From cc03ae55f12813fc8fa4704a08d91c4577206c8c Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 06:56:17 -0400
Subject: [PATCH 1/8] chore: update workflow automation

---
 .agents/diary/pr-quality-workflow.md      |   2 +
 .github/workflows/AGENTS.md               |   3 +
 .github/workflows/pr-quality.yml          |  75 ++++++
 .github/workflows/preview-cli-package.yml |  24 +-
 .github/workflows/publish-cli.yml         |  71 ++----
 .github/workflows/publish-compute.yml     | 268 ++++++++++++++++++++++
 AGENTS.md                                 | 110 +--------
 package.json                              |   4 +
 packages/cli/AGENTS.md                    | 109 +++++++++
 scripts/prepare-compute-publish.mjs       | 133 +++++++++++
 scripts/resolve-cli-version.mjs           | 118 ----------
 scripts/resolve-package-version.mjs       | 177 ++++++++++++++
 12 files changed, 801 insertions(+), 293 deletions(-)
 create mode 100644 .agents/diary/pr-quality-workflow.md
 create mode 100644 .github/workflows/AGENTS.md
 create mode 100644 .github/workflows/pr-quality.yml
 create mode 100644 .github/workflows/publish-compute.yml
 create mode 100644 packages/cli/AGENTS.md
 create mode 100644 scripts/prepare-compute-publish.mjs
 delete mode 100644 scripts/resolve-cli-version.mjs
 create mode 100644 scripts/resolve-package-version.mjs

diff --git a/.agents/diary/pr-quality-workflow.md b/.agents/diary/pr-quality-workflow.md
new file mode 100644
index 0000000..775525f
--- /dev/null
+++ b/.agents/diary/pr-quality-workflow.md
@@ -0,0 +1,2 @@
+Unrelated bug or code smell: The new recursive typecheck command exposes existing `packages/cli` TypeScript errors in `src/lib/app/branch-database.ts`, `tests/helpers.ts`, several `project-real-mode` mocks, and imports from scripts without declarations. The workflow change intentionally does not fix these code issues.
+Unrelated bug or code smell: The new recursive test command currently fails in `packages/cli` because `tests/resolve-cli-version.test.ts` imports the deleted `scripts/resolve-cli-version.mjs`, and several other tests time out. This is outside the PR Quality workflow scope.
diff --git a/.github/workflows/AGENTS.md b/.github/workflows/AGENTS.md
new file mode 100644
index 0000000..8f26217
--- /dev/null
+++ b/.github/workflows/AGENTS.md
@@ -0,0 +1,3 @@
+# GitHub Workflows
+
+- Pin all GitHub Actions to their commit SHA, not a tag. Append the tag as a comment for readability (e.g., `uses: actions/checkout@abc123... # v4.3.2`).
diff --git a/.github/workflows/pr-quality.yml b/.github/workflows/pr-quality.yml
new file mode 100644
index 0000000..9d40d8e
--- /dev/null
+++ b/.github/workflows/pr-quality.yml
@@ -0,0 +1,75 @@
+name: PR Quality
+
+# This workflow owns required PR status checks. Add only jobs that should block
+# merging when they fail.
+
+on:
+  pull_request:
+
+concurrency:
+  group: pr-quality-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  typecheck:
+    name: Type Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+
+      - name: Set up Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Type check
+        run: pnpm --recursive exec tsc --noEmit
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+      - name: Set up Biome
+        uses: biomejs/setup-biome@4c91541eaada48f67d7dbd7833600ce162b68f51 # v2.7.1
+
+      - name: Lint
+        run: biome ci .
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+
+      - name: Set up Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Test
+        run: pnpm --recursive test
diff --git a/.github/workflows/preview-cli-package.yml b/.github/workflows/preview-cli-package.yml
index 343834f..185584d 100644
--- a/.github/workflows/preview-cli-package.yml
+++ b/.github/workflows/preview-cli-package.yml
@@ -20,29 +20,18 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
+          cache: true
 
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
-
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: package.json
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -50,7 +39,8 @@ jobs:
       - name: Resolve preview version
         id: cli_version
         run: |
-          node scripts/resolve-cli-version.mjs pr \
+          node scripts/resolve-package-version.mjs pr \
+            --package-dir packages/cli \
             --sha '${{ github.event.pull_request.head.sha }}' \
             --pr-number '${{ github.event.pull_request.number }}' >> "$GITHUB_OUTPUT"
 
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 9f630fa..80e05cc 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -25,29 +25,18 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
-          registry-url: https://registry.npmjs.org
-
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
+          cache: true
 
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: package.json
+          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -55,19 +44,11 @@ jobs:
       - name: Resolve dev version
         id: cli_version
         run: |
-          node scripts/resolve-cli-version.mjs dev \
+          node scripts/resolve-package-version.mjs dev \
+            --package-dir packages/cli \
             --run-number "${GITHUB_RUN_NUMBER}" \
             --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
 
-      - name: Fail if version already exists on npm
-        run: |
-          PACKAGE='@prisma/cli'
-          VERSION='${{ steps.cli_version.outputs.version }}'
-          if npm view "${PACKAGE}@${VERSION}" version >/dev/null 2>&1; then
-            echo "${PACKAGE}@${VERSION} already exists on npm."
-            exit 1
-          fi
-
       - name: Run focused CLI tests
         run: pnpm --filter @prisma/cli test
 
@@ -150,30 +131,19 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0
           persist-credentials: false
 
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          node-version: 24
-          registry-url: https://registry.npmjs.org
-
-      - name: Enable pnpm
-        run: |
-          corepack enable
-          PNPM_VERSION="$(node -p 'const pm = require("./package.json").packageManager; const match = pm && pm.match(/^pnpm@(.+)$/); if (!match) throw new Error("packageManager must be pnpm@<version>"); match[1]')"
-          corepack prepare "pnpm@${PNPM_VERSION}" --activate
-          echo "PNPM_STORE_PATH=$(pnpm store path)" >> "$GITHUB_ENV"
+          cache: true
 
-      - name: Cache pnpm store
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          path: ${{ env.PNPM_STORE_PATH }}
-          key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: |
-            pnpm-store-${{ runner.os }}-
+          node-version-file: package.json
+          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -183,16 +153,9 @@ jobs:
         run: |
           PACKAGE='@prisma/cli'
           LATEST="$(npm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
-          node scripts/resolve-cli-version.mjs next-beta --latest "${LATEST}" >> "$GITHUB_OUTPUT"
-
-      - name: Fail if version already exists on npm
-        run: |
-          PACKAGE='@prisma/cli'
-          VERSION='${{ steps.cli_version.outputs.version }}'
-          if npm view "${PACKAGE}@${VERSION}" version >/dev/null 2>&1; then
-            echo "${PACKAGE}@${VERSION} already exists on npm."
-            exit 1
-          fi
+          node scripts/resolve-package-version.mjs next-beta \
+            --package-dir packages/cli \
+            --latest "${LATEST}" >> "$GITHUB_OUTPUT"
 
       - name: Fail if release tag already exists
         run: |
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
new file mode 100644
index 0000000..256d1db
--- /dev/null
+++ b/.github/workflows/publish-compute.yml
@@ -0,0 +1,268 @@
+name: Publish Compute
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: Validate the next official beta release without publishing or tagging
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: publish-compute-${{ github.event_name }}
+  cancel-in-progress: false
+
+jobs:
+  publish-dev:
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          cache: true
+
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+          registry-url: https://registry.npmjs.org
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Resolve dev version
+        id: compute_version
+        run: |
+          node scripts/resolve-package-version.mjs dev \
+            --package-dir packages/compute \
+            --run-number "${GITHUB_RUN_NUMBER}" \
+            --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
+
+      - name: Run focused compute tests
+        run: pnpm --filter @prisma/compute test
+
+      - name: Build compute package
+        run: pnpm --filter @prisma/compute build
+
+      - name: Prepare staged publish package
+        run: node scripts/prepare-compute-publish.mjs .publish/compute --version '${{ steps.compute_version.outputs.version }}'
+
+      - name: Audit staged package contents
+        working-directory: .publish/compute
+        run: |
+          PACK_JSON="$(npm pack --dry-run --json)"
+          PACK_JSON="${PACK_JSON}" node -e "
+            const pack = JSON.parse(process.env.PACK_JSON)[0]
+            const files = pack.files.map((file) => file.path).sort()
+            const forbidden = files.filter((file) =>
+              file.startsWith('src/') ||
+              file.startsWith('tests/') ||
+              file.startsWith('fixtures/') ||
+              file.startsWith('docs/') ||
+              file.startsWith('.prisma/') ||
+              file.startsWith('.publish/')
+            )
+            if (forbidden.length) {
+              console.error('Forbidden files in npm package:', forbidden.join(', '))
+              process.exit(1)
+            }
+            for (const required of ['dist/index.js', 'dist/index.d.ts', 'README.md', 'LICENSE', 'package.json']) {
+              if (!files.includes(required)) {
+                console.error('Missing required package file:', required)
+                process.exit(1)
+              }
+            }
+          "
+
+      - name: Smoke test staged tarball install
+        run: |
+          TARBALL="$(cd .publish/compute && npm pack --silent)"
+          TMPDIR="$(mktemp -d)"
+          cat > "${TMPDIR}/package.json" <<'EOF'
+          {
+            "name": "compute-publish-smoke",
+            "private": true,
+            "type": "module"
+          }
+          EOF
+          pnpm add -D "${PWD}/.publish/compute/${TARBALL}" --dir "${TMPDIR}"
+          (
+            cd "${TMPDIR}"
+            node -e "await import('@prisma/compute')"
+          )
+
+      - name: Publish dev package to npm
+        working-directory: .publish/compute
+        run: npm publish --access public --tag dev --provenance
+
+      - name: Summarize dev publish
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          {
+            echo "## Publish Compute Dev"
+            echo
+            echo "- npm package: \`@prisma/compute@${VERSION}\`"
+            echo "- npm dist-tag: \`dev\`"
+          } >> "$GITHUB_STEP_SUMMARY"
+
+  publish-official:
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Ensure workflow runs from main
+        run: |
+          if [ "${GITHUB_REF}" != "refs/heads/main" ]; then
+            echo "This workflow only publishes official releases from main."
+            exit 1
+          fi
+
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          cache: true
+
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version-file: package.json
+          registry-url: https://registry.npmjs.org
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Resolve next beta version
+        id: compute_version
+        run: |
+          PACKAGE='@prisma/compute'
+          LATEST="$(npm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          node scripts/resolve-package-version.mjs next-beta \
+            --package-dir packages/compute \
+            --latest "${LATEST}" >> "$GITHUB_OUTPUT"
+
+      - name: Fail if release tag already exists
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          TAG="compute-v${VERSION}"
+          if git ls-remote --exit-code --tags origin "refs/tags/${TAG}" >/dev/null 2>&1; then
+            echo "Release tag ${TAG} already exists."
+            exit 1
+          fi
+
+      - name: Run focused compute tests
+        run: pnpm --filter @prisma/compute test
+
+      - name: Build compute package
+        run: pnpm --filter @prisma/compute build
+
+      - name: Prepare staged publish package
+        run: node scripts/prepare-compute-publish.mjs .publish/compute --version '${{ steps.compute_version.outputs.version }}'
+
+      - name: Audit staged package contents
+        working-directory: .publish/compute
+        run: |
+          PACK_JSON="$(npm pack --dry-run --json)"
+          PACK_JSON="${PACK_JSON}" node -e "
+            const pack = JSON.parse(process.env.PACK_JSON)[0]
+            const files = pack.files.map((file) => file.path).sort()
+            const forbidden = files.filter((file) =>
+              file.startsWith('src/') ||
+              file.startsWith('tests/') ||
+              file.startsWith('fixtures/') ||
+              file.startsWith('docs/') ||
+              file.startsWith('.prisma/') ||
+              file.startsWith('.publish/')
+            )
+            if (forbidden.length) {
+              console.error('Forbidden files in npm package:', forbidden.join(', '))
+              process.exit(1)
+            }
+            for (const required of ['dist/index.js', 'dist/index.d.ts', 'README.md', 'LICENSE', 'package.json']) {
+              if (!files.includes(required)) {
+                console.error('Missing required package file:', required)
+                process.exit(1)
+              }
+            }
+          "
+
+      - name: Smoke test staged tarball install
+        run: |
+          TARBALL="$(cd .publish/compute && npm pack --silent)"
+          TMPDIR="$(mktemp -d)"
+          cat > "${TMPDIR}/package.json" <<'EOF'
+          {
+            "name": "compute-publish-smoke",
+            "private": true,
+            "type": "module"
+          }
+          EOF
+          pnpm add -D "${PWD}/.publish/compute/${TARBALL}" --dir "${TMPDIR}"
+          (
+            cd "${TMPDIR}"
+            node -e "await import('@prisma/compute')"
+          )
+
+      - name: Ensure release still targets the latest main
+        if: ${{ !inputs.dry_run }}
+        run: |
+          git fetch origin main
+          if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then
+            echo "main moved while the release was running. Rerun the workflow from the latest main."
+            exit 1
+          fi
+
+      - name: Publish official package to npm
+        if: ${{ !inputs.dry_run }}
+        working-directory: .publish/compute
+        run: npm publish --access public --tag latest --provenance
+
+      - name: Create release tag
+        if: ${{ !inputs.dry_run }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          TAG="compute-v${VERSION}"
+          SHA="$(git rev-parse HEAD)"
+          gh api \
+            --method POST \
+            "repos/${GITHUB_REPOSITORY}/git/refs" \
+            -f ref="refs/tags/${TAG}" \
+            -f sha="${SHA}"
+
+      - name: Summarize release
+        run: |
+          VERSION='${{ steps.compute_version.outputs.version }}'
+          LATEST='${{ steps.compute_version.outputs.latest }}'
+          {
+            echo "## Publish Compute Official"
+            echo
+            echo "- Previous npm latest: \`${LATEST:-none}\`"
+            echo "- Version: \`${VERSION}\`"
+            echo "- Dry run: \`${{ inputs.dry_run }}\`"
+            if [ '${{ inputs.dry_run }}' = 'true' ]; then
+              echo "- Publish: skipped"
+              echo "- Tag creation: skipped"
+            else
+              echo "- npm package: \`@prisma/compute@${VERSION}\`"
+              echo "- npm dist-tag: \`latest\`"
+              echo "- git tag: \`compute-v${VERSION}\`"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
diff --git a/AGENTS.md b/AGENTS.md
index f305150..5bc015a 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -2,109 +2,11 @@
 
