release: promote 0.1.5 to main

[oscharko]

Summary

Promotes the checked dev release fix for Keiko 0.1.5 to main.

Refs: n/a - release integration.

Scope

• In scope: merge dev into main for release 0.1.5.
• Out of scope: additional code changes beyond the already reviewed dev commit.

Product Impact

• UI or user workflow
• CLI or developer workflow
• Core generation engine
• Evidence, audit, or compliance artifact
• Security or supply chain
• Packaging, release, or npm publication
• Documentation or repository hygiene
• No user-facing behavior change

Verification

Required:

• Required GitHub checks pass before merge.
• Local verification commands or rationale are listed below.

Local verification:

PR #137 checks passed on dev before merge.
Local gates passed: format:check, typecheck, lint, full root tests, UI tests, npm audits, prepack, npm tarball update simulation.

Select only what applies:

• UI behavior manually verified or covered by tests.
• CLI behavior verified with command output or tests.
• Core logic covered by unit, integration, property, or fixture tests.
• Security-sensitive change reviewed for trust boundaries, secrets, external calls, and generated artifacts.
• Supply-chain or package-surface change verified with package, license, lockfile, SBOM, or npm dry-run checks.
• Documentation or Markdown change verified by the repository link check or a targeted local equivalent.
• Release-impacting change verified with prepack and npm tarball update simulation.

Not applicable rationale:

• Documentation links are not changed.

Review And Closure

• The PR implements only the linked issue scope.
• Actionable review findings are fixed or explicitly dispositioned.
• Unresolved review threads are resolved before merge.
• Checks are repeated after the latest pushed fix.
• Issue acceptance criteria and closure evidence are updated only where evidence exists.
• Use Resolves #<issue_number> only when this PR should close the issue.

Risk Notes

Release integration only. Branch dev is the reviewed source of truth for this promotion.

[Copilot]

Pull request overview

Promotes the previously reviewed dev changes for Keiko 0.1.5 into main, including the UI stale-process restart behavior and strengthened package-surface validation around CSP hashes.

Changes:

• Bump root + UI package versions (and related test fixtures) from 0.1.4 to 0.1.5.
• Update keiko start lifecycle behavior to probe /api/health and restart a stale running UI when the reported version differs (or health is unusable).
• Extend the package-surface gate to verify dist/ui/csp-hashes.json matches inline scripts present in dist/ui/static/**/*.html.

Reviewed changes

Copilot reviewed 18 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
ui/package.json	UI package version bump to 0.1.5.
ui/package-lock.json	UI lockfile version bump to 0.1.5.
package.json	Root package version bump to 0.1.5.
package-lock.json	Root lockfile version bump to 0.1.5.
src/sdk/index.ts	Single-sourced SDK version constant bumped to 0.1.5.
src/harness/session.ts	Harness version constant bumped to 0.1.5.
src/cli/lifecycle.ts	Adds health probing + stale-process restart logic keyed off SDK_VERSION.
scripts/check-package-surface.mjs	Adds CSP hash vs static HTML inline-script consistency check.
tests/cli/lifecycle.test.ts	Adds coverage for “keep running when versions match” and “restart when stale”.
tests/ui/read-handlers.test.ts	Updates evidence fixtures’ harnessVersion to 0.1.5.
tests/harness/sinks.test.ts	Updates manifest fixture harnessVersion to 0.1.5.
tests/harness/fingerprint.test.ts	Updates fingerprint fixture harnessVersion to 0.1.5.
tests/cli/verify.test.ts	Updates test package version fixture to 0.1.5.
tests/cli/evidence.test.ts	Updates evidence manifest fixture harnessVersion to 0.1.5.
tests/audit/retention.test.ts	Updates audit manifest fixture harnessVersion to 0.1.5.
tests/audit/report.test.ts	Updates audit manifest fixture harnessVersion to 0.1.5.
tests/audit/persist.test.ts	Updates audit build input fixture harnessVersion to 0.1.5.
tests/audit/integration.test.ts	Updates audit integration fixture harnessVersion to 0.1.5.
tests/audit/index-api.test.ts	Updates audit API fixture harnessVersion to 0.1.5.
tests/audit/build.test.ts	Updates audit build fixtures’ harnessVersion to 0.1.5.

Files not reviewed (1)

• ui/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.