diff --git a/.github/workflows/preview-cli-package.yml b/.github/workflows/preview-cli-package.yml
index 343834f..fb9e611 100644
--- a/.github/workflows/preview-cli-package.yml
+++ b/.github/workflows/preview-cli-package.yml
@@ -20,29 +20,18 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
+          cache: true
 
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
-
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -50,7 +39,8 @@ jobs:
       - name: Resolve preview version
         id: cli_version
         run: |
-          node scripts/resolve-cli-version.mjs pr \
+          node scripts/resolve-package-version.mjs pr \
+            --package-dir packages/cli \
             --sha '${{ github.event.pull_request.head.sha }}' \
             --pr-number '${{ github.event.pull_request.number }}' >> "$GITHUB_OUTPUT"
 
@@ -70,14 +60,15 @@ jobs:
         id: compute_build
         run: pnpm --filter @prisma/compute build
 
-      - name: Prepare staged preview package
-        id: prepare_preview
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
+      - name: Set preview package version
+        id: set_preview_version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
       - name: Publish installable PR preview
         id: publish_preview
         continue-on-error: ${{ vars.CLI_PR_PREVIEW_REQUIRED != 'true' }}
-        run: pnpm exec pkg-pr-new publish --bin --comment=update .publish/cli
+        run: pnpm exec pkg-pr-new publish --bin --comment=update packages/cli
 
       - name: Summarize PR preview publish
         if: ${{ always() }}
@@ -90,7 +81,7 @@ jobs:
             echo "- Compute tests: \`${{ steps.compute_tests.outcome || 'skipped' }}\`"
             echo "- Build: \`${{ steps.cli_build.outcome || 'skipped' }}\`"
             echo "- Compute build: \`${{ steps.compute_build.outcome || 'skipped' }}\`"
-            echo "- Package staging: \`${{ steps.prepare_preview.outcome || 'skipped' }}\`"
+            echo "- Version injection: \`${{ steps.set_preview_version.outcome || 'skipped' }}\`"
             echo "- pkg.pr.new publish: \`${{ steps.publish_preview.outcome || 'skipped' }}\`"
             PUBLISH_OUTCOME="${{ steps.publish_preview.outcome || 'skipped' }}"
             if [ "${PUBLISH_OUTCOME}" != "success" ]; then
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 9f630fa..14c45d4 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -18,6 +18,7 @@ concurrency:
 
 jobs:
   publish-dev:
+    name: Publish dev package
     if: ${{ github.event_name == 'push' }}
     runs-on: ubuntu-latest
     permissions:
@@ -25,29 +26,17 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
-          registry-url: https://registry.npmjs.org
+          cache: true
 
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
-
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -55,75 +44,18 @@ jobs:
       - name: Resolve dev version
         id: cli_version
         run: |
-          node scripts/resolve-cli-version.mjs dev \
+          node scripts/resolve-package-version.mjs dev \
+            --package-dir packages/cli \
             --run-number "${GITHUB_RUN_NUMBER}" \
             --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
 
-      - name: Fail if version already exists on npm
-        run: |
-          PACKAGE='@prisma/cli'
-          VERSION='${{ steps.cli_version.outputs.version }}'
-          if npm view "${PACKAGE}@${VERSION}" version >/dev/null 2>&1; then
-            echo "${PACKAGE}@${VERSION} already exists on npm."
-            exit 1
-          fi
-
-      - name: Run focused CLI tests
-        run: pnpm --filter @prisma/cli test
-
-      - name: Build CLI package
-        run: pnpm --filter @prisma/cli build
-
-      - name: Prepare staged publish package
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/cli
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/cli.js', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/cli && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "cli-publish-smoke",
-            "private": true
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/cli/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            pnpm prisma-cli --help
-            pnpm prisma-cli auth whoami --json
-          )
+      - name: Set package version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
       - name: Publish dev package to npm
-        working-directory: .publish/cli
-        run: npm publish --access public --tag dev --provenance
+        working-directory: packages/cli
+        run: pnpm publish --access public --tag dev --provenance --no-git-checks
 
       - name: Summarize dev publish
         run: |
@@ -136,6 +68,7 @@ jobs:
           } >> "$GITHUB_STEP_SUMMARY"
 
   publish-official:
+    name: Publish official release
     if: ${{ github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     permissions:
@@ -150,30 +83,17 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
-          fetch-depth: 0
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
-          registry-url: https://registry.npmjs.org
+          cache: true
 
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
-
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -182,17 +102,11 @@ jobs:
         id: cli_version
         run: |
           PACKAGE='@prisma/cli'
-          LATEST="$(npm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
-          node scripts/resolve-cli-version.mjs next-beta --latest "${LATEST}" >> "$GITHUB_OUTPUT"
-
-      - name: Fail if version already exists on npm
-        run: |
-          PACKAGE='@prisma/cli'
-          VERSION='${{ steps.cli_version.outputs.version }}'
-          if npm view "${PACKAGE}@${VERSION}" version >/dev/null 2>&1; then
-            echo "${PACKAGE}@${VERSION} already exists on npm."
-            exit 1
-          fi
+          LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          echo "latest=${LATEST}" >> "$GITHUB_OUTPUT"
+          node scripts/resolve-package-version.mjs next-beta \
+            --package-dir packages/cli \
+            --latest "${LATEST}" >> "$GITHUB_OUTPUT"
 
       - name: Fail if release tag already exists
         run: |
@@ -203,58 +117,13 @@ jobs:
             exit 1
           fi
 
-      - name: Run focused CLI tests
-        run: pnpm --filter @prisma/cli test
-
-      - name: Build CLI package
-        run: pnpm --filter @prisma/cli build
+      - name: Set package version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
-      - name: Prepare staged publish package
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/cli
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/cli.js', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/cli && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "cli-publish-smoke",
-            "private": true
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/cli/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            pnpm prisma-cli --help
-            pnpm prisma-cli auth whoami --json
-          )
+      - name: Validate package artifact
+        working-directory: packages/cli
+        run: pnpm pack --dry-run
 
       - name: Ensure release still targets the latest main
         if: ${{ !inputs.dry_run }}
@@ -267,8 +136,8 @@ jobs:
 
       - name: Publish official package to npm
         if: ${{ !inputs.dry_run }}
-        working-directory: .publish/cli
-        run: npm publish --access public --tag latest --provenance
+        working-directory: packages/cli
+        run: pnpm publish --access public --tag latest --provenance --no-git-checks
 
       - name: Create release tag
         if: ${{ !inputs.dry_run }}
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
new file mode 100644
index 0000000..7275ec7
--- /dev/null
+++ b/.github/workflows/publish-compute.yml
@@ -0,0 +1,174 @@
+name: Publish Compute
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: Validate the next official beta release without publishing or tagging
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: publish-compute-${{ github.event_name }}
+  cancel-in-progress: false
+
+jobs:
+  publish-dev:
+    name: Publish dev package
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          cache: true
+
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: .node-version
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Resolve dev version
+        id: compute_version
+        run: |
+          node scripts/resolve-package-version.mjs dev \
+            --package-dir packages/compute \
+            --run-number "${GITHUB_RUN_NUMBER}" \
+            --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
+
+      - name: Set package version
+        working-directory: packages/compute
+        run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
+
+      - name: Publish dev package to npm
+        working-directory: packages/compute
+        run: pnpm publish --access public --tag dev --provenance --no-git-checks
+
+      - name: Summarize dev publish
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          {
+            echo "## Publish Compute Dev"
+            echo
+            echo "- npm package: \`@prisma/compute@${VERSION}\`"
+            echo "- npm dist-tag: \`dev\`"
+          } >> "$GITHUB_STEP_SUMMARY"
+
+  publish-official:
+    name: Publish official release
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Ensure workflow runs from main
+        run: |
+          if [ "${GITHUB_REF}" != "refs/heads/main" ]; then
+            echo "This workflow only publishes official releases from main."
+            exit 1
+          fi
+
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          cache: true
+
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: .node-version
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Resolve next beta version
+        id: compute_version
+        run: |
+          PACKAGE='@prisma/compute'
+          LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          echo "latest=${LATEST}" >> "$GITHUB_OUTPUT"
+          node scripts/resolve-package-version.mjs next-beta \
+            --package-dir packages/compute \
+            --latest "${LATEST}" >> "$GITHUB_OUTPUT"
+
+      - name: Fail if release tag already exists
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          TAG="compute-v${VERSION}"
+          if git ls-remote --exit-code --tags origin "refs/tags/${TAG}" >/dev/null 2>&1; then
+            echo "Release tag ${TAG} already exists."
+            exit 1
+          fi
+
+      - name: Set package version
+        working-directory: packages/compute
+        run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
+
+      - name: Validate package artifact
+        working-directory: packages/compute
+        run: pnpm pack --dry-run
+
+      - name: Ensure release still targets the latest main
+        if: ${{ !inputs.dry_run }}
+        run: |
+          git fetch origin main
+          if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then
+            echo "main moved while the release was running. Rerun the workflow from the latest main."
+            exit 1
+          fi
+
+      - name: Publish official package to npm
+        if: ${{ !inputs.dry_run }}
+        working-directory: packages/compute
+        run: pnpm publish --access public --tag latest --provenance --no-git-checks
+
+      - name: Create release tag
+        if: ${{ !inputs.dry_run }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          TAG="compute-v${VERSION}"
+          SHA="$(git rev-parse HEAD)"
+          gh api \
+            --method POST \
+            "repos/${GITHUB_REPOSITORY}/git/refs" \
+            -f ref="refs/tags/${TAG}" \
+            -f sha="${SHA}"
+
+      - name: Summarize release
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          LATEST='${{ steps.compute_version.outputs.latest }}'
+          {
+            echo "## Publish Compute Official"
+            echo
+            echo "- Previous npm latest: \`${LATEST:-none}\`"
+            echo "- Version: \`${VERSION}\`"
+            echo "- Dry run: \`${{ inputs.dry_run }}\`"
+            if [ '${{ inputs.dry_run }}' = 'true' ]; then
+              echo "- Publish: skipped"
+              echo "- Tag creation: skipped"
+            else
+              echo "- npm package: \`@prisma/compute@${VERSION}\`"
+              echo "- npm dist-tag: \`latest\`"
+              echo "- git tag: \`compute-v${VERSION}\`"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
diff --git a/AGENTS.md b/AGENTS.md
index f305150..d3183fd 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -2,109 +2,25 @@
 
 ## Purpose
 
-This repo uses document-driven development for the new Prisma CLI.
+Use this file for repo-wide instructions. Use package-local `AGENTS.md` files for package-specific rules.
 
-The docs in `docs/product` are the source of truth. Do not invent product behavior in code that is not already grounded in those docs. If behavior is unclear or missing, update docs first.
+## Development Setup
 
-## What This CLI Is
+1. Run `pnpm install`.
+2. Use `pnpm --filter <package> <script>` for package-local checks.
+3. Run root scripts only when they match the changed surface.
+4. Keep generated artifacts out of commits unless the task requires them.
 
-- This is the future unified Prisma CLI.
-- The first implementation slice is app deployment workflows, but the command model must preserve the long-term CLI for ORM, Postgres, and app workflows.
+## Package Manager
 
-## Read These First
+- Use `pnpm` for commands run inside this repo.
+- Use `npm` or multiple package-manager examples in user-facing content.
 
-Start with `docs/README.md` for the public docs index.
+## Pre-Commit Verification
 
-1. `docs/product/resource-model.md`
-2. `docs/product/command-principles.md`
-3. `docs/product/command-spec.md`
-4. `docs/product/cli-style-guide.md`
-5. `docs/product/output-conventions.md`
-6. `docs/product/error-conventions.md`
-
-Architecture and contributor workflow references:
-
-- `ARCHITECTURE.md`
-- `docs/architecture/overview.md`
-- `docs/onboarding/getting-started.md`
-- `docs/onboarding/common-tasks.md`
-- `docs/onboarding/testing.md`
-
-## Non-Negotiable Product Rules
-
-- Group commands by developer workflow, not product ownership.
-- No `orm`, `postgres`, or `compute` namespaces in the command surface.
-- Canonical command shape is `prisma <group> <action>`.
-- The current preview uses only `auth`, `project`, `branch`, and `app`.
-- Preserve the long-term resource model:
-  - `workspace -> project -> branch -> { app, database }`
-
-For exact definitions and resolution rules, see `resource-model.md` and `command-spec.md`.
-
-## Branch Model
-
-Do not redefine this casually:
-
-- everything under a project happens in a branch
-- `local` is local CLI context only, not a branch or deploy target
-- `production` is a protected durable branch
-- every other named branch is preview by default
-- preview branches are disposable by default
-- non-production branches can become durable later
-- first remote deploy defaults to preview
-- production is reached by `app promote` or explicit user targeting
-
-See:
-
-- `docs/product/resource-model.md`
-- `docs/product/command-spec.md`
-
-## Output and Error Behavior
-
-Before changing CLI UX, read:
-
-- `docs/product/cli-style-guide.md`
-- `docs/product/output-conventions.md`
-- `docs/product/error-conventions.md`
-
-Important themes:
-
-- stdout is for machine-readable data
-- stderr is for human-oriented status and decoration
-- `--json` is explicit
-- non-TTY and non-interactive behavior must stay automation-friendly
-- structured error codes are the branching surface for agents and CI
-
-## Error Handling
-
-- Use `better-result` for owned application code that can fail.
-- Model expected failures as `TaggedError` types from `better-result`.
-- Put tagged error message construction in the constructor. Instantiate tagged errors directly; delete factory functions that only wrap constructors. Use static constructors only when they encode distinct domain variants.
-- Represent unexpected failures as `UnhandledException` from `better-result`.
-- Return only errors produced by the function plus errors propagated from callees. Do not create app-wide error unions.
-- Wrap throwing or rejecting boundaries with `Result.try` or `Result.tryPromise`. This includes SDK calls, I/O, parsing, and async framework calls.
-- Wrap expected throwing failures at the lowest throwing expression and map them to the local tagged error type.
-- Once a function returns `Result`, do not throw inside its body for modeled boundaries. Return expected errors, abort errors, and propagated `UnhandledException` values in the error union; throw only at temporary or final CLI-facing boundaries.
-- When mapping abortable boundary failures, prefer `signal.aborted` over matching error names or messages to detect cancellation.
-- Do not wrap a boundary only to match `UnhandledException` and rethrow it. Let unexpected failures throw directly when no expected error is modeled or propagated.
-- Use `Result.gen` to compose multiple results. Do not manually chain `isErr` propagation when `yield*` can express the flow.
-- Propagate typed results through lower layers. Do not convert results to plain values, `null`, booleans, or thrown exceptions below the boundary.
-- Convert results only at CLI-facing boundaries: command runners, controllers that produce command output, auth providers, API/client adapters, storage adapters, and startup assembly.
-- Match errors exhaustively with `matchError`. Do not use catch-all handlers or partial matches.
-- Throw tagged errors directly when their message and context are already correct. Do not wrap them in generic `Error` instances.
-- Do not refactor generated code, third-party SDK internals, or framework internals for result handling.
-
-## When Making Changes
-
-- Prefer tightening existing docs over adding new surface area.
-- Keep nouns and verbs stable across docs, help, output, and code.
-- Do not add shortcuts or aliases as canonical forms.
-- Do not let the current app preview introduce abstractions that will block later ORM/Postgres integration.
-- If docs conflict, resolve the docs rather than guessing in implementation.
-
-## Default Agent Workflow
-
-1. Read the product docs above.
-2. Identify the relevant source-of-truth doc for the task.
-3. If implementation requires undefined behavior, update docs first.
-4. Keep changes aligned with the unified CLI direction, not just the current app slice.
+- `pnpm --recursive exec tsc --noEmit`
+- `pnpm lint`
+- Package-specific tests for changed packages
+  - `pnpm --filter @prisma/cli test`
+  - `pnpm --filter @prisma/compute test`
+- If verification fails because work is intentionally incomplete, include the failing command and reason in the commit message.
diff --git a/README.md b/README.md
index 0266c9d..552b5b8 100644
--- a/README.md
+++ b/README.md
@@ -79,11 +79,10 @@ Build the package:
 pnpm build:cli
 ```
 
-Stage the npm package locally without publishing:
+Inspect the npm package locally without publishing:
 
 ```bash
-pnpm build:cli
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
 ## Command Model
@@ -132,8 +131,7 @@ Start here when changing command behavior:
 See `CONTRIBUTING.md` for local development and contribution guidance.
 See `ARCHITECTURE.md` for the short architecture entrypoint.
 
-The npm package README lives at `packages/cli/README.md` and is copied into the
-staged publish artifact.
+The npm package README lives at `packages/cli/README.md`.
 
 ## Community
 
@@ -161,7 +159,7 @@ publish from a local checkout unless the release owner explicitly asks you to do
 so.
 
 The committed `packages/cli/package.json` version is a development placeholder.
-Release versions are injected by CI when the staged npm package is prepared.
+Release versions are injected by CI before the package is packed and published.
 
 Release channels:
 
diff --git a/docs/architecture/adrs/0001-preview-package-and-publishing.md b/docs/architecture/adrs/0001-preview-package-and-publishing.md
index 8a38e0b..c114f45 100644
--- a/docs/architecture/adrs/0001-preview-package-and-publishing.md
+++ b/docs/architecture/adrs/0001-preview-package-and-publishing.md
@@ -18,7 +18,8 @@ dist-tag. The package exposes a `prisma-cli` binary so it can coexist with the
 existing `prisma` executable.
 
 The committed `packages/cli/package.json` version is a development placeholder.
-Release versions are injected into the staged package by CI:
+Release versions are injected into the package manifest by CI before packing and
+publishing:
 
 - Manual official releases compute the next `3.0.0-beta.N`, publish to
   `latest`, and create `cli-v<version>`.
@@ -36,10 +37,10 @@ The publish workflow is prepared for npm trusted publishing with provenance.
 Official releases publish with:
 
 ```bash
-npm publish --access public --tag latest --provenance
+pnpm publish --access public --tag latest --provenance
 ```
 
-Local development should build and stage the package, but should not publish it.
+Local development should build and inspect the package, but should not publish it.
 
 ## Consequences
 
@@ -48,8 +49,8 @@ Local development should build and stage the package, but should not publish it.
   preview comments for exact unmerged commits.
 - Project scripts may map `prisma` to `prisma-cli` when testing the future
   command shape locally.
-- The npm package should contain only the staged package files: built `dist`,
-  package README, license, and package manifest.
+- The npm package should contain only the package files: built `dist`, package
+  README, license, and package manifest.
 - Official publishing remains manual and gated until a maintainer runs the
   workflow.
 - Release version bumps are not committed through pull requests; npm versions
diff --git a/docs/architecture/package-structure.md b/docs/architecture/package-structure.md
index b209c00..d7e2a98 100644
--- a/docs/architecture/package-structure.md
+++ b/docs/architecture/package-structure.md
@@ -39,8 +39,8 @@ Tests live in `packages/cli/tests`.
 - Use in-process CLI tests for command behavior, output, prompts, and errors.
 - Use controller and use-case tests when a behavior can be exercised without
   going through Commander.
-- Use publish-prep tests for package metadata and tarball contents.
-- Add subprocess or staged package smoke tests when changing packaging,
-  entrypoints, or binary behavior.
+- Use package metadata and tarball-content checks for publishing changes.
+- Add subprocess or package smoke tests when changing packaging, entrypoints, or
+  binary behavior.
 
 See [testing patterns](../reference/testing-patterns.md) for more detail.
diff --git a/docs/onboarding/common-tasks.md b/docs/onboarding/common-tasks.md
index 7b289c3..3889b97 100644
--- a/docs/onboarding/common-tasks.md
+++ b/docs/onboarding/common-tasks.md
@@ -41,10 +41,8 @@ Use this playbook when making common changes to the CLI.
 
 1. Update `packages/cli/package.json` and `packages/cli/README.md` if package
    metadata or package-facing docs change.
-2. Update `scripts/prepare-cli-publish.mjs` when staged package contents change.
-3. Update `packages/cli/tests/publish-prep.test.ts`.
-4. Run `pnpm build:cli` and `pnpm prepare:cli-publish`.
-5. Do not publish from a local checkout unless the release owner explicitly asks
+2. Run `pnpm --filter @prisma/cli pack --dry-run`.
+3. Do not publish from a local checkout unless the release owner explicitly asks
    for that.
 
 ## Record An Architecture Decision
diff --git a/docs/onboarding/getting-started.md b/docs/onboarding/getting-started.md
index 81172fa..7dfaa86 100644
--- a/docs/onboarding/getting-started.md
+++ b/docs/onboarding/getting-started.md
@@ -48,14 +48,12 @@ Build the package:
 pnpm build:cli
 ```
 
-Stage the publish package locally without publishing:
+Inspect the publish package locally without publishing:
 
 ```bash
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
-If staging fails because the built CLI is missing, run `pnpm build:cli` first.
-
 ## Examples
 
 Manual smoke apps live in:
diff --git a/docs/onboarding/testing.md b/docs/onboarding/testing.md
index ebaf417..5e8deaa 100644
--- a/docs/onboarding/testing.md
+++ b/docs/onboarding/testing.md
@@ -9,12 +9,11 @@ flags, output streams, structured JSON, prompts, errors, and package contents.
 pnpm test
 ```
 
-Build the package when changing entrypoints, package metadata, or publishing
-preparation:
+Inspect package contents when changing entrypoints, package metadata, or
+publishing preparation:
 
 ```bash
-pnpm build:cli
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
 Run the Next.js artifact smoke before publishing a preview CLI build that
@@ -37,7 +36,7 @@ pnpm smoke:cli-nextjs
 - Prompt behavior in TTY mode.
 - Error codes, summaries, fixes, and next steps.
 - Secret redaction, especially environment variable values.
-- Package staging and tarball contents.
+- Package metadata and tarball contents.
 
 ## Test Styles
 
@@ -48,7 +47,7 @@ temporary state.
 Use controller or use-case tests when the behavior is easier to express without
 going through Commander.
 
-Use staged package smoke tests when changing:
+Use package smoke tests when changing:
 
 - binary entrypoints
 - build configuration
diff --git a/docs/reference/testing-patterns.md b/docs/reference/testing-patterns.md
index b1f439e..0e2a04e 100644
--- a/docs/reference/testing-patterns.md
+++ b/docs/reference/testing-patterns.md
@@ -39,8 +39,7 @@ the behavior under test.
 
 ## Subprocess And Package Smoke Tests
 
-Use subprocess or staged package smoke tests when changing packaging or runtime
-entrypoints.
+Use subprocess or package smoke tests when changing packaging or runtime entrypoints.
 
 Good fit:
 
@@ -50,8 +49,8 @@ Good fit:
 - npm tarball contents
 - publish preparation
 
-The staged package should not include source, tests, fixtures, docs, `.prisma`,
-or `.publish` directories.
+The npm tarball should not include source, tests, fixtures, docs, `.prisma`, or
+`.publish` directories.
 
 ## Stream Assertions
 
diff --git a/package.json b/package.json
index e1a2a58..e61e9c5 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,6 @@
     "lint:fix": "biome check . --write",
     "lint:skills": "node scripts/validate-skills.mjs",
     "prepare": "skills add ./skills --skill '*' --agent universal claude-code -y",
-    "prepare:cli-publish": "node scripts/prepare-cli-publish.mjs",
     "smoke:cli-nextjs": "node scripts/smoke-cli-nextjs-artifact.mjs",
     "test:skills": "node --test scripts/validate-skills.test.mjs",
     "test": "pnpm --filter @prisma/cli test",
diff --git a/packages/cli/.npmignore b/packages/cli/.npmignore
new file mode 100644
index 0000000..17cabed
--- /dev/null
+++ b/packages/cli/.npmignore
@@ -0,0 +1,6 @@
+src/
+tests/
+fixtures/
+docs/
+.prisma/
+.publish/
diff --git a/packages/cli/AGENTS.md b/packages/cli/AGENTS.md
new file mode 100644
index 0000000..8d7bfa9
--- /dev/null
+++ b/packages/cli/AGENTS.md
@@ -0,0 +1,109 @@
+# AGENTS.md
+
+## Purpose
+
+This package uses document-driven development for the new Prisma CLI.
+
+The docs in `docs/product` are the source of truth. Do not invent product behavior in code that is not already grounded in those docs. If behavior is unclear or missing, update docs first.
+
+## What This CLI Is
+
+- This is the future unified Prisma CLI.
+- The first implementation slice is app deployment workflows, but the command model must preserve the long-term CLI for ORM, Postgres, and app workflows.
+
+## Read These First
+
+Start with `docs/README.md` for the public docs index.
+
+1. `docs/product/resource-model.md`
+2. `docs/product/command-principles.md`
+3. `docs/product/command-spec.md`
+4. `docs/product/cli-style-guide.md`
+5. `docs/product/output-conventions.md`
+6. `docs/product/error-conventions.md`
+
+Architecture and contributor workflow references:
+
+- `ARCHITECTURE.md`
+- `docs/architecture/overview.md`
+- `docs/onboarding/getting-started.md`
+- `docs/onboarding/common-tasks.md`
+- `docs/onboarding/testing.md`
+
+## Non-Negotiable Product Rules
+
+- Group commands by developer workflow, not product ownership.
+- No `orm`, `postgres`, or `compute` namespaces in the command surface.
+- Canonical command shape is `prisma <group> <action>`.
+- The current preview uses only `auth`, `project`, `branch`, and `app`.
+- Preserve the long-term resource model: `workspace -> project -> branch -> { app, database }`.
+
+For exact definitions and resolution rules, see `resource-model.md` and `command-spec.md`.
+
+## Branch Model
+
+Do not redefine this casually:
+
+- everything under a project happens in a branch
+- `local` is local CLI context only, not a branch or deploy target
+- `production` is a protected durable branch
+- every other named branch is preview by default
+- preview branches are disposable by default
+- non-production branches can become durable later
+- first remote deploy defaults to preview
+- production is reached by `app promote` or explicit user targeting
+
+See:
+
+- `docs/product/resource-model.md`
+- `docs/product/command-spec.md`
+
+## Output and Error Behavior
+
+Before changing CLI UX, read:
+
+- `docs/product/cli-style-guide.md`
+- `docs/product/output-conventions.md`
+- `docs/product/error-conventions.md`
+
+Important themes:
+
+- stdout is for machine-readable data
+- stderr is for human-oriented status and decoration
+- `--json` is explicit
+- non-TTY and non-interactive behavior must stay automation-friendly
+- structured error codes are the branching surface for agents and CI
+
+## Error Handling
+
+- Use `better-result` for owned application code that can fail.
+- Model expected failures as `TaggedError` types from `better-result`.
+- Put tagged error message construction in the constructor. Instantiate tagged errors directly; delete factory functions that only wrap constructors. Use static constructors only when they encode distinct domain variants.
+- Represent unexpected failures as `UnhandledException` from `better-result`.
+- Return only errors produced by the function plus errors propagated from callees. Do not create app-wide error unions.
+- Wrap throwing or rejecting boundaries with `Result.try` or `Result.tryPromise`. This includes SDK calls, I/O, parsing, and async framework calls.
+- Wrap expected throwing failures at the lowest throwing expression and map them to the local tagged error type.
+- Once a function returns `Result`, do not throw inside its body for modeled boundaries. Return expected errors, abort errors, and propagated `UnhandledException` values in the error union; throw only at temporary or final CLI-facing boundaries.
+- When mapping abortable boundary failures, prefer `signal.aborted` over matching error names or messages to detect cancellation.
+- Do not wrap a boundary only to match `UnhandledException` and rethrow it. Let unexpected failures throw directly when no expected error is modeled or propagated.
+- Use `Result.gen` to compose multiple results. Do not manually chain `isErr` propagation when `yield*` can express the flow.
+- Propagate typed results through lower layers. Do not convert results to plain values, `null`, booleans, or thrown exceptions below the boundary.
+- Convert results only at CLI-facing boundaries: command runners, controllers that produce command output, auth providers, API/client adapters, storage adapters, and startup assembly.
+- Match errors exhaustively with `matchError`. Do not use catch-all handlers or partial matches.
+- Throw tagged errors directly when their message and context are already correct. Do not wrap them in generic `Error` instances.
+- Do not refactor generated code, third-party SDK internals, or framework internals for result handling.
+
+## When Making Changes
+
+- Prefer tightening existing docs over adding new surface area.
+- Keep nouns and verbs stable across docs, help, output, and code.
+- Do not add shortcuts or aliases as canonical forms.
+- Do not let the current app preview introduce abstractions that will block later ORM/Postgres integration.
+- If docs conflict, resolve the docs rather than guessing in implementation.
+
+## Default Agent Workflow
+
+1. Read the product docs above.
+2. Identify the relevant source-of-truth doc for the task.
+3. If implementation requires undefined behavior, update docs first.
+4. Keep changes aligned with the unified CLI direction, not just the current app slice.
diff --git a/packages/cli/LICENSE b/packages/cli/LICENSE
new file mode 100644
index 0000000..c6732f4
--- /dev/null
+++ b/packages/cli/LICENSE
@@ -0,0 +1,158 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work by
+the copyright owner or by an individual or Legal Entity authorized to submit on
+behalf of the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent to the
+Licensor or its representatives, including but not limited to communication on
+electronic mailing lists, source code control systems, and issue tracking
+systems that are managed by, or on behalf of, the Licensor for the purpose of
+discussing and improving the Work, but excluding communication that is
+conspicuously marked or otherwise designated in writing by the copyright owner
+as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+License, each Contributor hereby grants to You a perpetual, worldwide,
+non-exclusive, no-charge, royalty-free, irrevocable copyright license to
+reproduce, prepare Derivative Works of, publicly display, publicly perform,
+sublicense, and distribute the Work and such Derivative Works in Source or Object
+form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License,
+each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise
+transfer the Work, where such license applies only to those patent claims
+licensable by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s) with the Work to
+which such Contribution(s) was submitted. If You institute patent litigation
+against any entity (including a cross-claim or counterclaim in a lawsuit)
+alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate as of the date
+such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or
+Derivative Works thereof in any medium, with or without modifications, and in
+Source or Object form, provided that You meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+
+(b) You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works that You
+distribute, all copyright, patent, trademark, and attribution notices from the
+Source form of the Work, excluding those notices that do not pertain to any part
+of the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+any Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the Derivative
+Works; within the Source form or documentation, if provided along with the
+Derivative Works; or, within a display generated by the Derivative Works, if and
+wherever such third-party notices normally appear. The contents of the NOTICE
+file are for informational purposes only and do not modify the License. You may
+add Your own attribution notices within Derivative Works that You distribute,
+alongside or as an addendum to the NOTICE text from the Work, provided that such
+additional attribution notices cannot be construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any
+Contribution intentionally submitted for inclusion in the Work by You to the
+Licensor shall be under the terms and conditions of this License, without any
+additional terms or conditions. Notwithstanding the above, nothing herein shall
+supersede or modify the terms of any separate license agreement you may have
+executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names,
+trademarks, service marks, or product names of the Licensor, except as required
+for reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+writing, Licensor provides the Work (and each Contributor provides its
+Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied, including, without limitation, any warranties or
+conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks
+associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in
+tort (including negligence), contract, or otherwise, unless required by
+applicable law (such as deliberate and grossly negligent acts) or agreed to in
+writing, shall any Contributor be liable to You for damages, including any
+direct, indirect, special, incidental, or consequential damages of any character
+arising as a result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill, work stoppage,
+computer failure or malfunction, or any and all other commercial damages or
+losses), even if such Contributor has been advised of the possibility of such
+damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or
+Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or
+rights consistent with this License. However, in accepting such obligations, You
+may act only on Your own behalf and on Your sole responsibility, not on behalf of
+any other Contributor, and only if You agree to indemnify, defend, and hold each
+Contributor harmless for any liability incurred by, or claims asserted against,
+such Contributor by reason of your accepting any such warranty or additional
+liability.
+
+END OF TERMS AND CONDITIONS
diff --git a/packages/cli/tests/publish-prep.test.ts b/packages/cli/tests/publish-prep.test.ts
deleted file mode 100644
index b2b9f31..0000000
--- a/packages/cli/tests/publish-prep.test.ts
+++ /dev/null
@@ -1,210 +0,0 @@
-import { mkdir, mkdtemp, readdir, readFile, writeFile } from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
-
-import { describe, expect, it } from "vitest";
-
-import { stageCliPublishPackage } from "../../../scripts/prepare-cli-publish.mjs";
-
-function createTempCwd(): Promise<string> {
-  return mkdtemp(path.join(os.tmpdir(), "prisma-cli-"));
-}
-
-describe("prepare cli publish", () => {
-  it("stages a public package manifest for @prisma/cli", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          private: true,
-          version: "3.0.0-development",
-          description:
-            "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          engines: {
-            node: ">=20",
-          },
-          keywords: ["prisma", "cli"],
-          repository: {
-            type: "git",
-            url: "https://github.com/prisma/prisma-cli.git",
-            directory: "packages/cli",
-          },
-          homepage: "https://github.com/prisma/prisma-cli#readme",
-          bugs: {
-            url: "https://github.com/prisma/prisma-cli/issues",
-          },
-          license: "Apache-2.0",
-          dependencies: {
-            commander: "^12.1.0",
-          },
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "README.md"),
-      "# Test package\n",
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "dist/cli.js"),
-      "#!/usr/bin/env node\nconsole.log('ok')\n",
-      "utf8",
-    );
-
-    const stagedPath = await stageCliPublishPackage({ sourceDir, outputDir });
-    const manifest = JSON.parse(
-      await readFile(path.join(stagedPath, "package.json"), "utf8"),
-    );
-
-    expect(stagedPath).toBe(outputDir);
-    expect(manifest).toEqual({
-      name: "@prisma/cli",
-      version: "3.0.0-development",
-      description: "Command-line interface for the Prisma Developer Platform.",
-      type: "module",
-      bin: {
-        "prisma-cli": "./dist/cli.js",
-      },
-      files: ["dist", "README.md", "LICENSE"],
-      publishConfig: {
-        access: "public",
-      },
-      engines: {
-        node: ">=20",
-      },
-      keywords: ["prisma", "cli"],
-      repository: {
-        type: "git",
-        url: "https://github.com/prisma/prisma-cli.git",
-        directory: "packages/cli",
-      },
-      homepage: "https://github.com/prisma/prisma-cli#readme",
-      bugs: {
-        url: "https://github.com/prisma/prisma-cli/issues",
-      },
-      license: "Apache-2.0",
-      dependencies: {
-        commander: "^12.1.0",
-      },
-    });
-    expect(manifest).not.toHaveProperty("private");
-  });
-
-  it("uses an injected publish version when staging the package", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          version: "3.0.0-development",
-          description:
-            "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          dependencies: {},
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "README.md"),
-      "# Test package\n",
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "dist/cli.js"),
-      "#!/usr/bin/env node\nconsole.log('ok')\n",
-      "utf8",
-    );
-
-    const stagedPath = await stageCliPublishPackage({
-      sourceDir,
-      outputDir,
-      publishVersion: "3.0.0-beta.0",
-    });
-    const manifest = JSON.parse(
-      await readFile(path.join(stagedPath, "package.json"), "utf8"),
-    );
-
-    expect(manifest.version).toBe("3.0.0-beta.0");
-  });
-
-  it("stages only npm package files", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await mkdir(path.join(sourceDir, "src"), { recursive: true });
-    await mkdir(path.join(sourceDir, "tests"), { recursive: true });
-    await mkdir(path.join(sourceDir, "fixtures"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          version: "3.0.0-development",
-          description:
-            "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          dependencies: {},
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "README.md"),
-      "# Test package\n",
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "dist/cli.js"),
-      "#!/usr/bin/env node\nconsole.log('ok')\n",
-      "utf8",
-    );
-    await writeFile(path.join(sourceDir, "src/cli.ts"), "export {}\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "tests/cli.test.ts"),
-      "export {}\n",
-      "utf8",
-    );
-    await writeFile(
-      path.join(sourceDir, "fixtures/mock-api.json"),
-      "{}\n",
-      "utf8",
-    );
-
-    const stagedPath = await stageCliPublishPackage({ sourceDir, outputDir });
-    const topLevelFiles = await readdir(stagedPath);
-    const distFiles = await readdir(path.join(stagedPath, "dist"));
-
-    expect(topLevelFiles.sort()).toEqual([
-      "LICENSE",
-      "README.md",
-      "dist",
-      "package.json",
-    ]);
-    expect(distFiles).toEqual(["cli.js"]);
-  });
-});
diff --git a/packages/cli/tests/resolve-cli-version.test.ts b/packages/cli/tests/resolve-package-version.test.ts
similarity index 64%
rename from packages/cli/tests/resolve-cli-version.test.ts
rename to packages/cli/tests/resolve-package-version.test.ts
index d7061f0..d2aa319 100644
--- a/packages/cli/tests/resolve-cli-version.test.ts
+++ b/packages/cli/tests/resolve-package-version.test.ts
@@ -9,34 +9,41 @@ import {
   resolveDevVersion,
   resolveNextBetaVersion,
   resolvePrVersion,
-} from "../../../scripts/resolve-cli-version.mjs";
+} from "../../../scripts/resolve-package-version.mjs";
 
 const execFileAsync = promisify(execFile);
 const repoRoot = path.resolve(
   path.dirname(fileURLToPath(import.meta.url)),
   "../../..",
 );
-const scriptPath = path.join(repoRoot, "scripts/resolve-cli-version.mjs");
+const scriptPath = path.join(repoRoot, "scripts/resolve-package-version.mjs");
 