 ## Purpose
 
-This repo uses document-driven development for the new Prisma CLI.
+Use this file for repo-wide instructions. Use package-local `AGENTS.md` files for package-specific rules.
 
-The docs in `docs/product` are the source of truth. Do not invent product behavior in code that is not already grounded in those docs. If behavior is unclear or missing, update docs first.
+## Development Setup
 
-## What This CLI Is
-
-- This is the future unified Prisma CLI.
-- The first implementation slice is app deployment workflows, but the command model must preserve the long-term CLI for ORM, Postgres, and app workflows.
-
-## Read These First
-
-Start with `docs/README.md` for the public docs index.
-
-1. `docs/product/resource-model.md`
-2. `docs/product/command-principles.md`
-3. `docs/product/command-spec.md`
-4. `docs/product/cli-style-guide.md`
-5. `docs/product/output-conventions.md`
-6. `docs/product/error-conventions.md`
-
-Architecture and contributor workflow references:
-
-- `ARCHITECTURE.md`
-- `docs/architecture/overview.md`
-- `docs/onboarding/getting-started.md`
-- `docs/onboarding/common-tasks.md`
-- `docs/onboarding/testing.md`
-
-## Non-Negotiable Product Rules
-
-- Group commands by developer workflow, not product ownership.
-- No `orm`, `postgres`, or `compute` namespaces in the command surface.
-- Canonical command shape is `prisma <group> <action>`.
-- The current preview uses only `auth`, `project`, `branch`, and `app`.
-- Preserve the long-term resource model:
-  - `workspace -> project -> branch -> { app, database }`
-
-For exact definitions and resolution rules, see `resource-model.md` and `command-spec.md`.
-
-## Branch Model
-
-Do not redefine this casually:
-
-- everything under a project happens in a branch
-- `local` is local CLI context only, not a branch or deploy target
-- `production` is a protected durable branch
-- every other named branch is preview by default
-- preview branches are disposable by default
-- non-production branches can become durable later
-- first remote deploy defaults to preview
-- production is reached by `app promote` or explicit user targeting
-
-See:
-
-- `docs/product/resource-model.md`
-- `docs/product/command-spec.md`
-
-## Output and Error Behavior
-
-Before changing CLI UX, read:
-
-- `docs/product/cli-style-guide.md`
-- `docs/product/output-conventions.md`
-- `docs/product/error-conventions.md`
-
-Important themes:
-
-- stdout is for machine-readable data
-- stderr is for human-oriented status and decoration
-- `--json` is explicit
-- non-TTY and non-interactive behavior must stay automation-friendly
-- structured error codes are the branching surface for agents and CI
-
-## Error Handling
-
-- Use `better-result` for owned application code that can fail.
-- Model expected failures as `TaggedError` types from `better-result`.
-- Put tagged error message construction in the constructor. Instantiate tagged errors directly; delete factory functions that only wrap constructors. Use static constructors only when they encode distinct domain variants.
-- Represent unexpected failures as `UnhandledException` from `better-result`.
-- Return only errors produced by the function plus errors propagated from callees. Do not create app-wide error unions.
-- Wrap throwing or rejecting boundaries with `Result.try` or `Result.tryPromise`. This includes SDK calls, I/O, parsing, and async framework calls.
-- Wrap expected throwing failures at the lowest throwing expression and map them to the local tagged error type.
-- Once a function returns `Result`, do not throw inside its body for modeled boundaries. Return expected errors, abort errors, and propagated `UnhandledException` values in the error union; throw only at temporary or final CLI-facing boundaries.
-- When mapping abortable boundary failures, prefer `signal.aborted` over matching error names or messages to detect cancellation.
-- Do not wrap a boundary only to match `UnhandledException` and rethrow it. Let unexpected failures throw directly when no expected error is modeled or propagated.
-- Use `Result.gen` to compose multiple results. Do not manually chain `isErr` propagation when `yield*` can express the flow.
-- Propagate typed results through lower layers. Do not convert results to plain values, `null`, booleans, or thrown exceptions below the boundary.
-- Convert results only at CLI-facing boundaries: command runners, controllers that produce command output, auth providers, API/client adapters, storage adapters, and startup assembly.
-- Match errors exhaustively with `matchError`. Do not use catch-all handlers or partial matches.
-- Throw tagged errors directly when their message and context are already correct. Do not wrap them in generic `Error` instances.
-- Do not refactor generated code, third-party SDK internals, or framework internals for result handling.
-
-## When Making Changes
-
-- Prefer tightening existing docs over adding new surface area.
-- Keep nouns and verbs stable across docs, help, output, and code.
-- Do not add shortcuts or aliases as canonical forms.
-- Do not let the current app preview introduce abstractions that will block later ORM/Postgres integration.
-- If docs conflict, resolve the docs rather than guessing in implementation.
-
-## Default Agent Workflow
-
-1. Read the product docs above.
-2. Identify the relevant source-of-truth doc for the task.
-3. If implementation requires undefined behavior, update docs first.
-4. Keep changes aligned with the unified CLI direction, not just the current app slice.
+1. Run `pnpm install`.
+2. Use `pnpm --filter <package> <script>` for package-local checks.
+3. Run root scripts only when they match the changed surface.
+4. Keep generated artifacts out of commits unless the task requires them.
diff --git a/package.json b/package.json
index bdc72d6..b8a95cd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,9 @@
 {
   "name": "prisma-cli",
   "private": true,
+  "engines": {
+    "node": "22.12.0"
+  },
   "packageManager": "pnpm@10.30.0",
   "scripts": {
     "build:cli": "pnpm --filter @prisma/cli build",
@@ -8,6 +11,7 @@
     "lint:skills": "node scripts/validate-skills.mjs",
     "prepare": "skills add ./skills --skill '*' --agent universal claude-code -y",
     "prepare:cli-publish": "node scripts/prepare-cli-publish.mjs",
+    "prepare:compute-publish": "node scripts/prepare-compute-publish.mjs",
     "smoke:cli-nextjs": "node scripts/smoke-cli-nextjs-artifact.mjs",
     "test:skills": "node --test scripts/validate-skills.test.mjs",
     "test": "pnpm --filter @prisma/cli test",
diff --git a/packages/cli/AGENTS.md b/packages/cli/AGENTS.md
new file mode 100644
index 0000000..8d7bfa9
--- /dev/null
+++ b/packages/cli/AGENTS.md
@@ -0,0 +1,109 @@
+# AGENTS.md
+
+## Purpose
+
+This package uses document-driven development for the new Prisma CLI.
+
+The docs in `docs/product` are the source of truth. Do not invent product behavior in code that is not already grounded in those docs. If behavior is unclear or missing, update docs first.
+
+## What This CLI Is
+
+- This is the future unified Prisma CLI.
+- The first implementation slice is app deployment workflows, but the command model must preserve the long-term CLI for ORM, Postgres, and app workflows.
+
+## Read These First
+
+Start with `docs/README.md` for the public docs index.
+
+1. `docs/product/resource-model.md`
+2. `docs/product/command-principles.md`
+3. `docs/product/command-spec.md`
+4. `docs/product/cli-style-guide.md`
+5. `docs/product/output-conventions.md`
+6. `docs/product/error-conventions.md`
+
+Architecture and contributor workflow references:
+
+- `ARCHITECTURE.md`
+- `docs/architecture/overview.md`
+- `docs/onboarding/getting-started.md`
+- `docs/onboarding/common-tasks.md`
+- `docs/onboarding/testing.md`
+
+## Non-Negotiable Product Rules
+
+- Group commands by developer workflow, not product ownership.
+- No `orm`, `postgres`, or `compute` namespaces in the command surface.
+- Canonical command shape is `prisma <group> <action>`.
+- The current preview uses only `auth`, `project`, `branch`, and `app`.
+- Preserve the long-term resource model: `workspace -> project -> branch -> { app, database }`.
+
+For exact definitions and resolution rules, see `resource-model.md` and `command-spec.md`.
+
+## Branch Model
+
+Do not redefine this casually:
+
+- everything under a project happens in a branch
+- `local` is local CLI context only, not a branch or deploy target
+- `production` is a protected durable branch
+- every other named branch is preview by default
+- preview branches are disposable by default
+- non-production branches can become durable later
+- first remote deploy defaults to preview
+- production is reached by `app promote` or explicit user targeting
+
+See:
+
+- `docs/product/resource-model.md`
+- `docs/product/command-spec.md`
+
+## Output and Error Behavior
+
+Before changing CLI UX, read:
+
+- `docs/product/cli-style-guide.md`
+- `docs/product/output-conventions.md`
+- `docs/product/error-conventions.md`
+
+Important themes:
+
+- stdout is for machine-readable data
+- stderr is for human-oriented status and decoration
+- `--json` is explicit
+- non-TTY and non-interactive behavior must stay automation-friendly
+- structured error codes are the branching surface for agents and CI
+
+## Error Handling
+
+- Use `better-result` for owned application code that can fail.
+- Model expected failures as `TaggedError` types from `better-result`.
+- Put tagged error message construction in the constructor. Instantiate tagged errors directly; delete factory functions that only wrap constructors. Use static constructors only when they encode distinct domain variants.
+- Represent unexpected failures as `UnhandledException` from `better-result`.
+- Return only errors produced by the function plus errors propagated from callees. Do not create app-wide error unions.
+- Wrap throwing or rejecting boundaries with `Result.try` or `Result.tryPromise`. This includes SDK calls, I/O, parsing, and async framework calls.
+- Wrap expected throwing failures at the lowest throwing expression and map them to the local tagged error type.
+- Once a function returns `Result`, do not throw inside its body for modeled boundaries. Return expected errors, abort errors, and propagated `UnhandledException` values in the error union; throw only at temporary or final CLI-facing boundaries.
+- When mapping abortable boundary failures, prefer `signal.aborted` over matching error names or messages to detect cancellation.
+- Do not wrap a boundary only to match `UnhandledException` and rethrow it. Let unexpected failures throw directly when no expected error is modeled or propagated.
+- Use `Result.gen` to compose multiple results. Do not manually chain `isErr` propagation when `yield*` can express the flow.
+- Propagate typed results through lower layers. Do not convert results to plain values, `null`, booleans, or thrown exceptions below the boundary.
+- Convert results only at CLI-facing boundaries: command runners, controllers that produce command output, auth providers, API/client adapters, storage adapters, and startup assembly.
+- Match errors exhaustively with `matchError`. Do not use catch-all handlers or partial matches.
+- Throw tagged errors directly when their message and context are already correct. Do not wrap them in generic `Error` instances.
+- Do not refactor generated code, third-party SDK internals, or framework internals for result handling.
+
+## When Making Changes
+
+- Prefer tightening existing docs over adding new surface area.
+- Keep nouns and verbs stable across docs, help, output, and code.
+- Do not add shortcuts or aliases as canonical forms.
+- Do not let the current app preview introduce abstractions that will block later ORM/Postgres integration.
+- If docs conflict, resolve the docs rather than guessing in implementation.
+
+## Default Agent Workflow
+
+1. Read the product docs above.
+2. Identify the relevant source-of-truth doc for the task.
+3. If implementation requires undefined behavior, update docs first.
+4. Keep changes aligned with the unified CLI direction, not just the current app slice.
diff --git a/scripts/prepare-compute-publish.mjs b/scripts/prepare-compute-publish.mjs
new file mode 100644
index 0000000..5f5fb00
--- /dev/null
+++ b/scripts/prepare-compute-publish.mjs
@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+
+import { access, cp, mkdir, readFile, rm, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+export async function stageComputePublishPackage(options = {}) {
+  const sourceDir = options.sourceDir ?? path.join(getRepoRoot(), "packages/compute");
+  const outputDir = options.outputDir ?? path.join(getRepoRoot(), ".publish/compute");
+  const publishVersion = options.publishVersion;
+
+  await ensureBuildArtifacts(sourceDir);
+
+  await rm(outputDir, { recursive: true, force: true });
+  await mkdir(outputDir, { recursive: true });
+
+  await cp(path.join(sourceDir, "dist"), path.join(outputDir, "dist"), { recursive: true });
+  await cp(path.join(sourceDir, "README.md"), path.join(outputDir, "README.md"));
+  await cp(path.join(getRepoRoot(), "LICENSE"), path.join(outputDir, "LICENSE"));
+
+  const sourceManifest = JSON.parse(
+    await readFile(path.join(sourceDir, "package.json"), "utf8"),
+  );
+
+  const publishManifest = {
+    name: sourceManifest.name,
+    version: publishVersion ?? sourceManifest.version,
+    description: sourceManifest.description,
+    type: sourceManifest.type,
+    exports: sourceManifest.exports,
+    files: ["dist", "README.md", "LICENSE"],
+    publishConfig: {
+      access: "public",
+    },
+    engines: sourceManifest.engines,
+    keywords: sourceManifest.keywords,
+    repository: sourceManifest.repository,
+    homepage: sourceManifest.homepage,
+    bugs: sourceManifest.bugs,
+    license: sourceManifest.license,
+  };
+
+  await writeFile(
+    path.join(outputDir, "package.json"),
+    `${JSON.stringify(removeUndefinedFields(publishManifest), null, 2)}\n`,
+    "utf8",
+  );
+
+  return outputDir;
+}
+
+function getRepoRoot() {
+  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+}
+
+async function ensureBuildArtifacts(sourceDir) {
+  const builtIndexPath = path.join(sourceDir, "dist/index.js");
+  const builtTypesPath = path.join(sourceDir, "dist/index.d.ts");
+
+  try {
+    await access(builtIndexPath);
+    await access(builtTypesPath);
+  } catch {
+    throw new Error(
+      `Missing built compute artifacts in ${path.join(sourceDir, "dist")}. Run "pnpm --filter @prisma/compute build" first.`,
+    );
+  }
+}
+
+function removeUndefinedFields(value) {
+  return Object.fromEntries(
+    Object.entries(value).filter(([, entryValue]) => entryValue !== undefined),
+  );
+}
+
+async function main() {
+  const { outputDir, publishVersion } = parseCliArgs(process.argv.slice(2));
+  const stagedPath = await stageComputePublishPackage(
+    {
+      ...(outputDir ? { outputDir: path.resolve(outputDir) } : {}),
+      ...(publishVersion ? { publishVersion } : {}),
+    },
+  );
+  process.stdout.write(`${stagedPath}\n`);
+}
+
+function parseCliArgs(args) {
+  let outputDir;
+  let publishVersion = process.env.COMPUTE_PUBLISH_VERSION;
+
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+
+    if (arg === "--version") {
+      const nextArg = args[index + 1];
+      if (!nextArg || nextArg.startsWith("--")) {
+        throw new Error("--version requires a value.");
+      }
+      publishVersion = nextArg;
+      index += 1;
+      continue;
+    }
+
+    if (arg?.startsWith("--version=")) {
+      publishVersion = arg.slice("--version=".length);
+      continue;
+    }
+
+    if (arg?.startsWith("--")) {
+      throw new Error(`Unknown option: ${arg}`);
+    }
+
+    if (outputDir) {
+      throw new Error(`Unexpected argument: ${arg}`);
+    }
+
+    outputDir = arg;
+  }
+
+  if (publishVersion !== undefined && publishVersion.trim() === "") {
+    throw new Error("Publish version cannot be empty.");
+  }
+
+  return { outputDir, publishVersion };
+}
+
+if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
+  main().catch((error) => {
+    const message = error instanceof Error ? error.stack ?? error.message : String(error);
+    process.stderr.write(`${message}\n`);
+    process.exitCode = 1;
+  });
+}
diff --git a/scripts/resolve-cli-version.mjs b/scripts/resolve-cli-version.mjs
deleted file mode 100644
index 6d15306..0000000
--- a/scripts/resolve-cli-version.mjs
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/usr/bin/env node
-
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-export const CLI_RELEASE_BASE_VERSION = "3.0.0";
-
-export function resolveDevVersion(options) {
-  const runNumber = requireValue(options.runNumber, "runNumber");
-  const runAttempt = requireValue(options.runAttempt, "runAttempt");
-
-  return `${CLI_RELEASE_BASE_VERSION}-dev.${runNumber}.${runAttempt}`;
-}
-
-export function resolvePrVersion(options) {
-  const prNumber = requireValue(options.prNumber, "prNumber");
-  const sha = shortSha(requireValue(options.sha, "sha"));
-
-  return `${CLI_RELEASE_BASE_VERSION}-pr.${prNumber}.sha${sha}`;
-}
-
-export function resolveNextBetaVersion(latest) {
-  const normalizedLatest = (latest ?? "").trim();
-
-  if (!normalizedLatest || normalizedLatest.startsWith("2.")) {
-    return `${CLI_RELEASE_BASE_VERSION}-beta.0`;
-  }
-
-  const betaMatch = normalizedLatest.match(/^3\.0\.0-beta\.(\d+)$/);
-  if (betaMatch) {
-    const nextNumber = Number(betaMatch[1]) + 1;
-    return `${CLI_RELEASE_BASE_VERSION}-beta.${nextNumber}`;
-  }
-
-  throw new Error(
-    `Cannot compute the next beta from npm latest (${normalizedLatest}). Expected no latest, a 2.x legacy latest, or ${CLI_RELEASE_BASE_VERSION}-beta.N.`,
-  );
-}
-
-function shortSha(sha) {
-  return sha.slice(0, 12);
-}
-
-function requireValue(value, name) {
-  if (value === undefined || value === null || String(value).trim() === "") {
-    throw new Error(`${name} is required.`);
-  }
-
-  return String(value);
-}
-
-function parseOptions(args) {
-  const options = {};
-
-  for (let index = 0; index < args.length; index += 1) {
-    const arg = args[index];
-
-    if (!arg.startsWith("--")) {
-      throw new Error(`Unexpected argument: ${arg}`);
-    }
-
-    const inlineValueIndex = arg.indexOf("=");
-    if (inlineValueIndex !== -1) {
-      options[arg.slice(2, inlineValueIndex)] = arg.slice(inlineValueIndex + 1);
-      continue;
-    }
-
-    const value = args[index + 1];
-    if (value === undefined || value.startsWith("--")) {
-      throw new Error(`${arg} requires a value.`);
-    }
-
-    options[arg.slice(2)] = value;
-    index += 1;
-  }
-
-  return options;
-}
-
-function main() {
-  const [command, ...args] = process.argv.slice(2);
-  const options = parseOptions(args);
-
-  if (command === "dev") {
-    process.stdout.write(`version=${resolveDevVersion({
-      runNumber: options["run-number"],
-      runAttempt: options["run-attempt"],
-    })}\n`);
-    return;
-  }
-
-  if (command === "pr") {
-    process.stdout.write(`version=${resolvePrVersion({
-      prNumber: options["pr-number"],
-      sha: options.sha,
-    })}\n`);
-    return;
-  }
-
-  if (command === "next-beta") {
-    const latest = options.latest ?? "";
-    process.stdout.write(`latest=${latest}\n`);
-    process.stdout.write(`version=${resolveNextBetaVersion(latest)}\n`);
-    return;
-  }
-
-  throw new Error("Usage: resolve-cli-version.mjs <dev|pr|next-beta> [options]");
-}
-
-if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
-  try {
-    main();
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-  }
-}
diff --git a/scripts/resolve-package-version.mjs b/scripts/resolve-package-version.mjs
new file mode 100644
index 0000000..be7de63
--- /dev/null
+++ b/scripts/resolve-package-version.mjs
@@ -0,0 +1,177 @@
+#!/usr/bin/env node
+
+import path from "node:path";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+
+export function resolveDevVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const runNumber = requireValue(options.runNumber, "runNumber");
+  const runAttempt = requireValue(options.runAttempt, "runAttempt");
+
+  return `${baseVersion}-dev.${runNumber}.${runAttempt}`;
+}
+
+export function resolvePrVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const prNumber = requireValue(options.prNumber, "prNumber");
+  const sha = shortSha(requireValue(options.sha, "sha"));
+
+  return `${baseVersion}-pr.${prNumber}.sha${sha}`;
+}
+
+export function resolveNextBetaVersion(options) {
+  const baseVersion = requireValue(options.baseVersion, "baseVersion");
+  const latest = options.latest;
+  const normalizedLatest = (latest ?? "").trim();
+
+  if (!normalizedLatest || isOlderReleaseLine(normalizedLatest, baseVersion)) {
+    return `${baseVersion}-beta.0`;
+  }
+
+  const betaMatch = normalizedLatest.match(new RegExp(`^${escapeRegExp(baseVersion)}-beta\\.(\\d+)$`));
+  if (betaMatch) {
+    const nextNumber = Number(betaMatch[1]) + 1;
+    return `${baseVersion}-beta.${nextNumber}`;
+  }
+
+  throw new Error(
+    `Cannot compute the next beta from npm latest (${normalizedLatest}). Expected no latest, a lower release line, or ${baseVersion}-beta.N.`,
+  );
+}
+
+export function resolvePackageReleaseBaseVersion(packageDir) {
+  const manifestPath = path.join(getRepoRoot(), packageDir, "package.json");
+  const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
+  const version = requireValue(manifest.version, `${packageDir} package.json version`);
+  const match = version.match(/^(\d+\.\d+\.\d+)(?:-.+)?$/);
+
+  if (!match) {
+    throw new Error(`Cannot derive release base from ${packageDir} package version (${version}).`);
+  }
+
+  return match[1];
+}
+
+function getRepoRoot() {
+  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+}
+
+function isOlderReleaseLine(latest, baseVersion) {
+  const latestParts = parseVersionCore(latest);
+  const baseParts = parseVersionCore(baseVersion);
+
+  if (!latestParts || !baseParts) {
+    return false;
+  }
+
+  for (let index = 0; index < baseParts.length; index += 1) {
+    if (latestParts[index] < baseParts[index]) {
+      return true;
+    }
+
+    if (latestParts[index] > baseParts[index]) {
+      return false;
+    }
+  }
+
+  return false;
+}
+
+function parseVersionCore(version) {
+  const match = version.match(/^(\d+)\.(\d+)\.(\d+)(?:-.+)?$/);
+
+  if (!match) {
+    return undefined;
+  }
+
+  return match.slice(1).map(Number);
+}
+
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function shortSha(sha) {
+  return sha.slice(0, 12);
+}
+
+function requireValue(value, name) {
+  if (value === undefined || value === null || String(value).trim() === "") {
+    throw new Error(`${name} is required.`);
+  }
+
+  return String(value);
+}
+
+function parseOptions(args) {
+  const options = {};
+
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+
+    if (!arg.startsWith("--")) {
+      throw new Error(`Unexpected argument: ${arg}`);
+    }
+
+    const inlineValueIndex = arg.indexOf("=");
+    if (inlineValueIndex !== -1) {
+      options[arg.slice(2, inlineValueIndex)] = arg.slice(inlineValueIndex + 1);
+      continue;
+    }
+
+    const value = args[index + 1];
+    if (value === undefined || value.startsWith("--")) {
+      throw new Error(`${arg} requires a value.`);
+    }
+
+    options[arg.slice(2)] = value;
+    index += 1;
+  }
+
+  return options;
+}
+
+function main() {
+  const [command, ...args] = process.argv.slice(2);
+  const options = parseOptions(args);
+  const packageDir = requireValue(options["package-dir"], "package-dir");
+  const baseVersion = resolvePackageReleaseBaseVersion(packageDir);
+
+  if (command === "dev") {
+    process.stdout.write(`version=${resolveDevVersion({
+      baseVersion,
+      runNumber: options["run-number"],
+      runAttempt: options["run-attempt"],
+    })}\n`);
+    return;
+  }
+
+  if (command === "pr") {
+    process.stdout.write(`version=${resolvePrVersion({
+      baseVersion,
+      prNumber: options["pr-number"],
+      sha: options.sha,
+    })}\n`);
+    return;
+  }
+
+  if (command === "next-beta") {
+    const latest = options.latest ?? "";
+    process.stdout.write(`latest=${latest}\n`);
+    process.stdout.write(`version=${resolveNextBetaVersion({ baseVersion, latest })}\n`);
+    return;
+  }
+
+  throw new Error("Usage: resolve-package-version.mjs <dev|pr|next-beta> [--package-dir <path>] [options]");
+}
+
+if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
+  try {
+    main();
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`${message}\n`);
+    process.exitCode = 1;
+  }
+}

From 569316925c56ca18b37649cef5ccb40fbe35268c Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 07:30:29 -0400
Subject: [PATCH 2/8] Simplify package publishing workflows

Publish CLI and Compute packages directly from their package directories instead of staging transformed publish artifacts. Rely on committed package metadata, package-local LICENSE files, .npmignore rules, and prepack builds for package contents.

Add the Compute publish workflow, use the shared package version resolver for both packages, and require explicit package directories when resolving release versions. Switch publishing workflows to pnpm for versioning, registry lookup, authentication checks, and publishing.

Remove the staging publish scripts and their staging-specific tests. Update publishing docs, ADRs, and onboarding guidance to describe direct package inspection with pnpm pack. Add repo agent guidance for pnpm usage in repo commands while preserving npm guidance for user-facing content.
---
 .github/workflows/preview-cli-package.yml     |  11 +-
 .github/workflows/publish-cli.yml             | 127 ++------------
 .github/workflows/publish-compute.yml         | 127 ++------------
 AGENTS.md                                     |   5 +
 README.md                                     |  10 +-
 .../0001-preview-package-and-publishing.md    |  11 +-
 docs/architecture/package-structure.md        |   6 +-
 docs/onboarding/common-tasks.md               |   6 +-
 docs/onboarding/getting-started.md            |   6 +-
 docs/onboarding/testing.md                    |  11 +-
 docs/reference/testing-patterns.md            |   7 +-
 package.json                                  |   2 -
 packages/cli/.npmignore                       |   6 +
 packages/cli/LICENSE                          | 158 +++++++++++++++++
 packages/cli/tests/publish-prep.test.ts       | 166 ------------------
 ...est.ts => resolve-package-version.test.ts} |  18 +-
 packages/compute/.npmignore                   |   6 +
 packages/compute/LICENSE                      | 158 +++++++++++++++++
 packages/compute/package.json                 |   1 +
 scripts/prepare-cli-publish.mjs               | 134 --------------
 scripts/prepare-compute-publish.mjs           | 133 --------------
 21 files changed, 414 insertions(+), 695 deletions(-)
 create mode 100644 packages/cli/.npmignore
 create mode 100644 packages/cli/LICENSE
 delete mode 100644 packages/cli/tests/publish-prep.test.ts
 rename packages/cli/tests/{resolve-cli-version.test.ts => resolve-package-version.test.ts} (67%)
 create mode 100644 packages/compute/.npmignore
 create mode 100644 packages/compute/LICENSE
 delete mode 100644 scripts/prepare-cli-publish.mjs
 delete mode 100644 scripts/prepare-compute-publish.mjs

diff --git a/.github/workflows/preview-cli-package.yml b/.github/workflows/preview-cli-package.yml
index 185584d..5468ccc 100644
--- a/.github/workflows/preview-cli-package.yml
+++ b/.github/workflows/preview-cli-package.yml
@@ -60,14 +60,15 @@ jobs:
         id: compute_build
         run: pnpm --filter @prisma/compute build
 
-      - name: Prepare staged preview package
-        id: prepare_preview
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
+      - name: Set preview package version
+        id: set_preview_version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
       - name: Publish installable PR preview
         id: publish_preview
         continue-on-error: ${{ vars.CLI_PR_PREVIEW_REQUIRED != 'true' }}
-        run: pnpm exec pkg-pr-new publish --bin --comment=update .publish/cli
+        run: pnpm exec pkg-pr-new publish --bin --comment=update packages/cli
 
       - name: Summarize PR preview publish
         if: ${{ always() }}
@@ -80,7 +81,7 @@ jobs:
             echo "- Compute tests: \`${{ steps.compute_tests.outcome || 'skipped' }}\`"
             echo "- Build: \`${{ steps.cli_build.outcome || 'skipped' }}\`"
             echo "- Compute build: \`${{ steps.compute_build.outcome || 'skipped' }}\`"
-            echo "- Package staging: \`${{ steps.prepare_preview.outcome || 'skipped' }}\`"
+            echo "- Version injection: \`${{ steps.set_preview_version.outcome || 'skipped' }}\`"
             echo "- pkg.pr.new publish: \`${{ steps.publish_preview.outcome || 'skipped' }}\`"
             PUBLISH_OUTCOME="${{ steps.publish_preview.outcome || 'skipped' }}"
             if [ "${PUBLISH_OUTCOME}" != "success" ]; then
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 80e05cc..571bdc7 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -49,62 +49,17 @@ jobs:
             --run-number "${GITHUB_RUN_NUMBER}" \
             --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
 
-      - name: Run focused CLI tests
-        run: pnpm --filter @prisma/cli test
+      - name: Set package version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
-      - name: Build CLI package
-        run: pnpm --filter @prisma/cli build
-
-      - name: Prepare staged publish package
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/cli
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/cli.js', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/cli && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "cli-publish-smoke",
-            "private": true
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/cli/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            pnpm prisma-cli --help
-            pnpm prisma-cli auth whoami --json
-          )
+      - name: Check npm authentication
+        working-directory: packages/cli
+        run: pnpm whoami
 
       - name: Publish dev package to npm
-        working-directory: .publish/cli
-        run: npm publish --access public --tag dev --provenance
+        working-directory: packages/cli
+        run: pnpm publish --access public --tag dev --provenance
 
       - name: Summarize dev publish
         run: |
@@ -152,7 +107,7 @@ jobs:
         id: cli_version
         run: |
           PACKAGE='@prisma/cli'
-          LATEST="$(npm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
           node scripts/resolve-package-version.mjs next-beta \
             --package-dir packages/cli \
             --latest "${LATEST}" >> "$GITHUB_OUTPUT"
@@ -166,58 +121,9 @@ jobs:
             exit 1
           fi
 
-      - name: Run focused CLI tests
-        run: pnpm --filter @prisma/cli test
-
-      - name: Build CLI package
-        run: pnpm --filter @prisma/cli build
-
-      - name: Prepare staged publish package
-        run: node scripts/prepare-cli-publish.mjs .publish/cli --version '${{ steps.cli_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/cli
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/cli.js', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/cli && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "cli-publish-smoke",
-            "private": true
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/cli/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            pnpm prisma-cli --help
-            pnpm prisma-cli auth whoami --json
-          )
+      - name: Set package version
+        working-directory: packages/cli
+        run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
       - name: Ensure release still targets the latest main
         if: ${{ !inputs.dry_run }}
@@ -228,10 +134,15 @@ jobs:
             exit 1
           fi
 
+      - name: Check npm authentication
+        if: ${{ !inputs.dry_run }}
+        working-directory: packages/cli
+        run: pnpm whoami
+
       - name: Publish official package to npm
         if: ${{ !inputs.dry_run }}
-        working-directory: .publish/cli
-        run: npm publish --access public --tag latest --provenance
+        working-directory: packages/cli
+        run: pnpm publish --access public --tag latest --provenance
 
       - name: Create release tag
         if: ${{ !inputs.dry_run }}
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
index 256d1db..eeee189 100644
--- a/.github/workflows/publish-compute.yml
+++ b/.github/workflows/publish-compute.yml
@@ -49,62 +49,17 @@ jobs:
             --run-number "${GITHUB_RUN_NUMBER}" \
             --run-attempt "${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
 
-      - name: Run focused compute tests
-        run: pnpm --filter @prisma/compute test
+      - name: Set package version
+        working-directory: packages/compute
+        run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
 
-      - name: Build compute package
-        run: pnpm --filter @prisma/compute build
-
-      - name: Prepare staged publish package
-        run: node scripts/prepare-compute-publish.mjs .publish/compute --version '${{ steps.compute_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/compute
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/index.js', 'dist/index.d.ts', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/compute && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "compute-publish-smoke",
-            "private": true,
-            "type": "module"
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/compute/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            node -e "await import('@prisma/compute')"
-          )
+      - name: Check npm authentication
+        working-directory: packages/compute
+        run: pnpm whoami
 
       - name: Publish dev package to npm
-        working-directory: .publish/compute
-        run: npm publish --access public --tag dev --provenance
+        working-directory: packages/compute
+        run: pnpm publish --access public --tag dev --provenance
 
       - name: Summarize dev publish
         run: |
@@ -152,7 +107,7 @@ jobs:
         id: compute_version
         run: |
           PACKAGE='@prisma/compute'
-          LATEST="$(npm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
           node scripts/resolve-package-version.mjs next-beta \
             --package-dir packages/compute \
             --latest "${LATEST}" >> "$GITHUB_OUTPUT"
@@ -166,58 +121,9 @@ jobs:
             exit 1
           fi
 
-      - name: Run focused compute tests
-        run: pnpm --filter @prisma/compute test
-
-      - name: Build compute package
-        run: pnpm --filter @prisma/compute build
-
-      - name: Prepare staged publish package
-        run: node scripts/prepare-compute-publish.mjs .publish/compute --version '${{ steps.compute_version.outputs.version }}'
-
-      - name: Audit staged package contents
-        working-directory: .publish/compute
-        run: |
-          PACK_JSON="$(npm pack --dry-run --json)"
-          PACK_JSON="${PACK_JSON}" node -e "
-            const pack = JSON.parse(process.env.PACK_JSON)[0]
-            const files = pack.files.map((file) => file.path).sort()
-            const forbidden = files.filter((file) =>
-              file.startsWith('src/') ||
-              file.startsWith('tests/') ||
-              file.startsWith('fixtures/') ||
-              file.startsWith('docs/') ||
-              file.startsWith('.prisma/') ||
-              file.startsWith('.publish/')
-            )
-            if (forbidden.length) {
-              console.error('Forbidden files in npm package:', forbidden.join(', '))
-              process.exit(1)
-            }
-            for (const required of ['dist/index.js', 'dist/index.d.ts', 'README.md', 'LICENSE', 'package.json']) {
-              if (!files.includes(required)) {
-                console.error('Missing required package file:', required)
-                process.exit(1)
-              }
-            }
-          "
-
-      - name: Smoke test staged tarball install
-        run: |
-          TARBALL="$(cd .publish/compute && npm pack --silent)"
-          TMPDIR="$(mktemp -d)"
-          cat > "${TMPDIR}/package.json" <<'EOF'
-          {
-            "name": "compute-publish-smoke",
-            "private": true,
-            "type": "module"
-          }
-          EOF
-          pnpm add -D "${PWD}/.publish/compute/${TARBALL}" --dir "${TMPDIR}"
-          (
-            cd "${TMPDIR}"
-            node -e "await import('@prisma/compute')"
-          )
+      - name: Set package version
+        working-directory: packages/compute
+        run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
 
       - name: Ensure release still targets the latest main
         if: ${{ !inputs.dry_run }}
@@ -228,10 +134,15 @@ jobs:
             exit 1
           fi
 
+      - name: Check npm authentication
+        if: ${{ !inputs.dry_run }}
+        working-directory: packages/compute
+        run: pnpm whoami
+
       - name: Publish official package to npm
         if: ${{ !inputs.dry_run }}
-        working-directory: .publish/compute
-        run: npm publish --access public --tag latest --provenance
+        working-directory: packages/compute
+        run: pnpm publish --access public --tag latest --provenance
 
       - name: Create release tag
         if: ${{ !inputs.dry_run }}
diff --git a/AGENTS.md b/AGENTS.md
index 5bc015a..f9ba31f 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -10,3 +10,8 @@ Use this file for repo-wide instructions. Use package-local `AGENTS.md` files fo
 2. Use `pnpm --filter <package> <script>` for package-local checks.
 3. Run root scripts only when they match the changed surface.
 4. Keep generated artifacts out of commits unless the task requires them.
+
+## Package Manager
+
+- Use `pnpm` for commands run inside this repo.
+- Use `npm` or multiple package-manager examples in user-facing content.
diff --git a/README.md b/README.md
index 0266c9d..552b5b8 100644
--- a/README.md
+++ b/README.md
@@ -79,11 +79,10 @@ Build the package:
 pnpm build:cli
 ```
 
-Stage the npm package locally without publishing:
+Inspect the npm package locally without publishing:
 
 ```bash
-pnpm build:cli
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
 ## Command Model
@@ -132,8 +131,7 @@ Start here when changing command behavior:
 See `CONTRIBUTING.md` for local development and contribution guidance.
 See `ARCHITECTURE.md` for the short architecture entrypoint.
 
-The npm package README lives at `packages/cli/README.md` and is copied into the
-staged publish artifact.
+The npm package README lives at `packages/cli/README.md`.
 
 ## Community
 
@@ -161,7 +159,7 @@ publish from a local checkout unless the release owner explicitly asks you to do
 so.
 
 The committed `packages/cli/package.json` version is a development placeholder.
-Release versions are injected by CI when the staged npm package is prepared.
+Release versions are injected by CI before the package is packed and published.
 
 Release channels:
 
diff --git a/docs/architecture/adrs/0001-preview-package-and-publishing.md b/docs/architecture/adrs/0001-preview-package-and-publishing.md
index 8a38e0b..c114f45 100644
--- a/docs/architecture/adrs/0001-preview-package-and-publishing.md
+++ b/docs/architecture/adrs/0001-preview-package-and-publishing.md
@@ -18,7 +18,8 @@ dist-tag. The package exposes a `prisma-cli` binary so it can coexist with the
 existing `prisma` executable.
 
 The committed `packages/cli/package.json` version is a development placeholder.
-Release versions are injected into the staged package by CI:
+Release versions are injected into the package manifest by CI before packing and
+publishing:
 
 - Manual official releases compute the next `3.0.0-beta.N`, publish to
   `latest`, and create `cli-v<version>`.
@@ -36,10 +37,10 @@ The publish workflow is prepared for npm trusted publishing with provenance.
 Official releases publish with:
 
 ```bash
-npm publish --access public --tag latest --provenance
+pnpm publish --access public --tag latest --provenance
 ```
 
-Local development should build and stage the package, but should not publish it.
+Local development should build and inspect the package, but should not publish it.
 
 ## Consequences
 
@@ -48,8 +49,8 @@ Local development should build and stage the package, but should not publish it.
   preview comments for exact unmerged commits.
 - Project scripts may map `prisma` to `prisma-cli` when testing the future
   command shape locally.
-- The npm package should contain only the staged package files: built `dist`,
-  package README, license, and package manifest.
+- The npm package should contain only the package files: built `dist`, package
+  README, license, and package manifest.
 - Official publishing remains manual and gated until a maintainer runs the
   workflow.
 - Release version bumps are not committed through pull requests; npm versions
diff --git a/docs/architecture/package-structure.md b/docs/architecture/package-structure.md
index b209c00..d7e2a98 100644
--- a/docs/architecture/package-structure.md
+++ b/docs/architecture/package-structure.md
@@ -39,8 +39,8 @@ Tests live in `packages/cli/tests`.
 - Use in-process CLI tests for command behavior, output, prompts, and errors.
 - Use controller and use-case tests when a behavior can be exercised without
   going through Commander.
-- Use publish-prep tests for package metadata and tarball contents.
-- Add subprocess or staged package smoke tests when changing packaging,
-  entrypoints, or binary behavior.
+- Use package metadata and tarball-content checks for publishing changes.
+- Add subprocess or package smoke tests when changing packaging, entrypoints, or
+  binary behavior.
 
 See [testing patterns](../reference/testing-patterns.md) for more detail.
diff --git a/docs/onboarding/common-tasks.md b/docs/onboarding/common-tasks.md
index 7b289c3..3889b97 100644
--- a/docs/onboarding/common-tasks.md
+++ b/docs/onboarding/common-tasks.md
@@ -41,10 +41,8 @@ Use this playbook when making common changes to the CLI.
 
 1. Update `packages/cli/package.json` and `packages/cli/README.md` if package
    metadata or package-facing docs change.
-2. Update `scripts/prepare-cli-publish.mjs` when staged package contents change.
-3. Update `packages/cli/tests/publish-prep.test.ts`.
-4. Run `pnpm build:cli` and `pnpm prepare:cli-publish`.
-5. Do not publish from a local checkout unless the release owner explicitly asks
+2. Run `pnpm --filter @prisma/cli pack --dry-run`.
+3. Do not publish from a local checkout unless the release owner explicitly asks
    for that.
 
 ## Record An Architecture Decision
diff --git a/docs/onboarding/getting-started.md b/docs/onboarding/getting-started.md
index 81172fa..7dfaa86 100644
--- a/docs/onboarding/getting-started.md
+++ b/docs/onboarding/getting-started.md
@@ -48,14 +48,12 @@ Build the package:
 pnpm build:cli
 ```
 
-Stage the publish package locally without publishing:
+Inspect the publish package locally without publishing:
 
 ```bash
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
-If staging fails because the built CLI is missing, run `pnpm build:cli` first.
-
 ## Examples
 
 Manual smoke apps live in:
diff --git a/docs/onboarding/testing.md b/docs/onboarding/testing.md
index ebaf417..5e8deaa 100644
--- a/docs/onboarding/testing.md
+++ b/docs/onboarding/testing.md
@@ -9,12 +9,11 @@ flags, output streams, structured JSON, prompts, errors, and package contents.
 pnpm test
 ```
 
-Build the package when changing entrypoints, package metadata, or publishing
-preparation:
+Inspect package contents when changing entrypoints, package metadata, or
+publishing preparation:
 
