Post-release: publint, smoke tests, SBOM, audit in CI

## Context

v0.10.9 planning docs included several CI hardening items that were deferred. Track them here for v0.10.10/v0.10.11.

## v0.10.10 scope

- [ ] Add `publint` to CI (catches broken exports, missing types, bad ESM/CJS boundaries)
- [ ] Add CJS smoke test to `pack-install-smoke.sh` (currently ESM-only)
- [ ] Fix `docs/ARCHITECTURE.md` version (still says 0.9.18)
- [ ] Add terminology section to `docs/specs/PROTOCOL-BEHAVIOR.md`
- [ ] Run performance benchmark (p95 verify/issue) and record baseline
- [ ] Fix kernel tarball `dist/__tests__/` leak (see separate issue)

## v0.10.11 scope

- [ ] Add SBOM generation (CycloneDX) as CI artifact
- [ ] Add `pnpm audit` to CI (non-blocking initially)
- [ ] Document dependency policy in contributing guide
- [ ] Configure required status checks on main branch protection

## Reference

- v0.10.9 release verification record: `reference/releases/v0.10.9.md`
- Issue #326: Make `typecheck:apps` mandatory in CI

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Post-release: publint, smoke tests, SBOM, audit in CI #328

Context

v0.10.10 scope

v0.10.11 scope

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Post-release: publint, smoke tests, SBOM, audit in CI #328

Description

Context

v0.10.10 scope

v0.10.11 scope

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions