Skip to content

Release DocPull 6.3.0: product surface and performance#111

Merged
admin-raintree merged 5 commits into
mainfrom
codex/product-surface-production
Jul 16, 2026
Merged

Release DocPull 6.3.0: product surface and performance#111
admin-raintree merged 5 commits into
mainfrom
codex/product-surface-production

Conversation

@zacharyr0th

@zacharyr0th zacharyr0th commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Summary

  • reconcile the complete authorized local product surface and integration layer onto 6.2.0
  • add the generic relationship-pack workflow with five evidence-backed relationship predicates and one explicit coverage result per input
  • put fetch, crawl, dataset-pack, and all knowledge packs on WorkflowRequest/WorkflowResult with run-scoped manifests and typed retryable failures
  • support remote HTTPS JSON/CSV dataset snapshots and per-entity source authority without inferring negative ownership claims
  • remove runtime, import, HTTP, frontier, pack-analysis, CI, release-gate, and stale-output debt
  • add and validate the Next.js product site, launch assets, locked uv/Mise/Bun toolchains, and 6.3 migration/release notes
  • preserve CLI, Python SDK, MCP, pack, schema, tracker, rights, provenance, basis, and company_brain compatibility

Validation

  • bun run validate:full
  • 1,042 Python tests passed; 17 explicit live/optional skips
  • 15 MCP tests passed
  • all 64-input relationship coverage fixtures emit exactly one accepted result
  • Ruff, mypy, ESLint, MCP/web type checks, and Next.js production build passed
  • gitleaks full-history scan: no leaks
  • reproducible 6.3.0 wheel SHA-256: 618a8483485d1dc9dde9318fef715039c9af9c32c466ac30293c8e6dc068a884
  • reproducible 6.3.0 sdist SHA-256: b15db7ad6c375c1dbd24f6c18b50ed1d69c96c9e12f51bf0806ad4c32749b0c7

@socket-security

socket-security Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​next@​16.2.1064100919970
Addednpm/​eslint-config-next@​16.2.10991006798100
Addednpm/​@​types/​react-dom@​19.2.31001007585100
Addednpm/​@​types/​react@​19.2.171001007992100
Addednpm/​react@​19.2.71001008497100
Addednpm/​react-dom@​19.2.71001009298100
Addednpm/​eslint@​9.39.59710010097100

View full report

@socket-security

socket-security Bot commented Jul 16, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm damerau-levenshtein is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/eslint-config-next@16.2.10npm/damerau-levenshtein@1.0.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/damerau-levenshtein@1.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/eslint-config-next@16.2.10npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/eslint-config-next@16.2.10npm/eslint-plugin-react@7.37.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@admin-raintree admin-raintree left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Validated the full 6.3 workflow, contract, compatibility, security, reproducibility, and production build surface.

@zacharyr0th
zacharyr0th enabled auto-merge (squash) July 16, 2026 19:40
@zacharyr0th
zacharyr0th disabled auto-merge July 16, 2026 19:41
@admin-raintree
admin-raintree merged commit b1b67ff into main Jul 16, 2026
20 checks passed
@admin-raintree
admin-raintree deleted the codex/product-surface-production branch July 16, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants