- Status: Accepted
- Date: 2026-06-23
- Deciders: Achref Soua
Quiver installs today from source (cargo install --path crates/quiver-cli),
from the tag-triggered GitHub-release binaries (ADR-0044), and from the SDK
source trees (pip install ./sdks/python, pnpm add ./sdks/typescript). Three
launch gaps remain:
- No published packages. The
quiverbinary is not on crates.io, and the SDKs are not on PyPI / npm. The crates.io namequiver-cliis held by an unrelated third-party crate (recorded since v0.12.0);quiver-clientwas free on PyPI and npm when last checked. The crates also lack the metadata crates.io requires (description,keywords,categories,readme). - No changelog. There is no
CHANGELOG.md; the release history lives only in git tags, the roadmap, and GitHub release notes. - No Kubernetes story.
infra/has Docker and a Grafana dashboard but no Helm chart or raw manifests, so self-hosting on a cluster is undocumented.
The registry tokens, the live publish, and confirming a free CLI name are owner actions — this ADR wires and verifies the pipeline; it does not claim a live publish.
-
CHANGELOG.mdin Keep a Changelog format, backfilledv0.1.0 → v0.20.1from the roadmap and tags, with an[Unreleased]section maintained going forward and a link reference per tag. -
Crate publish metadata. Every workspace crate gains the metadata crates.io requires —
description,keywords,categories, andreadme— on top of the workspace-inheritedlicense,repository,authors, andrust-version. Internal deps already carry aversionalongsidepath, so they rewrite cleanly to registry deps on publish. -
crates.io naming (verified against the sparse index, 2026-06-23). Two
quiver-*names are held by unrelated projects:quiver-cli— squatted (recorded since v0.12.0).quiver-core— an unrelated crate (deiu25/quiver, "Domain types and traits for the quiver workspace", v0.1.3).
Every other library name (
quiver-crypto,quiver-simd,quiver-proto,quiver-index,quiver-query,quiver-embed,quiver-import,quiver-mcp,quiver-server,quiver-tui) is free. Becausecargo installresolves a binary's whole dependency tree from the registry, thequiver-corecollision blocks the crates.io path for the entire workspace, not just one crate.Decision: publish under the fully-free
quiverdb-*namespace (quiverdb-core, …,quiverdb-server) with the CLI asquiverdb(all eleven verified free). Each renamed crate keeps[lib] name = "quiver_*"and apackage = "quiverdb-*"rename in its dependents, so there are no Rust source changes and the binary staysquiver. The namespace rename is a focused follow-up PR (it touches everyCargo.tomldependency key) and the live publish is owner-gated; this ADR records the decision and the verified table. The PyPI/npm SDK name (quiver-client) is free on both registries, so those publish paths are unblocked today. -
Publish pipeline (
release.yml). Three tag-gated publish jobs run after the binary release, each guarded by a repository secret so a fork or a token-less repo skips it cleanly rather than failing the release:- crates.io —
cargo publishin dependency-DAG order, gated onCARGO_REGISTRY_TOKEN. - PyPI —
python -m build+twine uploadforsdks/python, gated onPYPI_API_TOKEN. - npm —
npm publishforsdks/typescript, gated onNPM_TOKEN.
- crates.io —
-
Publishability is CI-verified, honestly. A
packagejob on every PR runscargo package(validates the crate metadata and that each crate builds as a package),twine checkon the built Python distribution, andnpm publish --dry-run/npm packfor the TS SDK. This keeps the packages publishable without contacting a registry. A full registrycargo publish --dry-runof a dependent crate cannot pass until its dependencies are on crates.io (the registry chicken-and-egg), so the real first publish is the owner running the DAG-ordered job once — the CI guard catches every metadata regression before then. -
Helm chart + manifests.
infra/helm/quiverdeploys the server (Deployment + Service + ConfigMap + optional Ingress + a PVC for the data directory + a Secret for the master key), withhelm lintandhelm templaterun in CI. Raw manifests underinfra/k8s/give a Helm-free path. A self-hosting docs page documents both.
- + A clear path to published
cargo install quiverdb,pip install quiver-client,npm i quiver-client, andhelm install quiver— the remaining v1.0.0 distribution gaps are wired and guarded. - + CI fails the moment a crate loses publish metadata or the chart stops linting, so the pipeline cannot silently rot.
- − The first live publish is a manual, owner-token, DAG-ordered step; the CI dry-runs verify metadata, not a real upload (stated plainly above).
- − The published crate names diverge from the internal names
(
quiverdb-*vsquiver-*) becausequiver-core/quiver-cliare taken; each crate keeps[lib] name = "quiver_*"and the binary staysquiver, so Rust source and end users are unaffected. The crates.io publish is gated on that namespace-rename follow-up PR; PyPI/npm are unblocked now.
CHANGELOG.md(Keep a Changelog, backfilled).[package.metadata]completion acrosscrates/*/Cargo.toml.release.ymlpublish jobs (crates.io / PyPI / npm), secret-gated.- A
packageverification job inci.yml. infra/helm/quiver/**andinfra/k8s/**, withhelm lint/templatein CI.apps/docs/src/self-hosting/kubernetes.md(or equivalent) for the cluster path.
cargo packagesucceeds for every crate;twine checkandnpm packpass.helm lint infra/helm/quiverandhelm templaterender without error.- The publish jobs are present and secret-gated (no live publish asserted).