release: prepare v0.8.0

[flyingrobots]

Summary

Prepare Graft v0.8.0 as the Review Truth release:

• bump package version to 0.8.0
• move current changelog entries into a dated 0.8.0 section
• add user-facing release notes
• add internal release design and verification witness
• mark the v0.8.0 lane cut line and defer remaining cards
• pin transitive ip-address to 10.2.0 to clear the release security advisory

Validation

• pnpm release:check
• git diff --check
• pnpm security:check reports critical=0 high=0 moderate=0 low=0 info=0

Release Notes

See docs/releases/v0.8.0.md and docs/method/releases/v0.8.0/verification.md.

Summary by CodeRabbit

• Chores
  • Version bumped to 0.8.0.
  • Dependency pins and overrides applied to improve compatibility, stability, and reduce potential breakages during installs.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• NORTHSTAR.md is excluded by !**/*.md

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ac66d455-7086-40d3-aafe-68184ed508f6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR updates package.json: version bumped from 0.7.1 to 0.8.0 and pnpm.overrides now pins hono to 4.12.18 and adds fast-uri@3.1.2 and ip-address@10.2.0.

Changes

Version and Dependency Management

Layer / File(s)	Summary
Version bump package.json	version updated from 0.7.1 to 0.8.0.
pnpm overrides package.json	Pinned hono to 4.12.18 and added fast-uri@3.1.2 and ip-address@10.2.0 under pnpm.overrides.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A tiny hop, a semver leap,
Bumped the number, promises keep.
Pins set tidy, dependencies neat,
Fast-uri, hono, ip-address meet.
The build hums on padded feet.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'release: prepare v0.8.0' directly aligns with the main objective of the pull request, which is to prepare and release version 0.8.0 by bumping the package version and pinning dependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/v0.8.0

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[flyingrobots]

Issue	Severity	Addressed by	Regression coverage	Outcome
PR #49 had no unresolved review threads, but merge state was DIRTY after origin/main merged Dependabot Hono changes touching package.json and pnpm-lock.yaml.	P2	06718d5	RED: git merge origin/main produced conflicts in package.json and pnpm-lock.yaml; VERIFY: pnpm audit --json; pnpm security:check; pnpm lint; pnpm typecheck; focused rerun pnpm test:local --run test/unit/mcp/daemon-worker-pool.test.ts test/integration/mcp/daemon-server.test.ts; final pnpm test	Resolved with a normal merge commit, preserving release branch exact security overrides for hono, fast-uri, and ip-address. Local full isolated suite passed 216 files / 1592 tests. No review threads existed to mark resolved.

[flyingrobots]

Issue	Severity	Addressed by	Regression coverage	Outcome
No unresolved actionable PR feedback remained on PR #49; GitHub reports zero review threads and the PR is already merged.	Docs	N/A; prior merge cleanup was 06718d5	gh pr view 49 --comments; GraphQL reviewThreads(first:100) query; gh pr checks 49	No RED/GREEN cycle was applicable. No threads existed to resolve. Checks are green and the release branch was deleted after merge, so no push was performed to avoid recreating it.