-describe("resolve cli version", () => {
+describe("resolve package version", () => {
   it("computes the first beta when npm latest is missing or still legacy 2.x", () => {
-    expect(resolveNextBetaVersion("")).toBe("3.0.0-beta.0");
-    expect(resolveNextBetaVersion("2.20.1")).toBe("3.0.0-beta.0");
+    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "" })).toBe(
+      "3.0.0-beta.0",
+    );
+    expect(
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "2.20.1" }),
+    ).toBe("3.0.0-beta.0");
   });
 
   it("increments the beta number from the current npm latest", () => {
-    expect(resolveNextBetaVersion("3.0.0-beta.0")).toBe("3.0.0-beta.1");
+    expect(
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0-beta.0" }),
+    ).toBe("3.0.0-beta.1");
   });
 
   it("fails when npm latest is outside the supported beta line", () => {
-    expect(() => resolveNextBetaVersion("3.0.0")).toThrow(
-      "Cannot compute the next beta from npm latest (3.0.0).",
-    );
+    expect(() =>
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0" }),
+    ).toThrow("Cannot compute the next beta from npm latest (3.0.0).");
   });
 
   it("computes a unique dev build version", () => {
     expect(
       resolveDevVersion({
+        baseVersion: "3.0.0",
         runNumber: "123",
         runAttempt: "2",
       }),
@@ -46,6 +53,7 @@ describe("resolve cli version", () => {
   it("computes an exact PR preview version", () => {
     expect(
       resolvePrVersion({
+        baseVersion: "3.0.0",
         prNumber: "43",
         sha: "f1110dd704a9382c429b",
       }),
@@ -56,6 +64,8 @@ describe("resolve cli version", () => {
     const { stdout } = await execFileAsync(process.execPath, [
       scriptPath,
       "next-beta",
+      "--package-dir",
+      "packages/cli",
       "--latest",
       "3.0.0-beta.0",
     ]);
diff --git a/packages/compute/.npmignore b/packages/compute/.npmignore
new file mode 100644
index 0000000..17cabed
--- /dev/null
+++ b/packages/compute/.npmignore
@@ -0,0 +1,6 @@
+src/
+tests/
+fixtures/
+docs/
+.prisma/
+.publish/
diff --git a/packages/compute/LICENSE b/packages/compute/LICENSE
new file mode 100644
index 0000000..c6732f4
--- /dev/null
+++ b/packages/compute/LICENSE
@@ -0,0 +1,158 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work by
+the copyright owner or by an individual or Legal Entity authorized to submit on
+behalf of the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent to the
+Licensor or its representatives, including but not limited to communication on
+electronic mailing lists, source code control systems, and issue tracking
+systems that are managed by, or on behalf of, the Licensor for the purpose of
+discussing and improving the Work, but excluding communication that is
+conspicuously marked or otherwise designated in writing by the copyright owner
+as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+License, each Contributor hereby grants to You a perpetual, worldwide,
+non-exclusive, no-charge, royalty-free, irrevocable copyright license to
+reproduce, prepare Derivative Works of, publicly display, publicly perform,
+sublicense, and distribute the Work and such Derivative Works in Source or Object
+form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License,
+each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise
+transfer the Work, where such license applies only to those patent claims
+licensable by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s) with the Work to
+which such Contribution(s) was submitted. If You institute patent litigation
+against any entity (including a cross-claim or counterclaim in a lawsuit)
+alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate as of the date
+such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or
+Derivative Works thereof in any medium, with or without modifications, and in
+Source or Object form, provided that You meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+
+(b) You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works that You
+distribute, all copyright, patent, trademark, and attribution notices from the
+Source form of the Work, excluding those notices that do not pertain to any part
+of the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+any Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the Derivative
+Works; within the Source form or documentation, if provided along with the
+Derivative Works; or, within a display generated by the Derivative Works, if and
+wherever such third-party notices normally appear. The contents of the NOTICE
+file are for informational purposes only and do not modify the License. You may
+add Your own attribution notices within Derivative Works that You distribute,
+alongside or as an addendum to the NOTICE text from the Work, provided that such
+additional attribution notices cannot be construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any
+Contribution intentionally submitted for inclusion in the Work by You to the
+Licensor shall be under the terms and conditions of this License, without any
+additional terms or conditions. Notwithstanding the above, nothing herein shall
+supersede or modify the terms of any separate license agreement you may have
+executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names,
+trademarks, service marks, or product names of the Licensor, except as required
+for reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+writing, Licensor provides the Work (and each Contributor provides its
+Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied, including, without limitation, any warranties or
+conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks
+associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in
+tort (including negligence), contract, or otherwise, unless required by
+applicable law (such as deliberate and grossly negligent acts) or agreed to in
+writing, shall any Contributor be liable to You for damages, including any
+direct, indirect, special, incidental, or consequential damages of any character
+arising as a result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill, work stoppage,
+computer failure or malfunction, or any and all other commercial damages or
+losses), even if such Contributor has been advised of the possibility of such
+damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or
+Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or
+rights consistent with this License. However, in accepting such obligations, You
+may act only on Your own behalf and on Your sole responsibility, not on behalf of
+any other Contributor, and only if You agree to indemnify, defend, and hold each
+Contributor harmless for any liability incurred by, or claims asserted against,
+such Contributor by reason of your accepting any such warranty or additional
+liability.
+
+END OF TERMS AND CONDITIONS
diff --git a/packages/compute/package.json b/packages/compute/package.json
index 92e01d4..550406a 100644
--- a/packages/compute/package.json
+++ b/packages/compute/package.json
@@ -37,6 +37,7 @@
   "license": "Apache-2.0",
   "scripts": {
     "build": "tsdown",
+    "prepack": "pnpm run build",
     "test": "vitest run"
   },
   "devDependencies": {
diff --git a/scripts/prepare-cli-publish.d.mts b/scripts/prepare-cli-publish.d.mts
deleted file mode 100644
index 75cad70..0000000
--- a/scripts/prepare-cli-publish.d.mts
+++ /dev/null
@@ -1,5 +0,0 @@
-export declare function stageCliPublishPackage(options?: {
-  sourceDir?: string;
-  outputDir?: string;
-  publishVersion?: string;
-}): Promise<string>;
diff --git a/scripts/prepare-cli-publish.mjs b/scripts/prepare-cli-publish.mjs
deleted file mode 100644
index 189e02a..0000000
--- a/scripts/prepare-cli-publish.mjs
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/usr/bin/env node
-
-import { access, cp, mkdir, readFile, rm, writeFile } from "node:fs/promises";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-export async function stageCliPublishPackage(options = {}) {
-  const sourceDir =
-    options.sourceDir ?? path.join(getRepoRoot(), "packages/cli");
-  const outputDir =
-    options.outputDir ?? path.join(getRepoRoot(), ".publish/cli");
-  const publishVersion = options.publishVersion;
-
-  await ensureBuildArtifacts(sourceDir);
-
-  await rm(outputDir, { recursive: true, force: true });
-  await mkdir(outputDir, { recursive: true });
-
-  await cp(path.join(sourceDir, "dist"), path.join(outputDir, "dist"), {
-    recursive: true,
-  });
-  await cp(
-    path.join(sourceDir, "README.md"),
-    path.join(outputDir, "README.md"),
-  );
-  await cp(
-    path.join(getRepoRoot(), "LICENSE"),
-    path.join(outputDir, "LICENSE"),
-  );
-
-  const sourceManifest = JSON.parse(
-    await readFile(path.join(sourceDir, "package.json"), "utf8"),
-  );
-
-  const publishManifest = {
-    name: sourceManifest.name,
-    version: publishVersion ?? sourceManifest.version,
-    description: sourceManifest.description,
-    type: sourceManifest.type,
-    bin: {
-      "prisma-cli": "./dist/cli.js",
-    },
-    files: ["dist", "README.md", "LICENSE"],
-    publishConfig: {
-      access: "public",
-    },
-    engines: sourceManifest.engines,
-    keywords: sourceManifest.keywords,
-    repository: sourceManifest.repository,
-    homepage: sourceManifest.homepage,
-    bugs: sourceManifest.bugs,
-    license: sourceManifest.license,
-    dependencies: sourceManifest.dependencies,
-  };
-
-  await writeFile(
-    path.join(outputDir, "package.json"),
-    `${JSON.stringify(removeUndefinedFields(publishManifest), null, 2)}\n`,
-    "utf8",
-  );
-
-  return outputDir;
-}
-
-function getRepoRoot() {
-  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
-}
-
-async function ensureBuildArtifacts(sourceDir) {
-  const builtCliPath = path.join(sourceDir, "dist/cli.js");
-
-  try {
-    await access(builtCliPath);
-  } catch {
-    throw new Error(
-      `Missing built CLI artifact at ${builtCliPath}. Run "pnpm --filter @prisma/cli build" first.`,
-    );
-  }
-}
-
-function removeUndefinedFields(value) {
-  return Object.fromEntries(
-    Object.entries(value).filter(([, entryValue]) => entryValue !== undefined),
-  );
-}
-
-async function main() {
-  const { outputDir, publishVersion } = parseCliArgs(process.argv.slice(2));
-  const stagedPath = await stageCliPublishPackage({
-    ...(outputDir ? { outputDir: path.resolve(outputDir) } : {}),
-    ...(publishVersion ? { publishVersion } : {}),
-  });
-  process.stdout.write(`${stagedPath}\n`);
-}
-
-function parseCliArgs(args) {
-  let outputDir;
-  let publishVersion = process.env.CLI_PUBLISH_VERSION;
-
-  for (let index = 0; index < args.length; index += 1) {
-    const arg = args[index];
-
-    if (arg === "--version") {
-      const nextArg = args[index + 1];
-      if (!nextArg || nextArg.startsWith("--")) {
-        throw new Error("--version requires a value.");
-      }
-      publishVersion = nextArg;
-      index += 1;
-      continue;
-    }
-
-    if (arg?.startsWith("--version=")) {
-      publishVersion = arg.slice("--version=".length);
-      continue;
-    }
-
-    if (arg?.startsWith("--")) {
-      throw new Error(`Unknown option: ${arg}`);
-    }
-
-    if (outputDir) {
-      throw new Error(`Unexpected argument: ${arg}`);
-    }
-
-    outputDir = arg;
-  }
-
-  if (publishVersion !== undefined && publishVersion.trim() === "") {
-    throw new Error("Publish version cannot be empty.");
-  }
-
-  return { outputDir, publishVersion };
-}
-
-if (
-  process.argv[1] &&
-  fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
-) {
-  main().catch((error) => {
-    const message =
-      error instanceof Error ? (error.stack ?? error.message) : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-  });
-}
diff --git a/scripts/resolve-cli-version.d.mts b/scripts/resolve-cli-version.d.mts
deleted file mode 100644
index f764041..0000000
--- a/scripts/resolve-cli-version.d.mts
+++ /dev/null
@@ -1,13 +0,0 @@
-export declare const CLI_RELEASE_BASE_VERSION: string;
-
-export declare function resolveDevVersion(options: {
-  runNumber?: string | number | null;
-  runAttempt?: string | number | null;
-}): string;
-
-export declare function resolvePrVersion(options: {
-  prNumber?: string | number | null;
-  sha?: string | null;
-}): string;
-
-export declare function resolveNextBetaVersion(latest?: string | null): string;
diff --git a/scripts/resolve-cli-version.mjs b/scripts/resolve-cli-version.mjs
deleted file mode 100644
index cc06186..0000000
--- a/scripts/resolve-cli-version.mjs
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/usr/bin/env node
-// biome-ignore-all lint/performance/useTopLevelRegex: Release script regexes are kept inline for readability.
-
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-export const CLI_RELEASE_BASE_VERSION = "3.0.0";
-
-export function resolveDevVersion(options) {
-  const runNumber = requireValue(options.runNumber, "runNumber");
-  const runAttempt = requireValue(options.runAttempt, "runAttempt");
-
-  return `${CLI_RELEASE_BASE_VERSION}-dev.${runNumber}.${runAttempt}`;
-}
-
-export function resolvePrVersion(options) {
-  const prNumber = requireValue(options.prNumber, "prNumber");
-  const sha = shortSha(requireValue(options.sha, "sha"));
-
-  return `${CLI_RELEASE_BASE_VERSION}-pr.${prNumber}.sha${sha}`;
-}
-
-export function resolveNextBetaVersion(latest) {
-  const normalizedLatest = (latest ?? "").trim();
-
-  if (!normalizedLatest || normalizedLatest.startsWith("2.")) {
-    return `${CLI_RELEASE_BASE_VERSION}-beta.0`;
-  }
-
-  const betaMatch = normalizedLatest.match(/^3\.0\.0-beta\.(\d+)$/);
-  if (betaMatch) {
-    const nextNumber = Number(betaMatch[1]) + 1;
-    return `${CLI_RELEASE_BASE_VERSION}-beta.${nextNumber}`;
-  }
-
-  throw new Error(
-    `Cannot compute the next beta from npm latest (${normalizedLatest}). Expected no latest, a 2.x legacy latest, or ${CLI_RELEASE_BASE_VERSION}-beta.N.`,
-  );
-}
-
-function shortSha(sha) {
-  return sha.slice(0, 12);
-}
-
-function requireValue(value, name) {
-  if (value === undefined || value === null || String(value).trim() === "") {
-    throw new Error(`${name} is required.`);
-  }
-
-  return String(value);
-}
-
-function parseOptions(args) {
-  const options = {};
-
-  for (let index = 0; index < args.length; index += 1) {
-    const arg = args[index];
-
-    if (!arg.startsWith("--")) {
-      throw new Error(`Unexpected argument: ${arg}`);
-    }
-
-    const inlineValueIndex = arg.indexOf("=");
-    if (inlineValueIndex !== -1) {
-      options[arg.slice(2, inlineValueIndex)] = arg.slice(inlineValueIndex + 1);
-      continue;
-    }
-
-    const value = args[index + 1];
-    if (value === undefined || value.startsWith("--")) {
-      throw new Error(`${arg} requires a value.`);
-    }
-
-    options[arg.slice(2)] = value;
-    index += 1;
-  }
-
-  return options;
-}
-
-function main() {
-  const [command, ...args] = process.argv.slice(2);
-  const options = parseOptions(args);
-
-  if (command === "dev") {
-    process.stdout.write(
-      `version=${resolveDevVersion({
-        runNumber: options["run-number"],
-        runAttempt: options["run-attempt"],
-      })}\n`,
-    );
-    return;
-  }
-
-  if (command === "pr") {
-    process.stdout.write(
-      `version=${resolvePrVersion({
-        prNumber: options["pr-number"],
-        sha: options.sha,
-      })}\n`,
-    );
-    return;
-  }
-
-  if (command === "next-beta") {
-    const latest = options.latest ?? "";
-    process.stdout.write(`latest=${latest}\n`);
-    process.stdout.write(`version=${resolveNextBetaVersion(latest)}\n`);
-    return;
-  }
-
-  throw new Error(
-    "Usage: resolve-cli-version.mjs <dev|pr|next-beta> [options]",
-  );
-}
-
-if (
-  process.argv[1] &&
-  fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
-) {
-  try {
-    main();
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-  }
-}
diff --git a/scripts/resolve-package-version.d.mts b/scripts/resolve-package-version.d.mts
new file mode 100644
index 0000000..1d1acb2
--- /dev/null
+++ b/scripts/resolve-package-version.d.mts
@@ -0,0 +1,20 @@
+export declare function resolveDevVersion(options: {
+  baseVersion?: string | number | null;
+  runNumber?: string | number | null;
+  runAttempt?: string | number | null;
+}): string;
+
+export declare function resolvePrVersion(options: {
+  baseVersion?: string | number | null;
+  prNumber?: string | number | null;
+  sha?: string | null;
+}): string;
+
+export declare function resolveNextBetaVersion(options: {
+  baseVersion?: string | number | null;
+  latest?: string | null;
+}): string;
+
+export declare function resolvePackageReleaseBaseVersion(
+  packageDir: string,
+): string;
diff --git a/scripts/resolve-package-version.mjs b/scripts/resolve-package-version.mjs
new file mode 100644
index 0000000..d241c73
--- /dev/null
+++ b/scripts/resolve-package-version.mjs
@@ -0,0 +1,198 @@
+#!/usr/bin/env node
+
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const PACKAGE_VERSION_PATTERN = /^(\d+\.\d+\.\d+)(?:-.+)?$/;
+const VERSION_CORE_PATTERN = /^(\d+)\.(\d+)\.(\d+)(?:-.+)?$/;
+
+export function resolveDevVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const runNumber = requireValue(options.runNumber, "runNumber");
+  const runAttempt = requireValue(options.runAttempt, "runAttempt");
+
+  return `${baseVersion}-dev.${runNumber}.${runAttempt}`;
+}
+
+export function resolvePrVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const prNumber = requireValue(options.prNumber, "prNumber");
+  const sha = shortSha(requireValue(options.sha, "sha"));
+
+  return `${baseVersion}-pr.${prNumber}.sha${sha}`;
+}
+
+export function resolveNextBetaVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const latest = options.latest;
+  const normalizedLatest = (latest ?? "").trim();
+
+  if (!normalizedLatest || isOlderReleaseLine(normalizedLatest, baseVersion)) {
+    return `${baseVersion}-beta.0`;
+  }
+
+  const betaMatch = normalizedLatest.match(
+    new RegExp(`^${escapeRegExp(baseVersion)}-beta\\.(\\d+)$`),
+  );
+  if (betaMatch) {
+    const nextNumber = Number(betaMatch[1]) + 1;
+    return `${baseVersion}-beta.${nextNumber}`;
+  }
+
+  throw new Error(
+    `Cannot compute the next beta from npm latest (${normalizedLatest}). Expected no latest, a lower release line, or ${baseVersion}-beta.N.`,
+  );
+}
+
+export function resolvePackageReleaseBaseVersion(packageDir) {
+  const manifestPath = path.join(getRepoRoot(), packageDir, "package.json");
+  const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
+  const version = requireValue(
+    manifest.version,
+    `${packageDir} package.json version`,
+  );
+  const match = version.match(PACKAGE_VERSION_PATTERN);
+
+  if (!match) {
+    throw new Error(
+      `Cannot derive release base from ${packageDir} package version (${version}).`,
+    );
+  }
+
+  return match[1];
+}
+
+function getRepoRoot() {
+  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+}
+
+function isOlderReleaseLine(latest, baseVersion) {
+  const latestParts = parseVersionCore(latest);
+  const baseParts = parseVersionCore(baseVersion);
+
+  if (!latestParts || !baseParts) {
+    return false;
+  }
+
+  for (let index = 0; index < baseParts.length; index += 1) {
+    if (latestParts[index] < baseParts[index]) {
+      return true;
+    }
+
+    if (latestParts[index] > baseParts[index]) {
+      return false;
+    }
+  }
+
+  return false;
+}
+
+function parseVersionCore(version) {
+  const match = version.match(VERSION_CORE_PATTERN);
+
+  if (!match) {
+    return undefined;
+  }
+
+  return match.slice(1).map(Number);
+}
+
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function shortSha(sha) {
+  return sha.slice(0, 12);
+}
+
+function requireValue(value, name) {
+  if (value === undefined || value === null || String(value).trim() === "") {
+    throw new Error(`${name} is required.`);
+  }
+
+  return String(value);
+}
+
+function parseOptions(args) {
+  const options = {};
+
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+
+    if (!arg.startsWith("--")) {
+      throw new Error(`Unexpected argument: ${arg}`);
+    }
+
+    const inlineValueIndex = arg.indexOf("=");
+    if (inlineValueIndex !== -1) {
+      options[arg.slice(2, inlineValueIndex)] = arg.slice(inlineValueIndex + 1);
+      continue;
+    }
+
+    const value = args[index + 1];
+    if (value === undefined || value.startsWith("--")) {
+      throw new Error(`${arg} requires a value.`);
+    }
+
+    options[arg.slice(2)] = value;
+    index += 1;
+  }
+
+  return options;
+}
+
+function main() {
+  const [command, ...args] = process.argv.slice(2);
+  const options = parseOptions(args);
+  const packageDir = requireValue(options["package-dir"], "package-dir");
+  const baseVersion = resolvePackageReleaseBaseVersion(packageDir);
+
+  if (command === "dev") {
+    process.stdout.write(
+      `version=${resolveDevVersion({
+        baseVersion,
+        runNumber: options["run-number"],
+        runAttempt: options["run-attempt"],
+      })}\n`,
+    );
+    return;
+  }
+
+  if (command === "pr") {
+    process.stdout.write(
+      `version=${resolvePrVersion({
+        baseVersion,
+        prNumber: options["pr-number"],
+        sha: options.sha,
+      })}\n`,
+    );
+    return;
+  }
+
+  if (command === "next-beta") {
+    const latest = options.latest ?? "";
+    process.stdout.write(`latest=${latest}\n`);
+    process.stdout.write(
+      `version=${resolveNextBetaVersion({ baseVersion, latest })}\n`,
+    );
+    return;
+  }
+
+  throw new Error(
+    "Usage: resolve-package-version.mjs <dev|pr|next-beta> [--package-dir <path>] [options]",
+  );
+}
+
+if (
+  process.argv[1] &&
+  fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
+) {
+  try {
+    main();
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`${message}\n`);
+    process.exitCode = 1;
+  }
+}