Skip to content

chore: refresh root meta files after protectjs → stack rename#552

Merged
coderdan merged 3 commits into
mainfrom
chore/refresh-meta-files
Jul 4, 2026
Merged

chore: refresh root meta files after protectjs → stack rename#552
coderdan merged 3 commits into
mainfrom
chore/refresh-meta-files

Conversation

@coderdan

@coderdan coderdan commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

The root meta files never caught up with three changes: the repo rename (`cipherstash/protectjs` → `cipherstash/stack`), the removal of `docs/` in favour of cipherstash.com/docs, and the growth of the package set (cli, wizard, migrate, prisma-next, bench).

  • SECURITY.md — the per-package supported-version tables were badly stale (e.g. said stack 0.4.x; actual 0.18.0) and missing four published packages. Replaced with a drift-proof "latest release line" policy plus a package list, fixed the scope section (old repo name, `@cipherstash/protect*`-only namespace), documented the full supply-chain control set (cooldown, exotic-dep blocking, frozen lockfile, CODEOWNERS), fixed a typo.
  • AGENTS.md — fixed repo name, added the five missing packages to the layout, corrected the examples list (`basic, prisma, supabase-worker`), replaced 15+ dead `docs/*` links with docs-site URLs, added `stash-cli` to the skills list, completed the subpath exports list.
  • CONTRIBUTE.md — rewritten; it was still titled "@cipherstash/protect", cloned protectjs, referenced JSEQL, and skipped step 3. Now defers to AGENTS.md for detail and includes the supply-chain rules.
  • package.json (root) — renamed to `@cipherstash/stack-monorepo`, marked `"private": true` (monorepo root should never publish), fixed bugs/repository URLs.
  • .cursorrules — deleted: it documented the pre-rename API (`protect()`, `csTable`/`csColumn`, pnpm 9.x) and duplicated AGENTS.md, which Cursor reads natively.
  • .cursor/commands/create-example-app.md — rebranded to `@cipherstash/stack`, current API names, real `CS_*` env var names instead of invented placeholders.
  • ISSUE_TEMPLATE/docs-feedback.yml — CoC link now points at this repo.

Root README.md deliberately untouched (being addressed in #526). Published package READMEs come in a follow-up PR since they ship to npm.

Validation

  • `pnpm install --frozen-lockfile` still passes with the root package.json changes
  • All facts (versions, exports, examples, skills, workflow claims) verified against the working tree

Summary by CodeRabbit

  • Documentation
    • Updated example-app creation guidance to target CipherStash Stack and its required environment variables.
    • Refreshed contributor setup, workflows, bundling/troubleshooting guidance, and repository layout references.
    • Updated troubleshooting and deployment notes to distinguish native vs WASM bundling approaches.
  • Security
    • Strengthened the security policy, supported-package/version guidance, and CI/CD supply-chain hardening details (including release workflow changes).
  • Chores
    • Updated repository metadata/links and contact email across packages.
    • Updated the docs feedback issue template text.

Closes #554

- SECURITY.md: replace stale per-package version tables with a
  drift-proof support policy + current package list (adds stash CLI,
  migrate, prisma-next, wizard); fix scope (repo name, npm namespace);
  document the full supply-chain control set; fix typo
- AGENTS.md: correct repo name, add missing packages (cli, wizard,
  migrate, prisma-next, bench), fix examples list, replace dead docs/*
  links with cipherstash.com/docs, add stash-cli skill, complete
  subpath export list
- CONTRIBUTE.md: rewrite around @cipherstash/stack and cipherstash/stack
  (was still @cipherstash/protect + protectjs URLs + JSEQL naming)
- package.json: rename root to @cipherstash/stack-monorepo, mark
  private, fix bugs/repository URLs
- Delete .cursorrules (documented the pre-rename API; AGENTS.md is the
  single source for agent guidance now)
- .cursor/commands/create-example-app.md: rebrand to stack, current
  API names and real CS_* env vars
- docs-feedback issue template: point CoC link at cipherstash/stack
@coderdan coderdan requested a review from a team as a code owner July 4, 2026 06:35
@changeset-bot

changeset-bot Bot commented Jul 4, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 10833ca

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates repository documentation, contributor guidance, and package metadata to reference CipherStash Stack instead of Protect.js/protectjs. It also revises example-app prompting, security documentation, issue-template links, and root/package contact and repository fields.

