Skip to content

release: v1.0.1#32

Merged
dmartinochoa merged 2 commits into
mainfrom
release/1.0.1
May 19, 2026
Merged

release: v1.0.1#32
dmartinochoa merged 2 commits into
mainfrom
release/1.0.1

Conversation

@dmartinochoa
Copy link
Copy Markdown
Member

@dmartinochoa dmartinochoa commented May 19, 2026
edited
Loading

Summary

Stability batch on top of v1.0.0 — three rounds of edge-case hardening (251 tests, was 194 at v1.0.0) plus the supply-chain hardening from #27 (CycloneDX SBOM + signed SLSA provenance attached to each release, publish-side npm audit gate). Folds the accumulated [Unreleased] entries into ## [1.0.1] so the publish.yml awk extractor lifts the right block into the GitHub release notes.

What ships

Editor / extension

  • python -m pip install switch so the Windows ExecutionPolicy + official-installer-without-pip combo stops blocking first-run install
  • Welcome panel no longer lies after an LSP crash — subscribes to client.onDidChangeState
  • Scan Workspace against a dead LSP surfaces a real error instead of false-success
  • Activation no longer hangs on a misconfigured serverArgsclient.start() raced against a 30s timeout
  • disabledProviders silences lowercase dockerfile / jenkinsfile — case-insensitive glob match
  • Medium batch (round 2): scan-workspace in-flight guard, install-terminal reuse, scan-on-save disabled-provider short-circuit, semver-aware rc → ga "What's new" toast
  • Low batch (round 3): status-bar latch releases on workspace-folder removal
  • Polish: extension.ts header comment migrated to python -m pip install to match every other surface

Supply chain (from #27)

  • CycloneDX SBOM attached to each GitHub release
  • Signed SLSA build provenance via OIDC + Sigstore keyless — verifiable with gh attestation verify <vsix> --owner greylag-ci
  • npm audit --omit=dev --audit-level=high gate on the publish workflow

Cut sequence

After this PR merges to main:

git tag v1.0.1 && git push --tags

Publish workflow waits at production env gate; on approval, runs the new SBOM/provenance steps, publishes to VS Code Marketplace + Open VSX, and creates a GitHub release with the .vsix, the SBOM, and notes lifted from the ## [1.0.1] section.

Verification

🤖 Generated with Claude Code

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 19, 2026
edited
Loading

Warning

Rate limit exceeded

@dmartinochoa has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 40 minutes and 9 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9ba7c093-6ff8-4459-9acf-6dd9934afae0

📥 Commits

Reviewing files that changed from the base of the PR and between b88b22f and 25d43e7.

📒 Files selected for processing (3)
  • CHANGELOG.md
  • package.json
  • src/extension.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch release/1.0.1

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@dmartinochoa dmartinochoa mentioned this pull request May 19, 2026
Merged
4 tasks
dmartinochoa and others added 2 commits May 19, 2026 20:51
@dmartinochoa @claude
docs: header comment now matches python -m pip install convention
a994143 
The rest of the tree (README, install.ts, sample-workflow README,
welcome panel) moved to `python -m pip install` for the v1.0.1 batch;
extension.ts's file header still pointed users at the bare `pip install`
form. Trivially confusing for anyone reading the top of the file.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dmartinochoa @claude
release: v1.0.1
25d43e7 
Stability batch on top of v1.0.0 — three rounds of edge-case
hardening covered by 57 new tests (194 → 251). No new features; no
behavior change for users on the golden path.

Folds the accumulated [Unreleased] entries into ## [1.0.1] and drops
the empty Unreleased header so the publish.yml awk extractor lifts
the right block into the GitHub release notes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dmartinochoa dmartinochoa merged commit 9bda4b2 into main May 19, 2026
12 checks passed
@dmartinochoa dmartinochoa deleted the release/1.0.1 branch May 19, 2026 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmartinochoa