Close patch 0.1.1 npm publication

.github/scripts/test_npm_publication_closeout.py

@@ -27,16 +27,16 @@
 
 
 ROOT = Path(__file__).resolve().parents[2]
-RECORD = ROOT / "docs/validation/npm-publication-closeout-validation-2026-06-23.md"
+RECORD = ROOT / "docs/validation/patch-0-1-1-npm-publication-closeout-validation-2026-06-24.md"
 VALIDATION_README = ROOT / "docs/validation/README.md"
 
-SOURCE_SHORT = "bbaa34d"
-SOURCE_COMMIT = "bbaa34dbf4d6dfaa2e8d637f22b5b494cd81d721"
-SOURCE_TREE = "ab3e1cf061ba5a9605e415177b299e5b06187d30"
+SOURCE_SHORT = "65360a9"
+SOURCE_COMMIT = "65360a9012104227ba939f6d30f2ec7b82b2ac4d"
+SOURCE_TREE = "85465e6eb1918155088e4d4cb4f5608f5ea65589"
 PACKAGE = "@docushell/ethos-pdf"
-VERSION = "0.1.0"
-SHASUM = "17a053c5ccb802bca2a295e1b1d0e6106c6a3ca6"
-INTEGRITY = "sha512-uWTHYd9Hfkm3nkahK2UchCMOVvYWe82z03jffZnX6aYPqYGd6LkuiEoTH5DjrXl+oA817EjlE88fIKBxZbhjMw=="
+VERSION = "0.1.1"
+SHASUM = "a150d08395724aa186d077074782413249a48689"
+INTEGRITY = "sha512-wVF4Ew6836sRncPZkvVieyQuo8FFbbBsIQ/vdupleUQZVX4YHgXb+lFZzZNcVB54Hh7srbbY17El4Z5sV7odhA=="
 
 
 def read(path: Path) -> str:
@@ -73,13 +73,13 @@ def test_record_captures_publish_and_registry_evidence(self) -> None:
         record = normalized(RECORD)
 
         for expected in (
-            "+ @docushell/ethos-pdf@0.1.0",
+            "+ @docushell/ethos-pdf@0.1.1",
             "npm auto-corrected",
             '"bin[ethos]" script name was cleaned',
             SHASUM,
             INTEGRITY,
             "fileCount",
-            "3774465",
+            "3811617",
             "v23.11.1",
             "10.9.2",
             "ETHOS_PDFIUM_LIBRARY_PATH",
@@ -90,14 +90,15 @@ def test_registry_reports_published_candidate(self) -> None:
         self.assertEqual(VERSION, npm_view(f"{PACKAGE}", "version"))
         versions = json.loads(npm_view(f"{PACKAGE}", "versions", "--json"))
         self.assertIn("0.0.0-reserved.0", versions)
+        self.assertIn("0.1.0", versions)
         self.assertIn(VERSION, versions)
         dist = json.loads(npm_view(f"{PACKAGE}", "dist", "--json"))
         self.assertEqual(SHASUM, dist["shasum"])
         self.assertEqual(INTEGRITY, dist["integrity"])
         self.assertEqual(11, dist["fileCount"])
-        self.assertEqual(3774465, dist["unpackedSize"])
+        self.assertEqual(3811617, dist["unpackedSize"])
         self.assertEqual(
-            "https://registry.npmjs.org/@docushell/ethos-pdf/-/ethos-pdf-0.1.0.tgz",
+            "https://registry.npmjs.org/@docushell/ethos-pdf/-/ethos-pdf-0.1.1.tgz",
             dist["tarball"],
         )
 

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+- boundary-exception: close patch `0.1.1` npm publication with exact registry evidence; no hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, or `ethos-rag` boundary change.
 - boundary-exception: approve exact patch `0.1.1` npm publication decision for later operator publish; no npm publish or support-boundary change.
 - boundary-exception: request patch `0.1.1` npm publication approval for exact refreshed package candidate; no npm publish or support-boundary change.
 - boundary-exception: refresh patch `0.1.1` npm vendor payload from published CLI artifacts; no npm publication or support-boundary change.

docs/validation/README.md

@@ -598,6 +598,10 @@ recording the exact current-main source candidate and required follow-up evidenc
   npm candidate, binds the Node.js `v23.11.1` and npm `10.9.2` toolchain-qualified tarball
   metadata plus durable per-file vendor SHA256 values, keeps unrelated blockers explicit, and
   leaves operator publish pending as a separate credentialed action.
+- `patch-0-1-1-npm-publication-closeout-validation-2026-06-24.md` - patch 0.1.1 npm publication
+  closeout validation records successful publication of `@docushell/ethos-pdf@0.1.1`, registry
+  verification for version, latest tag, shasum, integrity, file count, unpacked size, npm's
+  publish-time bin-name auto-correction warning, and retained blockers.
 - `milestone-e-validation-command-index-validation-2026-06-20.md` - internal Milestone E
   validation-command index validation passed through command-alignment checks, schema enum checks,
   row-record checks, public-surface posture checks, `make milestone-e-prep`, and diff hygiene; the

docs/validation/patch-0-1-1-npm-publication-closeout-validation-2026-06-24.md

@@ -0,0 +1,132 @@
+# Patch 0.1.1 npm Publication Closeout Validation - 2026-06-24
+
+- Validated source HEAD before this record: `65360a9`
+
+npm publication closeout source commit: `65360a9012104227ba939f6d30f2ec7b82b2ac4d`
+
+npm publication closeout source tree: `85465e6eb1918155088e4d4cb4f5608f5ea65589`
+
+Status: **patch 0.1.1 npm package evaluation surface published**
+
+This record closes the bounded patch `0.1.1` npm publication lane for `@docushell/ethos-pdf@0.1.1`.
+It records the operator publish action and registry verification for the exact approved npm
+candidate. It does not approve hosted surfaces, production positioning, Windows packaged artifacts,
+bundled project-maintained PDFium builds, `ethos-doc`, `ethos-rag`, public benchmark reports, or
+public benchmark claims.
+
+## Published Package
+
+- Package: `@docushell/ethos-pdf`
+- Version: `0.1.1`
+- Registry: `https://registry.npmjs.org/`
+- Publish command:
+
+```sh
+npm publish --access public
+```
+
+Publish result:
+
+```text
++ @docushell/ethos-pdf@0.1.1
+```
+
+## Publish Warning Captured
+
+npm emitted this warning during publish:
+
+```text
+npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors.
+npm warn publish errors corrected:
+npm warn publish "bin[ethos]" script name was cleaned
+```
+
+The published tarball details still matched the approved package candidate: shasum, integrity, file
+count, package version, and 11-file contents were unchanged by the warning.
+
+## Registry Verification
+
+Package command:
+
+```sh
+npm view @docushell/ethos-pdf --json --registry=https://registry.npmjs.org/
+```
+
+Result excerpt:
+
+```json
+{
+  "dist-tags": {
+    "latest": "0.1.1"
+  },
+  "versions": [
+    "0.0.0-reserved.0",
+    "0.1.0",
+    "0.1.1"
+  ],
+  "time": {
+    "0.1.1": "2026-06-23T18:33:29.003Z"
+  },
+  "version": "0.1.1",
+  "gitHead": "65360a9012104227ba939f6d30f2ec7b82b2ac4d",
+  "_nodeVersion": "23.11.1",
+  "_npmVersion": "10.9.2",
+  "dist": {
+    "integrity": "sha512-wVF4Ew6836sRncPZkvVieyQuo8FFbbBsIQ/vdupleUQZVX4YHgXb+lFZzZNcVB54Hh7srbbY17El4Z5sV7odhA==",
+    "shasum": "a150d08395724aa186d077074782413249a48689",
+    "tarball": "https://registry.npmjs.org/@docushell/ethos-pdf/-/ethos-pdf-0.1.1.tgz",
+    "fileCount": 11,
+    "unpackedSize": 3811617
+  }
+}
+```
+
+Versions command:
+
+```sh
+npm view @docushell/ethos-pdf versions --json --registry=https://registry.npmjs.org/
+```
+
+Result:
+
+```json
+[
+  "0.0.0-reserved.0",
+  "0.1.0",
+  "0.1.1"
+]
+```
+
+## Approved Candidate Binding
+
+- npm shasum: a150d08395724aa186d077074782413249a48689
+- npm integrity:
+  `sha512-wVF4Ew6836sRncPZkvVieyQuo8FFbbBsIQ/vdupleUQZVX4YHgXb+lFZzZNcVB54Hh7srbbY17El4Z5sV7odhA==`
+- file count: `11`
+- unpacked size: `3811617`
+- Node.js pack/publish toolchain approved for this candidate: `v23.11.1`
+- npm pack/publish toolchain approved for this candidate: `10.9.2`
+- durable vendor payload checksums remain:
+  - `vendor/ethos-darwin-arm64`:
+    `a3d0d4be596da25313659a89de8fbff0e13f4b355462381e1bbedd05078c09f2`
+  - `vendor/ethos-linux-x64`:
+    `ee14be020fb79e326686fc77bcf781503f4759d2e3b7bcb6a641b2311608a354`
+  - `vendor/manifest.json`:
+    `7be6e6c02c0086de7c10594a6f0443c8535d5782a4ffc0bc0eed3f8ebb13bda8`
+
+## Retained Blockers
+
+- Hosted surfaces remain blocked.
+- Production positioning remains blocked.
+- Public benchmark reports remain blocked.
+- Public benchmark claims remain blocked.
+- Windows packaged artifacts remain blocked.
+- Bundled project-maintained PDFium builds remain blocked.
+- `ethos-doc` remains blocked.
+- `ethos-rag` remains blocked.
+
+## Result
+
+`@docushell/ethos-pdf@0.1.1` is live on npm as a bounded evaluation package for the approved macOS
+arm64 and Linux x64 CLI binary payload. PDFium remains caller-provided through
+`ETHOS_PDFIUM_LIBRARY_PATH`.