chore(repo): normalize fork to mirror-only upstream

[Jesssullivan]

Summary

• fast-forward the fork toward canonical upstream package/module/build metadata
• keep the fork validation-only by preserving a local publish blocker and release-validation workflow
• remove mutable install behavior from fork CI and validate Bazel package metadata in the mirror lane

Why

The fork should remain a mirror/integration surface, not a second release authority for .

Refs Jesssullivan#57

[greptile-apps]

Greptile Summary

This PR fast-forwards the tinyland-inc fork to mirror-only status: the publish workflow is renamed/retooled to validate only (no actual publish step), a prepublishOnly blocker guards against accidental npm publishes, and version metadata is aligned at 0.7.1 across package.json, MODULE.bazel, and BUILD.bazel, enforced by a new check-release-metadata.mjs script. Source files and test coverage are synced from upstream.

Confidence Score: 5/5

Safe to merge — no functional regressions; all remaining findings are non-blocking P2 suggestions.

Version metadata is aligned across all three files (package.json, MODULE.bazel, BUILD.bazel at 0.7.1), the publish blocker is in place, and the validation-only workflow correctly omits any actual publish step. The two P2 findings (unpinned bazelisk, silent undefined on missing packageManager) are hardening improvements that don't affect current correctness.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	CI normalizes to upstream structure: per-runner pnpm cache keys, frozen lockfile install, and release-metadata validation step added. TypeScript check and lint remain continue-on-error: true.
.github/workflows/publish.yml	Renamed to "Release Validation (Fork Mirror)" with no actual publish steps; validates Bazel artifact via npx --yes @bazel/bazelisk without a version pin, introducing minor non-determinism.
scripts/check-release-metadata.mjs	New script cross-checks version/name across package.json, MODULE.bazel, and BUILD.bazel; the pnpm version extraction via optional chaining can silently produce undefined if packageManager is absent.
package.json	Version aligned to 0.7.1, prepublishOnly blocker added, repository URL points to upstream canonical repo; exports map looks correct.
MODULE.bazel	Version and pnpm_version aligned to match package.json (0.7.1 / 9.15.9). Bzlmod configuration looks correct.
BUILD.bazel	npm_package version and package name aligned (0.7.1 / @tummycrypt/scheduling-kit). Subpackage targets and test targets look well-structured.
src/tests/components/client-form.test.ts	Pure-logic tests reimplementing ClientForm validation; thorough coverage of field validation, phone formatting, intake fields, and ClientInfo construction.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([push / PR / release]) --> B{Workflow}

    B -->|push or PR| C[CI — test job]
    B -->|release:published| G[Release Validation — Fork Mirror]

    C --> C1[Clean workspace]
    C1 --> C2[check-release-metadata.mjs]
    C2 --> C3[pnpm install frozen]
    C3 --> C4[TypeScript check\ncontinue-on-error]
    C4 --> C5[Lint\ncontinue-on-error]
    C5 --> C6[Unit + Integration tests]
    C6 --> C7[pnpm build]
    C7 --> D[CI — build job\nneeds: test]
    D --> D1[check-release-metadata.mjs]
    D1 --> D2[pnpm build]
    D2 --> D3[publint]

    G --> G1[check-release-metadata.mjs]
    G1 --> G2[pnpm install frozen]
    G2 --> G3[bazelisk build /pkg]
    G3 --> G4[npm pack --dry-run\nbazel-bin/pkg]
    G4 --> G5[pnpm test:unit]
    G5 --> G6[pnpm build]
    G6 --> G7[publint]
    G7 --> G8([Validation complete\nno publish])

    style G8 fill:#d4edda,stroke:#28a745
    style G fill:#fff3cd,stroke:#ffc107

Loading

_{Reviews (1): Last reviewed commit: "chore(repo): normalize fork to mirror-on..." | Re-trigger Greptile}

[greptile-apps]

Unpinned bazelisk version

npx --yes @bazel/bazelisk always resolves to the latest published version of bazelisk. While Bazel itself is pinned (via .bazelversion or MODULE.bazel), a breaking bazelisk release could silently change how Bazel is downloaded or invoked. Pinning the version makes the step reproducible.

Suggested change

	run: npx --yes @bazel/bazelisk build //:pkg
	- name: Validate Bazel package artifact
	run: npx --yes @bazel/bazelisk@1 build //:pkg

Or install it as a dev dependency so the lockfile pins it exactly.

[greptile-apps]

Silent undefined when packageManager is absent

If packageManager is missing from package.json, expectedPnpmVersion becomes undefined. The pnpm version check then always fails with a confusing message like expected "undefined", found "9.15.9" rather than calling out the missing field. Consider an explicit guard:

Suggested change

	const expectedPnpmVersion = packageJson.packageManager?.replace(/^pnpm@/, '');
	const expectedPnpmVersion = packageJson.packageManager?.replace(/^pnpm@/, '');
	if (!expectedPnpmVersion) {
	throw new Error('packageManager field is missing or not a pnpm version in package.json');
	}