 ```bash
-pnpm build:cli
-pnpm prepare:cli-publish
+pnpm --filter @prisma/cli pack --dry-run
 ```
 
 Run the Next.js artifact smoke before publishing a preview CLI build that
@@ -37,7 +36,7 @@ pnpm smoke:cli-nextjs
 - Prompt behavior in TTY mode.
 - Error codes, summaries, fixes, and next steps.
 - Secret redaction, especially environment variable values.
-- Package staging and tarball contents.
+- Package metadata and tarball contents.
 
 ## Test Styles
 
@@ -48,7 +47,7 @@ temporary state.
 Use controller or use-case tests when the behavior is easier to express without
 going through Commander.
 
-Use staged package smoke tests when changing:
+Use package smoke tests when changing:
 
 - binary entrypoints
 - build configuration
diff --git a/docs/reference/testing-patterns.md b/docs/reference/testing-patterns.md
index b1f439e..0e2a04e 100644
--- a/docs/reference/testing-patterns.md
+++ b/docs/reference/testing-patterns.md
@@ -39,8 +39,7 @@ the behavior under test.
 
 ## Subprocess And Package Smoke Tests
 
-Use subprocess or staged package smoke tests when changing packaging or runtime
-entrypoints.
+Use subprocess or package smoke tests when changing packaging or runtime entrypoints.
 
 Good fit:
 
@@ -50,8 +49,8 @@ Good fit:
 - npm tarball contents
 - publish preparation
 
-The staged package should not include source, tests, fixtures, docs, `.prisma`,
-or `.publish` directories.
+The npm tarball should not include source, tests, fixtures, docs, `.prisma`, or
+`.publish` directories.
 
 ## Stream Assertions
 
diff --git a/package.json b/package.json
index b8a95cd..b2b0bbe 100644
--- a/package.json
+++ b/package.json
@@ -10,8 +10,6 @@
     "build:compute": "pnpm --filter @prisma/compute build",
     "lint:skills": "node scripts/validate-skills.mjs",
     "prepare": "skills add ./skills --skill '*' --agent universal claude-code -y",
-    "prepare:cli-publish": "node scripts/prepare-cli-publish.mjs",
-    "prepare:compute-publish": "node scripts/prepare-compute-publish.mjs",
     "smoke:cli-nextjs": "node scripts/smoke-cli-nextjs-artifact.mjs",
     "test:skills": "node --test scripts/validate-skills.test.mjs",
     "test": "pnpm --filter @prisma/cli test",
diff --git a/packages/cli/.npmignore b/packages/cli/.npmignore
new file mode 100644
index 0000000..17cabed
--- /dev/null
+++ b/packages/cli/.npmignore
@@ -0,0 +1,6 @@
+src/
+tests/
+fixtures/
+docs/
+.prisma/
+.publish/
diff --git a/packages/cli/LICENSE b/packages/cli/LICENSE
new file mode 100644
index 0000000..c6732f4
--- /dev/null
+++ b/packages/cli/LICENSE
@@ -0,0 +1,158 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work by
+the copyright owner or by an individual or Legal Entity authorized to submit on
+behalf of the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent to the
+Licensor or its representatives, including but not limited to communication on
+electronic mailing lists, source code control systems, and issue tracking
+systems that are managed by, or on behalf of, the Licensor for the purpose of
+discussing and improving the Work, but excluding communication that is
+conspicuously marked or otherwise designated in writing by the copyright owner
+as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+License, each Contributor hereby grants to You a perpetual, worldwide,
+non-exclusive, no-charge, royalty-free, irrevocable copyright license to
+reproduce, prepare Derivative Works of, publicly display, publicly perform,
+sublicense, and distribute the Work and such Derivative Works in Source or Object
+form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License,
+each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise
+transfer the Work, where such license applies only to those patent claims
+licensable by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s) with the Work to
+which such Contribution(s) was submitted. If You institute patent litigation
+against any entity (including a cross-claim or counterclaim in a lawsuit)
+alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate as of the date
+such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or
+Derivative Works thereof in any medium, with or without modifications, and in
+Source or Object form, provided that You meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+
+(b) You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works that You
+distribute, all copyright, patent, trademark, and attribution notices from the
+Source form of the Work, excluding those notices that do not pertain to any part
+of the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+any Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the Derivative
+Works; within the Source form or documentation, if provided along with the
+Derivative Works; or, within a display generated by the Derivative Works, if and
+wherever such third-party notices normally appear. The contents of the NOTICE
+file are for informational purposes only and do not modify the License. You may
+add Your own attribution notices within Derivative Works that You distribute,
+alongside or as an addendum to the NOTICE text from the Work, provided that such
+additional attribution notices cannot be construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any
+Contribution intentionally submitted for inclusion in the Work by You to the
+Licensor shall be under the terms and conditions of this License, without any
+additional terms or conditions. Notwithstanding the above, nothing herein shall
+supersede or modify the terms of any separate license agreement you may have
+executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names,
+trademarks, service marks, or product names of the Licensor, except as required
+for reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+writing, Licensor provides the Work (and each Contributor provides its
+Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied, including, without limitation, any warranties or
+conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks
+associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in
+tort (including negligence), contract, or otherwise, unless required by
+applicable law (such as deliberate and grossly negligent acts) or agreed to in
+writing, shall any Contributor be liable to You for damages, including any
+direct, indirect, special, incidental, or consequential damages of any character
+arising as a result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill, work stoppage,
+computer failure or malfunction, or any and all other commercial damages or
+losses), even if such Contributor has been advised of the possibility of such
+damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or
+Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or
+rights consistent with this License. However, in accepting such obligations, You
+may act only on Your own behalf and on Your sole responsibility, not on behalf of
+any other Contributor, and only if You agree to indemnify, defend, and hold each
+Contributor harmless for any liability incurred by, or claims asserted against,
+such Contributor by reason of your accepting any such warranty or additional
+liability.
+
+END OF TERMS AND CONDITIONS
diff --git a/packages/cli/tests/publish-prep.test.ts b/packages/cli/tests/publish-prep.test.ts
deleted file mode 100644
index 257a668..0000000
--- a/packages/cli/tests/publish-prep.test.ts
+++ /dev/null
@@ -1,166 +0,0 @@
-import { mkdir, mkdtemp, readdir, readFile, writeFile } from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
-
-import { describe, expect, it } from "vitest";
-
-import { stageCliPublishPackage } from "../../../scripts/prepare-cli-publish.mjs";
-
-function createTempCwd(): Promise<string> {
-  return mkdtemp(path.join(os.tmpdir(), "prisma-cli-"));
-}
-
-describe("prepare cli publish", () => {
-  it("stages a public package manifest for @prisma/cli", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          private: true,
-          version: "3.0.0-development",
-          description: "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          engines: {
-            node: ">=20",
-          },
-          keywords: ["prisma", "cli"],
-          repository: {
-            type: "git",
-            url: "https://github.com/prisma/prisma-cli.git",
-            directory: "packages/cli",
-          },
-          homepage: "https://github.com/prisma/prisma-cli#readme",
-          bugs: {
-            url: "https://github.com/prisma/prisma-cli/issues",
-          },
-          license: "Apache-2.0",
-          dependencies: {
-            commander: "^12.1.0",
-          },
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(path.join(sourceDir, "README.md"), "# Test package\n", "utf8");
-    await writeFile(path.join(sourceDir, "dist/cli.js"), "#!/usr/bin/env node\nconsole.log('ok')\n", "utf8");
-
-    const stagedPath = await stageCliPublishPackage({ sourceDir, outputDir });
-    const manifest = JSON.parse(await readFile(path.join(stagedPath, "package.json"), "utf8"));
-
-    expect(stagedPath).toBe(outputDir);
-    expect(manifest).toEqual({
-      name: "@prisma/cli",
-      version: "3.0.0-development",
-      description: "Command-line interface for the Prisma Developer Platform.",
-      type: "module",
-      bin: {
-        "prisma-cli": "./dist/cli.js",
-      },
-      files: ["dist", "README.md", "LICENSE"],
-      publishConfig: {
-        access: "public",
-      },
-      engines: {
-        node: ">=20",
-      },
-      keywords: ["prisma", "cli"],
-      repository: {
-        type: "git",
-        url: "https://github.com/prisma/prisma-cli.git",
-        directory: "packages/cli",
-      },
-      homepage: "https://github.com/prisma/prisma-cli#readme",
-      bugs: {
-        url: "https://github.com/prisma/prisma-cli/issues",
-      },
-      license: "Apache-2.0",
-      dependencies: {
-        commander: "^12.1.0",
-      },
-    });
-    expect(manifest).not.toHaveProperty("private");
-  });
-
-  it("uses an injected publish version when staging the package", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          version: "3.0.0-development",
-          description: "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          dependencies: {},
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(path.join(sourceDir, "README.md"), "# Test package\n", "utf8");
-    await writeFile(path.join(sourceDir, "dist/cli.js"), "#!/usr/bin/env node\nconsole.log('ok')\n", "utf8");
-
-    const stagedPath = await stageCliPublishPackage({
-      sourceDir,
-      outputDir,
-      publishVersion: "3.0.0-beta.0",
-    });
-    const manifest = JSON.parse(await readFile(path.join(stagedPath, "package.json"), "utf8"));
-
-    expect(manifest.version).toBe("3.0.0-beta.0");
-  });
-
-  it("stages only npm package files", async () => {
-    const cwd = await createTempCwd();
-    const sourceDir = path.join(cwd, "source");
-    const outputDir = path.join(cwd, "staged");
-
-    await mkdir(path.join(sourceDir, "dist"), { recursive: true });
-    await mkdir(path.join(sourceDir, "src"), { recursive: true });
-    await mkdir(path.join(sourceDir, "tests"), { recursive: true });
-    await mkdir(path.join(sourceDir, "fixtures"), { recursive: true });
-    await writeFile(path.join(cwd, "LICENSE"), "Apache-2.0\n", "utf8");
-    await writeFile(
-      path.join(sourceDir, "package.json"),
-      JSON.stringify(
-        {
-          name: "@prisma/cli",
-          version: "3.0.0-development",
-          description: "Command-line interface for the Prisma Developer Platform.",
-          type: "module",
-          dependencies: {},
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
-    await writeFile(path.join(sourceDir, "README.md"), "# Test package\n", "utf8");
-    await writeFile(path.join(sourceDir, "dist/cli.js"), "#!/usr/bin/env node\nconsole.log('ok')\n", "utf8");
-    await writeFile(path.join(sourceDir, "src/cli.ts"), "export {}\n", "utf8");
-    await writeFile(path.join(sourceDir, "tests/cli.test.ts"), "export {}\n", "utf8");
-    await writeFile(path.join(sourceDir, "fixtures/mock-api.json"), "{}\n", "utf8");
-
-    const stagedPath = await stageCliPublishPackage({ sourceDir, outputDir });
-    const topLevelFiles = await readdir(stagedPath);
-    const distFiles = await readdir(path.join(stagedPath, "dist"));
-
-    expect(topLevelFiles.sort()).toEqual(["LICENSE", "README.md", "dist", "package.json"]);
-    expect(distFiles).toEqual(["cli.js"]);
-  });
-});
diff --git a/packages/cli/tests/resolve-cli-version.test.ts b/packages/cli/tests/resolve-package-version.test.ts
similarity index 67%
rename from packages/cli/tests/resolve-cli-version.test.ts
rename to packages/cli/tests/resolve-package-version.test.ts
index 74550d0..a24bb99 100644
--- a/packages/cli/tests/resolve-cli-version.test.ts
+++ b/packages/cli/tests/resolve-package-version.test.ts
@@ -9,30 +9,31 @@ import {
   resolveDevVersion,
   resolveNextBetaVersion,
   resolvePrVersion,
-} from "../../../scripts/resolve-cli-version.mjs";
+} from "../../../scripts/resolve-package-version.mjs";
 
 const execFileAsync = promisify(execFile);
 const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../../..");
-const scriptPath = path.join(repoRoot, "scripts/resolve-cli-version.mjs");
+const scriptPath = path.join(repoRoot, "scripts/resolve-package-version.mjs");
 
-describe("resolve cli version", () => {
+describe("resolve package version", () => {
   it("computes the first beta when npm latest is missing or still legacy 2.x", () => {
-    expect(resolveNextBetaVersion("")).toBe("3.0.0-beta.0");
-    expect(resolveNextBetaVersion("2.20.1")).toBe("3.0.0-beta.0");
+    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "" })).toBe("3.0.0-beta.0");
+    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "2.20.1" })).toBe("3.0.0-beta.0");
   });
 
   it("increments the beta number from the current npm latest", () => {
-    expect(resolveNextBetaVersion("3.0.0-beta.0")).toBe("3.0.0-beta.1");
+    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0-beta.0" })).toBe("3.0.0-beta.1");
   });
 
   it("fails when npm latest is outside the supported beta line", () => {
-    expect(() => resolveNextBetaVersion("3.0.0")).toThrow(
+    expect(() => resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0" })).toThrow(
       "Cannot compute the next beta from npm latest (3.0.0).",
     );
   });
 
   it("computes a unique dev build version", () => {
     expect(resolveDevVersion({
+      baseVersion: "3.0.0",
       runNumber: "123",
       runAttempt: "2",
     })).toBe("3.0.0-dev.123.2");
@@ -40,6 +41,7 @@ describe("resolve cli version", () => {
 
   it("computes an exact PR preview version", () => {
     expect(resolvePrVersion({
+      baseVersion: "3.0.0",
       prNumber: "43",
       sha: "f1110dd704a9382c429b",
     })).toBe("3.0.0-pr.43.shaf1110dd704a9");
@@ -49,6 +51,8 @@ describe("resolve cli version", () => {
     const { stdout } = await execFileAsync(process.execPath, [
       scriptPath,
       "next-beta",
+      "--package-dir",
+      "packages/cli",
       "--latest",
       "3.0.0-beta.0",
     ]);
diff --git a/packages/compute/.npmignore b/packages/compute/.npmignore
new file mode 100644
index 0000000..17cabed
--- /dev/null
+++ b/packages/compute/.npmignore
@@ -0,0 +1,6 @@
+src/
+tests/
+fixtures/
+docs/
+.prisma/
+.publish/
diff --git a/packages/compute/LICENSE b/packages/compute/LICENSE
new file mode 100644
index 0000000..c6732f4
--- /dev/null
+++ b/packages/compute/LICENSE
@@ -0,0 +1,158 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work by
+the copyright owner or by an individual or Legal Entity authorized to submit on
+behalf of the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent to the
+Licensor or its representatives, including but not limited to communication on
+electronic mailing lists, source code control systems, and issue tracking
+systems that are managed by, or on behalf of, the Licensor for the purpose of
+discussing and improving the Work, but excluding communication that is
+conspicuously marked or otherwise designated in writing by the copyright owner
+as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+License, each Contributor hereby grants to You a perpetual, worldwide,
+non-exclusive, no-charge, royalty-free, irrevocable copyright license to
+reproduce, prepare Derivative Works of, publicly display, publicly perform,
+sublicense, and distribute the Work and such Derivative Works in Source or Object
+form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License,
+each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise
+transfer the Work, where such license applies only to those patent claims
+licensable by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s) with the Work to
+which such Contribution(s) was submitted. If You institute patent litigation
+against any entity (including a cross-claim or counterclaim in a lawsuit)
+alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate as of the date
+such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or
+Derivative Works thereof in any medium, with or without modifications, and in
+Source or Object form, provided that You meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+
+(b) You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works that You
+distribute, all copyright, patent, trademark, and attribution notices from the
+Source form of the Work, excluding those notices that do not pertain to any part
+of the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its distribution, then
+any Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the Derivative
+Works; within the Source form or documentation, if provided along with the
+Derivative Works; or, within a display generated by the Derivative Works, if and
+wherever such third-party notices normally appear. The contents of the NOTICE
+file are for informational purposes only and do not modify the License. You may
+add Your own attribution notices within Derivative Works that You distribute,
+alongside or as an addendum to the NOTICE text from the Work, provided that such
+additional attribution notices cannot be construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any
+Contribution intentionally submitted for inclusion in the Work by You to the
+Licensor shall be under the terms and conditions of this License, without any
+additional terms or conditions. Notwithstanding the above, nothing herein shall
+supersede or modify the terms of any separate license agreement you may have
+executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names,
+trademarks, service marks, or product names of the Licensor, except as required
+for reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
+writing, Licensor provides the Work (and each Contributor provides its
+Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied, including, without limitation, any warranties or
+conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks
+associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in
+tort (including negligence), contract, or otherwise, unless required by
+applicable law (such as deliberate and grossly negligent acts) or agreed to in
+writing, shall any Contributor be liable to You for damages, including any
+direct, indirect, special, incidental, or consequential damages of any character
+arising as a result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill, work stoppage,
+computer failure or malfunction, or any and all other commercial damages or
+losses), even if such Contributor has been advised of the possibility of such
+damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or
+Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or
+rights consistent with this License. However, in accepting such obligations, You
+may act only on Your own behalf and on Your sole responsibility, not on behalf of
+any other Contributor, and only if You agree to indemnify, defend, and hold each
+Contributor harmless for any liability incurred by, or claims asserted against,
+such Contributor by reason of your accepting any such warranty or additional
+liability.
+
+END OF TERMS AND CONDITIONS
diff --git a/packages/compute/package.json b/packages/compute/package.json
index 92e01d4..550406a 100644
--- a/packages/compute/package.json
+++ b/packages/compute/package.json
@@ -37,6 +37,7 @@
   "license": "Apache-2.0",
   "scripts": {
     "build": "tsdown",
+    "prepack": "pnpm run build",
     "test": "vitest run"
   },
   "devDependencies": {
diff --git a/scripts/prepare-cli-publish.mjs b/scripts/prepare-cli-publish.mjs
deleted file mode 100644
index fa1813b..0000000
--- a/scripts/prepare-cli-publish.mjs
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/usr/bin/env node
-
-import { access, cp, mkdir, readFile, rm, writeFile } from "node:fs/promises";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-export async function stageCliPublishPackage(options = {}) {
-  const sourceDir = options.sourceDir ?? path.join(getRepoRoot(), "packages/cli");
-  const outputDir = options.outputDir ?? path.join(getRepoRoot(), ".publish/cli");
-  const publishVersion = options.publishVersion;
-
-  await ensureBuildArtifacts(sourceDir);
-
-  await rm(outputDir, { recursive: true, force: true });
-  await mkdir(outputDir, { recursive: true });
-
-  await cp(path.join(sourceDir, "dist"), path.join(outputDir, "dist"), { recursive: true });
-  await cp(path.join(sourceDir, "README.md"), path.join(outputDir, "README.md"));
-  await cp(path.join(getRepoRoot(), "LICENSE"), path.join(outputDir, "LICENSE"));
-
-  const sourceManifest = JSON.parse(
-    await readFile(path.join(sourceDir, "package.json"), "utf8"),
-  );
-
-  const publishManifest = {
-    name: sourceManifest.name,
-    version: publishVersion ?? sourceManifest.version,
-    description: sourceManifest.description,
-    type: sourceManifest.type,
-    bin: {
-      "prisma-cli": "./dist/cli.js",
-    },
-    files: ["dist", "README.md", "LICENSE"],
-    publishConfig: {
-      access: "public",
-    },
-    engines: sourceManifest.engines,
-    keywords: sourceManifest.keywords,
-    repository: sourceManifest.repository,
-    homepage: sourceManifest.homepage,
-    bugs: sourceManifest.bugs,
-    license: sourceManifest.license,
-    dependencies: sourceManifest.dependencies,
-  };
-
-  await writeFile(
-    path.join(outputDir, "package.json"),
-    `${JSON.stringify(removeUndefinedFields(publishManifest), null, 2)}\n`,
-    "utf8",
-  );
-
-  return outputDir;
-}
-
-function getRepoRoot() {
-  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
-}
-
-async function ensureBuildArtifacts(sourceDir) {
-  const builtCliPath = path.join(sourceDir, "dist/cli.js");
-
-  try {
-    await access(builtCliPath);
-  } catch {
-    throw new Error(
-      `Missing built CLI artifact at ${builtCliPath}. Run "pnpm --filter @prisma/cli build" first.`,
-    );
-  }
-}
-
-function removeUndefinedFields(value) {
-  return Object.fromEntries(
-    Object.entries(value).filter(([, entryValue]) => entryValue !== undefined),
-  );
-}
-
-async function main() {
-  const { outputDir, publishVersion } = parseCliArgs(process.argv.slice(2));
-  const stagedPath = await stageCliPublishPackage(
-    {
-      ...(outputDir ? { outputDir: path.resolve(outputDir) } : {}),
-      ...(publishVersion ? { publishVersion } : {}),
-    },
-  );
-  process.stdout.write(`${stagedPath}\n`);
-}
-
-function parseCliArgs(args) {
-  let outputDir;
-  let publishVersion = process.env.CLI_PUBLISH_VERSION;
-
-  for (let index = 0; index < args.length; index += 1) {
-    const arg = args[index];
-
-    if (arg === "--version") {
-      const nextArg = args[index + 1];
-      if (!nextArg || nextArg.startsWith("--")) {
-        throw new Error("--version requires a value.");
-      }
-      publishVersion = nextArg;
-      index += 1;
-      continue;
-    }
-
-    if (arg?.startsWith("--version=")) {
-      publishVersion = arg.slice("--version=".length);
-      continue;
-    }
-
-    if (arg?.startsWith("--")) {
-      throw new Error(`Unknown option: ${arg}`);
-    }
-
-    if (outputDir) {
-      throw new Error(`Unexpected argument: ${arg}`);
-    }
-
-    outputDir = arg;
-  }
-
-  if (publishVersion !== undefined && publishVersion.trim() === "") {
-    throw new Error("Publish version cannot be empty.");
-  }
-
-  return { outputDir, publishVersion };
-}
-
-if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
-  main().catch((error) => {
-    const message = error instanceof Error ? error.stack ?? error.message : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-  });
-}
diff --git a/scripts/prepare-compute-publish.mjs b/scripts/prepare-compute-publish.mjs
deleted file mode 100644
index 5f5fb00..0000000
--- a/scripts/prepare-compute-publish.mjs
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/usr/bin/env node
-
-import { access, cp, mkdir, readFile, rm, writeFile } from "node:fs/promises";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-export async function stageComputePublishPackage(options = {}) {
-  const sourceDir = options.sourceDir ?? path.join(getRepoRoot(), "packages/compute");
-  const outputDir = options.outputDir ?? path.join(getRepoRoot(), ".publish/compute");
-  const publishVersion = options.publishVersion;
-
-  await ensureBuildArtifacts(sourceDir);
-
-  await rm(outputDir, { recursive: true, force: true });
-  await mkdir(outputDir, { recursive: true });
-
-  await cp(path.join(sourceDir, "dist"), path.join(outputDir, "dist"), { recursive: true });
-  await cp(path.join(sourceDir, "README.md"), path.join(outputDir, "README.md"));
-  await cp(path.join(getRepoRoot(), "LICENSE"), path.join(outputDir, "LICENSE"));
-
-  const sourceManifest = JSON.parse(
-    await readFile(path.join(sourceDir, "package.json"), "utf8"),
-  );
-
-  const publishManifest = {
-    name: sourceManifest.name,
-    version: publishVersion ?? sourceManifest.version,
-    description: sourceManifest.description,
-    type: sourceManifest.type,
-    exports: sourceManifest.exports,
-    files: ["dist", "README.md", "LICENSE"],
-    publishConfig: {
-      access: "public",
-    },
-    engines: sourceManifest.engines,
-    keywords: sourceManifest.keywords,
-    repository: sourceManifest.repository,
-    homepage: sourceManifest.homepage,
-    bugs: sourceManifest.bugs,
-    license: sourceManifest.license,
-  };
-
-  await writeFile(
-    path.join(outputDir, "package.json"),
-    `${JSON.stringify(removeUndefinedFields(publishManifest), null, 2)}\n`,
-    "utf8",
-  );
-
-  return outputDir;
-}
-
-function getRepoRoot() {
-  return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
-}
-
-async function ensureBuildArtifacts(sourceDir) {
-  const builtIndexPath = path.join(sourceDir, "dist/index.js");
-  const builtTypesPath = path.join(sourceDir, "dist/index.d.ts");
-
-  try {
-    await access(builtIndexPath);
-    await access(builtTypesPath);
-  } catch {
-    throw new Error(
-      `Missing built compute artifacts in ${path.join(sourceDir, "dist")}. Run "pnpm --filter @prisma/compute build" first.`,
-    );
-  }
-}
-
-function removeUndefinedFields(value) {
-  return Object.fromEntries(
-    Object.entries(value).filter(([, entryValue]) => entryValue !== undefined),
-  );
-}
-
-async function main() {
-  const { outputDir, publishVersion } = parseCliArgs(process.argv.slice(2));
-  const stagedPath = await stageComputePublishPackage(
-    {
-      ...(outputDir ? { outputDir: path.resolve(outputDir) } : {}),
-      ...(publishVersion ? { publishVersion } : {}),
-    },
-  );
-  process.stdout.write(`${stagedPath}\n`);
-}
-
-function parseCliArgs(args) {
-  let outputDir;
-  let publishVersion = process.env.COMPUTE_PUBLISH_VERSION;
-
-  for (let index = 0; index < args.length; index += 1) {
-    const arg = args[index];
-
-    if (arg === "--version") {
-      const nextArg = args[index + 1];
-      if (!nextArg || nextArg.startsWith("--")) {
-        throw new Error("--version requires a value.");
-      }
-      publishVersion = nextArg;
-      index += 1;
-      continue;
-    }
-
-    if (arg?.startsWith("--version=")) {
-      publishVersion = arg.slice("--version=".length);
-      continue;
-    }
-
-    if (arg?.startsWith("--")) {
-      throw new Error(`Unknown option: ${arg}`);
-    }
-
-    if (outputDir) {
-      throw new Error(`Unexpected argument: ${arg}`);
-    }
-
-    outputDir = arg;
-  }
-
-  if (publishVersion !== undefined && publishVersion.trim() === "") {
-    throw new Error("Publish version cannot be empty.");
-  }
-
-  return { outputDir, publishVersion };
-}
-
-if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
-  main().catch((error) => {
-    const message = error instanceof Error ? error.stack ?? error.message : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-  });
-}

From cd0e7c15515b8cf314ed705586e1b60fb9cd11a3 Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 07:35:28 -0400
Subject: [PATCH 3/8] Remove redundant publish workflow options

---
 .github/workflows/publish-cli.yml     | 3 ---
 .github/workflows/publish-compute.yml | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 571bdc7..1a084d9 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -36,7 +36,6 @@ jobs:
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version-file: package.json
-          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -88,7 +87,6 @@ jobs:
 
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
-          fetch-depth: 0
           persist-credentials: false
 
       - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
@@ -98,7 +96,6 @@ jobs:
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version-file: package.json
-          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
index eeee189..f06bcdc 100644
--- a/.github/workflows/publish-compute.yml
+++ b/.github/workflows/publish-compute.yml
@@ -36,7 +36,6 @@ jobs:
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version-file: package.json
-          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -88,7 +87,6 @@ jobs:
 
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
-          fetch-depth: 0
           persist-credentials: false
 
       - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
@@ -98,7 +96,6 @@ jobs:
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version-file: package.json
-          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile

From 57b508cc730df57d0c5634422f3be581c943368c Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 07:38:07 -0400
Subject: [PATCH 4/8] Remove workflow diary note

---
 .agents/diary/pr-quality-workflow.md | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 .agents/diary/pr-quality-workflow.md

diff --git a/.agents/diary/pr-quality-workflow.md b/.agents/diary/pr-quality-workflow.md
deleted file mode 100644
index 775525f..0000000
--- a/.agents/diary/pr-quality-workflow.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Unrelated bug or code smell: The new recursive typecheck command exposes existing `packages/cli` TypeScript errors in `src/lib/app/branch-database.ts`, `tests/helpers.ts`, several `project-real-mode` mocks, and imports from scripts without declarations. The workflow change intentionally does not fix these code issues.
