fix(workspace): restore bun/turbo contract and remove ink dep

.agents/skills/quality-remediation/SKILL.md

@@ -0,0 +1,54 @@
+---
+name: quality-remediation
+description: >
+  Use when workspace reliability defects appear as missing root packageManager
+  metadata, dead dependency peer warnings, fake lint coverage, or CI commands
+  that bypass the root workspace contract.
+---
+
+# Quality Remediation
+
+Fix reliability defects at the contract boundary instead of suppressing symptoms.
+
+## When to use this skill
+
+- Root workspace commands fail because package-manager metadata is missing.
+- Install logs show peer warnings for libraries with no active imports.
+- A package exposes a `lint` target but the workspace contract does not execute
+  a real static check.
+- CI runs package-local commands that hide a broken root workspace path.
+- Warning, lint, or security findings need removal by root cause.
+
+## Workflow
+
+1. Reproduce the failure or warning from the repo root.
+2. Trace the contract boundary causing it: root manifest, package manifest,
+   compiler config, or workflow.
+3. Confirm active imports before removing any dependency chain.
+4. Remove dead config with the dead dependency, such as JSX settings after
+   `.tsx` sources disappear.
+5. Make package lint commands execute a real static check.
+6. Update CI to use the root workspace contract and derive tool versions from
+   canonical metadata.
+7. Re-run install, lint, test, and build, then keep smoke paths that prove
+   packaged artifacts still work.
+
+## Quick checks
+
+- `bun run build` fails with missing `packageManager` -> add root
+  `packageManager` using the installed Bun version.
+- `bun install` warns about Ink or React peers without imports -> remove the
+  unused dependency chain and refresh the lockfile.
+- `bun run lint` is hollow -> add a package `lint` script that typechecks or
+  lints real sources.
+- Workflow runs `cd packages/... && bun run build` while root build is broken
+  -> switch CI back to root `bun run` commands and keep smoke steps after
+  build.
+
+## Common mistakes
+
+- Pinning CI to `latest` instead of the root `packageManager` contract.
+- Keeping dead dependencies because they were once planned for future
+  features.
+- Leaving stale TS JSX config after the last `.tsx` file is gone.
+- Treating warnings as acceptable background noise.

.github/workflows/test.yml

@@ -25,19 +25,22 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    
+
     - uses: oven-sh/setup-bun@v2
       with:
-        bun-version: latest
-
+        bun-version-file: package.json
+         
     - name: Install dependencies
       run: bun install
+
+    - name: Run lint
+      run: bun run lint
 
-    - name: Run tests
-      run: bun test
+    - name: Run workspace tests
+      run: bun run test
 
-    - name: Build CLI
-      run: cd packages/cli && bun run build
+    - name: Run workspace build
+      run: bun run build
 
     - name: Node.js Smoke Test
       run: node packages/cli/dist/index.js lint examples/atmospheric-glass/DESIGN.md
@@ -51,4 +54,3 @@ jobs:
         echo -e '---\ncolors:\n  primary: "#0000ff"\n---' > DESIGN.md
         npx design.md lint DESIGN.md
         node -e "import('@google/design.md/linter').then(m => console.log('OK:', Object.keys(m).length, 'exports'))"
-

README.md

@@ -293,4 +293,4 @@ The DESIGN.md format is at version `alpha`. The spec, token schema, and CLI are
 ## Disclaimer
 
 This project is not eligible for the [Google Open Source Software Vulnerability
-Rewards Program](https://bughunters.google.com/open-source-security).
+Rewards Program](https://bughunters.google.com/open-source-security).

docs/plans/2026-04-23-workspace-reliability-design.md

@@ -0,0 +1,175 @@
+# Workspace Reliability and Interoperability Program Design
+
+## Goal
+
+Restore a trustworthy repository baseline for `design.md` so the active export
+and interoperability roadmap can run without hidden build breakage, stale
+dependency warnings, or CI-only workarounds.
+
+## Context
+
+This design captures the baseline `origin/main` failure state observed at the
+start of this run and the first delivery slice needed to unblock the broader
+interoperability roadmap.
+
+- At the start of this run, `bun run build` at the repo root failed because
+  Turbo could not resolve workspaces without a root `packageManager` field.
+- At the start of this run, `bun run test` failed through the same missing root
+  contract.
+- At the start of this run, `bun install` emitted
+  `warn: incorrect peer dependency "ink@7.0.1"` because the CLI package still
+  declared an Ink / React dependency chain that was not imported by the current
+  source tree.
+- At the start of this run, `.github/workflows/test.yml` validated `bun test`
+  and `cd packages/cli && bun run build`, which masked the broken root build
+  contract instead of enforcing it.
+- GitHub already has a canonical roadmap issue (#29) and a concrete blocker
+  issue (#30), but milestone and formal sub-issue metadata may still require
+  refresh or fallback documentation.
+
+## Constraints
+
+- Work from a fresh worktree created from the current default branch reference.
+- Keep repo-facing artifacts in English.
+- Do not wait for human review by default.
+- Do not proactively summon a robot reviewer when the repository does not
+  appear to use one.
+- Treat warnings, deprecations, lint findings, and security findings as
+  remediation targets rather than suppressing them.
+- Consider Kubernetes and deployment surfaces explicitly, even if the result is
+  that none are present in the current repository.
+- Keep the first slice small enough to merge autonomously from `origin/main`.
+
+## Candidate Approaches
+
+### Approach A — Baseline-first cleanup, then continue the roadmap (recommended)
+
+1. Refresh the issue program around the existing roadmap and blocker issues.
+2. Fix the root build/test contract, remove the stale dependency warning, and
+   align CI with the repo-level contract.
+3. Merge that blocker slice.
+4. Re-scan the roadmap and continue with the next executable issue.
+
+#### Approach A pros
+
+- Smallest mergeable diff with direct operational value.
+- Removes warning noise before feature work.
+- Creates a reliable baseline for #15, #19, #27, and #28.
+
+#### Approach A cons
+
+- Delays direct feature delivery by one PR.
+
+### Approach B — Combine baseline cleanup with Tailwind v4 export work
+
+Implement the workspace cleanup and one export feature in the same branch.
+
+#### Approach B pros
+
+- Fewer PRs overall.
+- Immediate user-facing feature delivery.
+
+#### Approach B cons
+
+- Larger diff, harder review, mixed responsibility.
+- Harder to separate blocker remediation from feature regressions.
+
+### Approach C — Issue-program refresh only
+
+Refresh GitHub issues and milestone metadata without changing code.
+
+#### Approach C pros
+
+- Fastest GitHub housekeeping path.
+
+#### Approach C cons
+
+- Leaves the broken repo baseline and warning unresolved.
+- Does not satisfy the requirement to fix warnings by root cause.
+
+## Recommendation
+
+Use **Approach A**.
+
+The strongest current-code concern is the broken root workspace contract. The
+roadmap already has an explicit blocker issue (#30), and every downstream
+interoperability change depends on being able to trust the repository baseline.
+
+## Proposed Issue Program Topology
+
+- **Milestone intent:** `Interop & Workspace Reliability`
+- **Canonical meta issue:** #29 `Token interoperability roadmap`
+- **Concrete blocker issue:** #30 `Restore root Bun/Turbo build contract and
+  remove stale Ink peer mismatch`
+- **Related execution issues:**
+  - #15 CSS custom properties export
+  - #19 Tailwind v4 export support
+  - #28 DTCG `tokens.json` -> `DESIGN.md`
+- **Cross-cutting issue:**
+  - #27 OKLCH color support
+
+Relationship intent:
+
+- #30 remains the first executable blocker under #29.
+- #15, #19, and #28 remain direct roadmap children or explicitly linked
+  follow-up issues.
+- #27 remains a cross-cutting spec/fidelity dependency rather than a hard
+  blocker for the baseline cleanup.
+- If milestone or formal sub-issue wiring is unavailable from the current
+  account, the fallback is to record the same hierarchy in issue bodies and
+  comments.
+
+## Implementation Shape
+
+### Code changes
+
+- Add `packageManager` to the root `package.json` using the currently installed
+  Bun version.
+- Remove unused CLI dependencies that trigger the Ink peer mismatch if the
+  source tree has no imports of them.
+- Remove stale TS React / JSX compiler settings if no JSX sources remain.
+- Add a package-level lint script so `bun run lint` becomes a meaningful static
+  check instead of a no-op workspace placeholder.
+- Update CI so the workflow:
+  - reads Bun from the root `packageManager` contract,
+  - runs root workspace `test` and `build`, and
+  - preserves package smoke coverage.
+
+### Documentation changes
+
+- Record the investigation and execution plan under `docs/plans/`.
+- Add a repo-local remediation skill for warning, lint, and security-class
+  defects observed during this run.
+
+### GitHub changes
+
+- Re-check milestone creation and issue-linking capabilities.
+- Refresh #29 and #30 if the latest evidence or hierarchy wording changed.
+- Create comments or issue-body relationship sections when first-class metadata
+  edges are unavailable.
+
+## Verification Strategy
+
+- `bun install` should complete without the Ink peer warning.
+- `bun run lint` should execute a real package-level static check and pass.
+- `bun run test` should pass from the repo root.
+- `bun run build` should pass from the repo root.
+- Built CLI smoke and tarball smoke should continue to pass.
+- PR checks should validate the same root contract used locally.
+
+## Deployment / Runtime / Kubernetes Notes
+
+- No Kubernetes manifests, Helm charts, Dockerfiles, or runtime deployment
+  manifests are present in the current repository tree.
+- Kubernetes is therefore considered explicitly and found to be out of direct
+  runtime scope for this slice.
+- The relevant deployment surface here is CI, package build, tarball smoke, and
+  default-branch health after merge.
+
+## Decisions
+
+- Fix the workspace baseline before continuing feature delivery.
+- Treat the peer warning as a dead-dependency / config drift problem unless code
+  inspection proves active runtime use.
+- Keep the first PR scoped to repository reliability plus issue-program
+  maintenance.