Changes

Documentation and metadata rebrand

Layer / File(s) Summary
Example-app generation prompt updated for CipherStash Stack
.cursor/commands/create-example-app.md
Prompt role, sources, goal, dependency, env var, README, and fill-in variables are rewritten to target @cipherstash/stack.
AGENTS.md repository layout and links updated
AGENTS.md
Repository description, package layout, bundling/troubleshooting guidance, feature checklist, and useful links are updated for the Stack monorepo and docs site.
CONTRIBUTE.md workflow updated for Stack monorepo
CONTRIBUTE.md
Header, repository structure, build/run/test instructions, changeset wording, and supply-chain rules are updated.
SECURITY.md scope and supply-chain hardening updated
SECURITY.md
Supported packages, scope, and CI/CD supply-chain hardening guidance are revised.
Package identity and issue template links updated
package.json, packages/*/package.json, .github/ISSUE_TEMPLATE/docs-feedback.yml
Root and package author/repo metadata are updated, along with the docs-feedback Code of Conduct link.

Estimated code review effort: 2 (Simple) | ~12 minutes

Possibly related PRs

  • cipherstash/stack#382: Related SECURITY.md and AGENTS.md supply-chain guidance references CI hardening and the supply-chain test/skill path.
  • cipherstash/stack#503: Related metadata and publishing changes update repo/package URLs and OIDC-oriented release documentation.

Suggested reviewers: auxesis

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: refreshing root meta files to reflect the protectjs to stack rename.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/refresh-meta-files

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CONTRIBUTE.md`:
- Around line 15-27: The repo-tree fenced block in CONTRIBUTE.md is missing a
language tag, which triggers markdownlint-cli2 MD040. Update the existing fenced
block around the repository layout snippet to use a text/markdown-compatible
fence label while keeping the content unchanged; locate it by the tree diagram
under the main package description.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c9b5243a-a329-45bc-8795-6b664a77d31e

📥 Commits

Reviewing files that changed from the base of the PR and between 7535a18 and d3e5c9f.

📒 Files selected for processing (7)
  • .cursor/commands/create-example-app.md
  • .cursorrules
  • .github/ISSUE_TEMPLATE/docs-feedback.yml
  • AGENTS.md
  • CONTRIBUTE.md
  • SECURITY.md
  • package.json
💤 Files with no reviewable changes (1)
  • .cursorrules

Comment thread CONTRIBUTE.md Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refreshes root-level meta/docs to reflect the repo rename to cipherstash/stack, the move of user docs to cipherstash.com/docs, and the expanded set of published packages in this monorepo.

Changes:

  • Rewrote/updated SECURITY.md, AGENTS.md, and CONTRIBUTE.md to match current repo scope, package layout, and supply-chain controls.
  • Updated root package.json metadata for the renamed monorepo and prevented accidental publication via "private": true.
  • Rebranded Cursor command guidance and fixed the docs feedback issue template’s Code of Conduct link; removed stale .cursorrules.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
SECURITY.md Replaces stale per-version support tables with a package list + “latest release line” policy; updates scope and documents supply-chain controls.
package.json Renames the monorepo package metadata, updates GitHub URLs, and marks the root as private.
CONTRIBUTE.md Updates contribution guidance to the Stack monorepo and links to AGENTS/SECURITY for deeper details.
AGENTS.md Updates repo identity, layout, subpath exports list, and replaces in-repo docs links with docs-site URLs.
.github/ISSUE_TEMPLATE/docs-feedback.yml Updates Code of Conduct link to the renamed repository.
.cursorrules Deletes stale pre-rename Cursor rules.
.cursor/commands/create-example-app.md Rebrands and updates example-app guidance for @cipherstash/stack and current env var names.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SECURITY.md Outdated
Comment thread .cursor/commands/create-example-app.md Outdated
Comment thread AGENTS.md Outdated
Comment thread AGENTS.md Outdated
Comment thread package.json Outdated
- AGENTS.md: bundling guidance was out of date — the WASM entry
  (@cipherstash/stack/wasm-inline) is designed to be bundled and is the
  answer for edge/serverless runtimes; native-FFI externalization only
  applies to the default entry
- SECURITY.md: release.yml uses OIDC trusted publishing with NO
  NPM_TOKEN — previous text claimed the opposite
- create-example-app.md: prefer 'npx stash auth login' profile auth for
  local dev; CS_* env vars are for CI/deployment
- Replace hello@cipherstash.com with humans@cipherstash.com across the
  repo (root + 9 package.json author fields)
- CONTRIBUTE.md: tag repo-tree fence as text (markdownlint MD040)
@coderdan coderdan merged commit 29eb0ee into main Jul 4, 2026
9 checks passed
@coderdan coderdan deleted the chore/refresh-meta-files branch July 4, 2026 08:52
@coderdan

coderdan commented Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

Docs/meta only. Low risk change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Refresh root meta files after the protectjs → stack rename

2 participants