-Unrelated bug or code smell: The new recursive test command currently fails in `packages/cli` because `tests/resolve-cli-version.test.ts` imports the deleted `scripts/resolve-cli-version.mjs`, and several other tests time out. This is outside the PR Quality workflow scope.

From 380fac151c321907b8c0370ac4332eaaa21083e5 Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 08:00:21 -0400
Subject: [PATCH 5/8] Pin CI Node version separately from engine range

---
 .github/workflows/pr-quality.yml          | 4 ++--
 .github/workflows/preview-cli-package.yml | 2 +-
 .github/workflows/publish-cli.yml         | 4 ++--
 .github/workflows/publish-compute.yml     | 4 ++--
 .node-version                             | 1 +
 package.json                              | 2 +-
 6 files changed, 9 insertions(+), 8 deletions(-)
 create mode 100644 .node-version

diff --git a/.github/workflows/pr-quality.yml b/.github/workflows/pr-quality.yml
index 9d40d8e..a04f639 100644
--- a/.github/workflows/pr-quality.yml
+++ b/.github/workflows/pr-quality.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
           cache: pnpm
 
       - name: Install dependencies
@@ -65,7 +65,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
           cache: pnpm
 
       - name: Install dependencies
diff --git a/.github/workflows/preview-cli-package.yml b/.github/workflows/preview-cli-package.yml
index 5468ccc..fb9e611 100644
--- a/.github/workflows/preview-cli-package.yml
+++ b/.github/workflows/preview-cli-package.yml
@@ -31,7 +31,7 @@ jobs:
 
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 1a084d9..90cb0a9 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -35,7 +35,7 @@ jobs:
 
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -95,7 +95,7 @@ jobs:
 
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
index f06bcdc..ca23111 100644
--- a/.github/workflows/publish-compute.yml
+++ b/.github/workflows/publish-compute.yml
@@ -35,7 +35,7 @@ jobs:
 
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -95,7 +95,7 @@ jobs:
 
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version-file: package.json
+          node-version-file: .node-version
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
diff --git a/.node-version b/.node-version
new file mode 100644
index 0000000..1d9b783
--- /dev/null
+++ b/.node-version
@@ -0,0 +1 @@
+22.12.0
diff --git a/package.json b/package.json
index b2b0bbe..f7d6f9a 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "prisma-cli",
   "private": true,
   "engines": {
-    "node": "22.12.0"
+    "node": ">=22.12.0"
   },
   "packageManager": "pnpm@10.30.0",
   "scripts": {

From 73a4c3db58cf8d52faadb0d75d404f6abb1221dc Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 11:26:22 -0400
Subject: [PATCH 6/8] Document pre-commit verification

---
 AGENTS.md                                     |  9 +++
 .../cli/tests/resolve-package-version.test.ts | 18 ++++--
 scripts/resolve-package-version.d.mts         |  4 +-
 scripts/resolve-package-version.mjs           | 59 +++++++++++++------
 4 files changed, 64 insertions(+), 26 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index f9ba31f..d3183fd 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -15,3 +15,12 @@ Use this file for repo-wide instructions. Use package-local `AGENTS.md` files fo
 
 - Use `pnpm` for commands run inside this repo.
 - Use `npm` or multiple package-manager examples in user-facing content.
+
+## Pre-Commit Verification
+
+- `pnpm --recursive exec tsc --noEmit`
+- `pnpm lint`
+- Package-specific tests for changed packages
+  - `pnpm --filter @prisma/cli test`
+  - `pnpm --filter @prisma/compute test`
+- If verification fails because work is intentionally incomplete, include the failing command and reason in the commit message.
diff --git a/packages/cli/tests/resolve-package-version.test.ts b/packages/cli/tests/resolve-package-version.test.ts
index 5200980..d2aa319 100644
--- a/packages/cli/tests/resolve-package-version.test.ts
+++ b/packages/cli/tests/resolve-package-version.test.ts
@@ -20,18 +20,24 @@ const scriptPath = path.join(repoRoot, "scripts/resolve-package-version.mjs");
 
 describe("resolve package version", () => {
   it("computes the first beta when npm latest is missing or still legacy 2.x", () => {
-    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "" })).toBe("3.0.0-beta.0");
-    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "2.20.1" })).toBe("3.0.0-beta.0");
+    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "" })).toBe(
+      "3.0.0-beta.0",
+    );
+    expect(
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "2.20.1" }),
+    ).toBe("3.0.0-beta.0");
   });
 
   it("increments the beta number from the current npm latest", () => {
-    expect(resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0-beta.0" })).toBe("3.0.0-beta.1");
+    expect(
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0-beta.0" }),
+    ).toBe("3.0.0-beta.1");
   });
 
   it("fails when npm latest is outside the supported beta line", () => {
-    expect(() => resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0" })).toThrow(
-      "Cannot compute the next beta from npm latest (3.0.0).",
-    );
+    expect(() =>
+      resolveNextBetaVersion({ baseVersion: "3.0.0", latest: "3.0.0" }),
+    ).toThrow("Cannot compute the next beta from npm latest (3.0.0).");
   });
 
   it("computes a unique dev build version", () => {
diff --git a/scripts/resolve-package-version.d.mts b/scripts/resolve-package-version.d.mts
index a9447a4..1d1acb2 100644
--- a/scripts/resolve-package-version.d.mts
+++ b/scripts/resolve-package-version.d.mts
@@ -15,4 +15,6 @@ export declare function resolveNextBetaVersion(options: {
   latest?: string | null;
 }): string;
 
-export declare function resolvePackageReleaseBaseVersion(packageDir: string): string;
+export declare function resolvePackageReleaseBaseVersion(
+  packageDir: string,
+): string;
diff --git a/scripts/resolve-package-version.mjs b/scripts/resolve-package-version.mjs
index be7de63..d241c73 100644
--- a/scripts/resolve-package-version.mjs
+++ b/scripts/resolve-package-version.mjs
@@ -1,9 +1,12 @@
 #!/usr/bin/env node
 
-import path from "node:path";
 import { readFileSync } from "node:fs";
+import path from "node:path";
 import { fileURLToPath } from "node:url";
 
+const PACKAGE_VERSION_PATTERN = /^(\d+\.\d+\.\d+)(?:-.+)?$/;
+const VERSION_CORE_PATTERN = /^(\d+)\.(\d+)\.(\d+)(?:-.+)?$/;
+
 export function resolveDevVersion(options) {
   const baseVersion = requireValue(options.baseVersion, "baseVersion");
   const runNumber = requireValue(options.runNumber, "runNumber");
@@ -29,7 +32,9 @@ export function resolveNextBetaVersion(options) {
     return `${baseVersion}-beta.0`;
   }
 
-  const betaMatch = normalizedLatest.match(new RegExp(`^${escapeRegExp(baseVersion)}-beta\\.(\\d+)$`));
+  const betaMatch = normalizedLatest.match(
+    new RegExp(`^${escapeRegExp(baseVersion)}-beta\\.(\\d+)$`),
+  );
   if (betaMatch) {
     const nextNumber = Number(betaMatch[1]) + 1;
     return `${baseVersion}-beta.${nextNumber}`;
@@ -43,11 +48,16 @@ export function resolveNextBetaVersion(options) {
 export function resolvePackageReleaseBaseVersion(packageDir) {
   const manifestPath = path.join(getRepoRoot(), packageDir, "package.json");
   const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
-  const version = requireValue(manifest.version, `${packageDir} package.json version`);
-  const match = version.match(/^(\d+\.\d+\.\d+)(?:-.+)?$/);
+  const version = requireValue(
+    manifest.version,
+    `${packageDir} package.json version`,
+  );
+  const match = version.match(PACKAGE_VERSION_PATTERN);
 
   if (!match) {
-    throw new Error(`Cannot derive release base from ${packageDir} package version (${version}).`);
+    throw new Error(
+      `Cannot derive release base from ${packageDir} package version (${version}).`,
+    );
   }
 
   return match[1];
@@ -79,7 +89,7 @@ function isOlderReleaseLine(latest, baseVersion) {
 }
 
 function parseVersionCore(version) {
-  const match = version.match(/^(\d+)\.(\d+)\.(\d+)(?:-.+)?$/);
+  const match = version.match(VERSION_CORE_PATTERN);
 
   if (!match) {
     return undefined;
@@ -139,34 +149,45 @@ function main() {
   const baseVersion = resolvePackageReleaseBaseVersion(packageDir);
 
   if (command === "dev") {
-    process.stdout.write(`version=${resolveDevVersion({
-      baseVersion,
-      runNumber: options["run-number"],
-      runAttempt: options["run-attempt"],
-    })}\n`);
+    process.stdout.write(
+      `version=${resolveDevVersion({
+        baseVersion,
+        runNumber: options["run-number"],
+        runAttempt: options["run-attempt"],
+      })}\n`,
+    );
     return;
   }
 
   if (command === "pr") {
-    process.stdout.write(`version=${resolvePrVersion({
-      baseVersion,
-      prNumber: options["pr-number"],
-      sha: options.sha,
-    })}\n`);
+    process.stdout.write(
+      `version=${resolvePrVersion({
+        baseVersion,
+        prNumber: options["pr-number"],
+        sha: options.sha,
+      })}\n`,
+    );
     return;
   }
 
   if (command === "next-beta") {
     const latest = options.latest ?? "";
     process.stdout.write(`latest=${latest}\n`);
-    process.stdout.write(`version=${resolveNextBetaVersion({ baseVersion, latest })}\n`);
+    process.stdout.write(
+      `version=${resolveNextBetaVersion({ baseVersion, latest })}\n`,
+    );
     return;
   }
 
-  throw new Error("Usage: resolve-package-version.mjs <dev|pr|next-beta> [--package-dir <path>] [options]");
+  throw new Error(
+    "Usage: resolve-package-version.mjs <dev|pr|next-beta> [--package-dir <path>] [options]",
+  );
 }
 
-if (process.argv[1] && fileURLToPath(import.meta.url) === path.resolve(process.argv[1])) {
+if (
+  process.argv[1] &&
+  fileURLToPath(import.meta.url) === path.resolve(process.argv[1])
+) {
   try {
     main();
   } catch (error) {

From 81375f82fc83ea5dae6a8d3a5fe96f00483e2f7e Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 11:41:56 -0400
Subject: [PATCH 7/8] Fix publish workflow release checks

---
 .github/workflows/publish-cli.yml     | 17 ++++++-----------
 .github/workflows/publish-compute.yml | 17 ++++++-----------
 2 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 90cb0a9..3afa252 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -52,13 +52,9 @@ jobs:
         working-directory: packages/cli
         run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
-      - name: Check npm authentication
-        working-directory: packages/cli
-        run: pnpm whoami
-
       - name: Publish dev package to npm
         working-directory: packages/cli
-        run: pnpm publish --access public --tag dev --provenance
+        run: pnpm publish --access public --tag dev --provenance --no-git-checks
 
       - name: Summarize dev publish
         run: |
@@ -122,6 +118,10 @@ jobs:
         working-directory: packages/cli
         run: pnpm version '${{ steps.cli_version.outputs.version }}' --no-git-tag-version
 
+      - name: Validate package artifact
+        working-directory: packages/cli
+        run: pnpm pack --dry-run
+
       - name: Ensure release still targets the latest main
         if: ${{ !inputs.dry_run }}
         run: |
@@ -131,15 +131,10 @@ jobs:
             exit 1
           fi
 
-      - name: Check npm authentication
-        if: ${{ !inputs.dry_run }}
-        working-directory: packages/cli
-        run: pnpm whoami
-
       - name: Publish official package to npm
         if: ${{ !inputs.dry_run }}
         working-directory: packages/cli
-        run: pnpm publish --access public --tag latest --provenance
+        run: pnpm publish --access public --tag latest --provenance --no-git-checks
 
       - name: Create release tag
         if: ${{ !inputs.dry_run }}
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
index ca23111..2d424cf 100644
--- a/.github/workflows/publish-compute.yml
+++ b/.github/workflows/publish-compute.yml
@@ -52,13 +52,9 @@ jobs:
         working-directory: packages/compute
         run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
 
-      - name: Check npm authentication
-        working-directory: packages/compute
-        run: pnpm whoami
-
       - name: Publish dev package to npm
         working-directory: packages/compute
-        run: pnpm publish --access public --tag dev --provenance
+        run: pnpm publish --access public --tag dev --provenance --no-git-checks
 
       - name: Summarize dev publish
         run: |
@@ -122,6 +118,10 @@ jobs:
         working-directory: packages/compute
         run: pnpm version '${{ steps.compute_version.outputs.version }}' --no-git-tag-version
 
+      - name: Validate package artifact
+        working-directory: packages/compute
+        run: pnpm pack --dry-run
+
       - name: Ensure release still targets the latest main
         if: ${{ !inputs.dry_run }}
         run: |
@@ -131,15 +131,10 @@ jobs:
             exit 1
           fi
 
-      - name: Check npm authentication
-        if: ${{ !inputs.dry_run }}
-        working-directory: packages/compute
-        run: pnpm whoami
-
       - name: Publish official package to npm
         if: ${{ !inputs.dry_run }}
         working-directory: packages/compute
-        run: pnpm publish --access public --tag latest --provenance
+        run: pnpm publish --access public --tag latest --provenance --no-git-checks
 
       - name: Create release tag
         if: ${{ !inputs.dry_run }}

From 88fcb89ceeb2886c9a3762e10e444694d8cec180 Mon Sep 17 00:00:00 2001
From: Tyler Benfield <benfield@prisma.io>
Date: Fri, 12 Jun 2026 12:01:55 -0400
Subject: [PATCH 8/8] Address publish workflow review comments

---
 .github/workflows/publish-cli.yml     | 3 +++
 .github/workflows/publish-compute.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 3afa252..14c45d4 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -18,6 +18,7 @@ concurrency:
 
 jobs:
   publish-dev:
+    name: Publish dev package
     if: ${{ github.event_name == 'push' }}
     runs-on: ubuntu-latest
     permissions:
@@ -67,6 +68,7 @@ jobs:
           } >> "$GITHUB_STEP_SUMMARY"
 
   publish-official:
+    name: Publish official release
     if: ${{ github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     permissions:
@@ -101,6 +103,7 @@ jobs:
         run: |
           PACKAGE='@prisma/cli'
           LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          echo "latest=${LATEST}" >> "$GITHUB_OUTPUT"
           node scripts/resolve-package-version.mjs next-beta \
             --package-dir packages/cli \
             --latest "${LATEST}" >> "$GITHUB_OUTPUT"
diff --git a/.github/workflows/publish-compute.yml b/.github/workflows/publish-compute.yml
index 2d424cf..7275ec7 100644
--- a/.github/workflows/publish-compute.yml
+++ b/.github/workflows/publish-compute.yml
@@ -18,6 +18,7 @@ concurrency:
 
 jobs:
   publish-dev:
+    name: Publish dev package
     if: ${{ github.event_name == 'push' }}
     runs-on: ubuntu-latest
     permissions:
@@ -67,6 +68,7 @@ jobs:
           } >> "$GITHUB_STEP_SUMMARY"
 
   publish-official:
+    name: Publish official release
     if: ${{ github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     permissions:
@@ -101,6 +103,7 @@ jobs:
         run: |
           PACKAGE='@prisma/compute'
           LATEST="$(pnpm view "${PACKAGE}" dist-tags.latest --silent 2>/dev/null || true)"
+          echo "latest=${LATEST}" >> "$GITHUB_OUTPUT"
           node scripts/resolve-package-version.mjs next-beta \
             --package-dir packages/compute \
             --latest "${LATEST}" >> "$GITHUB_OUTPUT"