validation command.
PR-004	P2	PR thread	.continuum/release.yml	409c595f	Fixed. The release profile now includes docs/site/ and docs/GUIDE.md in user-doc signposts.

Verification

• RED: cargo test -p xtask root_package_json_version_mismatch_blocks_release_manifest_check -- --nocapture failed before CL-001.
• RED: cargo test -p xtask unpublished_holmes_version_mismatch_blocks_release_manifest_check -- --nocapture failed before PR-001.
• RED: cargo test -p xtask release_guard_queries_github_issue_tracker -- --nocapture failed before PR-002.
• RED: focused bats test/release-governance.bats filters failed before PR-003 and PR-004.
• GREEN/focused: cargo test -p xtask release_manifest_check, cargo test -p xtask release_guard_queries_github_issue_tracker, bats test/release-governance.bats, bats test/release-governance.bats test/ci-workflows.bats passed.
• Broad: cargo fmt --check, git diff --check, pnpm exec prettier --check .continuum/release.yml CHANGELOG.md, cargo xtask preflight, cargo xtask release-prep-guard --version 0.2.0, and cargo xtask package-crates --version 0.2.0 passed.
• Push gate: pre-push reran Rust product preflight plus repo Bats smoke suite and passed.

All four PR review threads were resolved via GraphQL. No domain-specific behavior was added.

[flyingrobots]

SHIPME certification correction

Root cause: cert-shipme.yml was running during pull_request and waiting for HOLMES evidence keyed to the synthetic PR merge SHA. That is not the SHA that lands on main, so the certificate gate could not honestly certify the target-branch commit.

Fix: commit c2dd64ae moves SHIPME certification to post-merge only by running cert-shipme.yml on push to main; the generated certificate records ${GITHUB_SHA}, which is the landed main commit for that workflow run. PR-time assurance remains covered by the normal PR checks and HOLMES schema-set detection.

Verification:

• focused regression: bats test/ci-workflows.bats --filter "cert-shipme certifies only landed target-branch commits"
• formatting/whitespace: git diff --check, Prettier on touched docs/workflow files
• broader local: pre-push hook ran Rust product preflight and repo Bats smoke suite
• remote: PR checks are green or expected-skipped; stale PR-time SHIPME Certificate check is no longer present in the check rollup.