# Yaba 2.0.2 Release Plan

## Target

- Package: `yaba-release-cli`
- Version: `2.0.2`
- Release type: patch
- Date prepared: `2026-03-07`

## Scope

`2.0.2` is a patch release focused on reliability, diagnostics, and release pipeline safety.

## Included Changes

- Test and CI baseline:
  - added `node:test` suite and switched `npm test` to executable tests
  - introduced CI workflow for `push`/`pull_request`
  - gated release workflow with package validation (`npm ci` + `npm test`)
- Release/publish workflow hardening:
  - strict `tag` ↔ `package.json` version checks
  - consistent pre-publish validation in npm and GitHub Packages workflows
  - safer GitHub Packages manifest preparation and duplicate-version skip behavior
- Doctor diagnostics improvements:
  - token-type detection (GitHub Actions token, fine-grained PAT, classic PAT)
  - OAuth scope summary in diagnostics output
  - repository-level access check with actionable remediation guidance
- Security hardening:
  - protected config deep merge from prototype-polluting keys (`__proto__`, `constructor`, `prototype`)

## Compatibility

- No breaking CLI contract changes in `2.0.2`
- Existing command usage remains valid
- Automation gets stricter preflight checks and clearer failure reasons

## Release Checklist

1. Validate locally:
   - `npm ci`
   - `npm test`
   - `node --check bin/index.js`
   - `node --check bin/utils/flow.js`
2. Confirm version metadata:
   - `package.json` is `2.0.2`
   - `package-lock.json` is `2.0.2`
3. Merge and tag:
   - merge release PR
   - tag `v2.0.2`
4. Publish:
   - trigger `Release with Yaba` workflow with:
     - `release-descriptor`: `Release v2.0.2`
     - `tag-name`: `v2.0.2`
5. Post-release checks:
   - `npm view yaba-release-cli version` shows `2.0.2`
   - install smoke test:
     - `npm i -g yaba-release-cli@2.0.2`
     - `yaba --version`
     - `yaba doctor --format json`
