fix(release): check-versions validates the generated TUI changelog slice, not byte equality

The packaged changelog is now a recent-releases slice produced by scripts/sync-changelog.sh (which gains a --check mode); also restore the SECURITY.md contact line the version gate guards, and finish the stale binary-name sweep (--bin codewhale examples, qa harness doc).
2026-06-09 23:32:40 -07:00
parent 626032ad6b
commit 44c13eb63f
5 changed files with 32 additions and 12 deletions
@@ -1104,7 +1104,7 @@ mod tests {
            SafetyLevel::Dangerous
        );
        assert_ne!(
-            analyze_command("cargo run --bin deepseek -- eval").level,
+            analyze_command("cargo run --bin codewhale -- eval").level,
            SafetyLevel::Dangerous
        );
    }
@@ -1128,7 +1128,7 @@ mod tests {
        // contain the substring "eval" but are not eval invocations.
        // Guard against the naive `command.contains("eval")` regression
        // — these should stay safe / workspace-safe, never Dangerous.
-        let evaluate_safe = analyze_command("cargo run --bin deepseek -- eval").level;
+        let evaluate_safe = analyze_command("cargo run --bin codewhale -- eval").level;
        assert_ne!(
            evaluate_safe,
            SafetyLevel::Dangerous,
@@ -48,7 +48,7 @@ feed the mock in CI.
 Quick example:

 ```bash
-cargo run --bin deepseek -- eval --record crates/tui/tests/fixtures
+cargo run --bin codewhale -- eval --record crates/tui/tests/fixtures
 cat crates/tui/tests/fixtures/offline-tool-loop.jsonl | jq .
 ```

@@ -1,6 +1,6 @@
 //! Minimal PTY/frame-capture harness for TUI integration tests.
 //!
-//! Spawns the `deepseek-tui` binary in a real pseudo-terminal, sends scripted
+//! Spawns the `codewhale-tui` binary in a real pseudo-terminal, sends scripted
 //! keystrokes / paste / resize, and parses the ANSI output stream into terminal
 //! frames so tests can assert on visible text and on the filesystem.
 //!
@@ -61,10 +61,10 @@ if [[ -n "${internal_dep_drift}" ]]; then
  fail=1
 fi

-# 4) Packaged TUI changelog copy.
-if ! cmp -s CHANGELOG.md crates/tui/CHANGELOG.md; then
-  echo "::error::crates/tui/CHANGELOG.md must match root CHANGELOG.md for crates.io packaging." >&2
-  echo "Run: cp CHANGELOG.md crates/tui/CHANGELOG.md" >&2
+# 4) Packaged TUI changelog slice (recent releases embedded in the binary).
+if ! ./scripts/sync-changelog.sh --check >/dev/null 2>&1; then
+  echo "::error::crates/tui/CHANGELOG.md is out of date with the root CHANGELOG.md slice." >&2
+  echo "Run: ./scripts/sync-changelog.sh" >&2
  fail=1
 fi

@@ -3,19 +3,39 @@
 # The /change command embeds this file into the binary via include_str!, so
 # it deliberately keeps only the most recent release sections.
 #
-# Usage: scripts/sync-changelog.sh [sections-to-keep]   (default: 15)
+# Usage: scripts/sync-changelog.sh [--check] [sections-to-keep]
+#   --check  verify crates/tui/CHANGELOG.md is up to date without writing
+#            (exit 1 if regeneration would change it)
+#   sections-to-keep defaults to 15
 set -eu
+CHECK=0
+if [ "${1:-}" = "--check" ]; then
+  CHECK=1
+  shift
+fi
 KEEP="${1:-15}"
 root="$(cd "$(dirname "$0")/.." && pwd)"
+tmp="$(mktemp)"
+trap 'rm -f "$tmp"' EXIT
 awk -v keep="$KEEP" '
  /^\[/ && /\]: http/ { exit }
  /^## \[/ { count++ }
  count > keep { exit }
  { print }
-' "$root/CHANGELOG.md" > "$root/crates/tui/CHANGELOG.md"
+' "$root/CHANGELOG.md" > "$tmp"
 printf '%s\n' \
  '---' \
  '' \
  'Older releases: [CHANGELOG.md](https://github.com/Hmbown/CodeWhale/blob/main/CHANGELOG.md) and [docs/CHANGELOG_ARCHIVE.md](https://github.com/Hmbown/CodeWhale/blob/main/docs/CHANGELOG_ARCHIVE.md).' \
-  >> "$root/crates/tui/CHANGELOG.md"
+  >> "$tmp"
+if [ "$CHECK" = 1 ]; then
+  if cmp -s "$tmp" "$root/crates/tui/CHANGELOG.md"; then
+    echo "crates/tui/CHANGELOG.md is up to date"
+  else
+    echo "crates/tui/CHANGELOG.md is out of date; run scripts/sync-changelog.sh" >&2
+    exit 1
+  fi
+else
+  cp "$tmp" "$root/crates/tui/CHANGELOG.md"
  echo "wrote crates/tui/CHANGELOG.md ($(wc -l < "$root/crates/tui/CHANGELOG.md") lines, $KEEP sections kept)"
+fi