Updated: 2026-07-07, Asia/Manila
This note records only the current privacy-safe V1 release-candidate verification state. Historical details live in qa-history.md, repeatable commands live in release-candidate-runbook.md, and public-facing release changes live in release-notes.md.
dev668e8bf on dev bundled ripgrep via the @vscode/ripgrep devDependency so the privacy scan runs without a system install, and scoped the deleted-skill trash to its originating workspace (an opaque per-workspace fingerprint) so a deletion in one workspace can no longer be restored into another. These followed the earlier export zip unknown-skill 404 fix and the sidebar index-status revalidation fix.npm run verify:release passed on 2026-07-07 at commit 668e8bf with a clean working tree before the evidence-note refresh, using the bundled ripgrep binary with no system ripgrep on PATH. The gate covered 170 test files, lint, production build, production smoke, dependency audit, local browser/API smoke, safe button smoke, manual QA helper auto smoke, cleanup dry-runs, asset/docs/dead-code/unused-export audits, diff whitespace, untracked release-text hygiene, and privacy scan.@vscode/ripgrep (installed with npm install) and falls back to a PATH-resolved rg only when the bundle is unavailable.v1.0.0 draft release was created from main.npm run verify:release
npm run cleanup:artifacts
npm run release:evidence -- --gate-result passed
npm run cleanup:project:dry-run
npm run cleanup:artifacts:dry-run
Latest local cleanup dry-runs found no repo-owned stale processes and no local build or smoke artifacts after final cleanup.
These remain manual or account-backed by design:
Use the release-candidate runbook manual QA section for the device/account checks.