chore(pacquet): wire pacquet workflows into monorepo#11635
Conversation
Move Cargo workspace, Rust toolchain configs, justfile, composite actions,
and 7 workflow files out of `pacquet/` and up to the repo root so:
- cargo / just / taplo run from repo root, the way the rest of the
monorepo's tooling does
- GitHub Actions actually discovers the workflows (it only reads
`.github/workflows/` at the repo root)
Workflows are prefixed with `pacquet-` and renamed to "Pacquet ..." so
they don't collide with the existing pnpm CI. Path filters are scoped
to `pacquet/**` so they don't trigger on every commit. The cargo entry
from pacquet's standalone `dependabot.yml` is folded into the root one;
pacquet's `CODEOWNERS` and `pull_request_template.md` are dropped because
the root copies supersede them.
Path rewrites:
- `Cargo.toml` workspace members → `pacquet/crates/*`, `pacquet/tasks/*`
- all path-deps in `[workspace.dependencies]` → `pacquet/...`
- `justfile` recipes (`install`, `install-hooks`) point at `pacquet/...`
- `.taplo.toml` include globs → `pacquet/crates/*/*.toml`, `pacquet/tasks/*/*.toml`
- `pacquet/npm/pacquet/scripts/generate-packages.mjs` REPO_ROOT walks one
more level up
- workflow `paths:` filters, `hashFiles(...)`, and shell paths all updated
Verified: `cargo metadata` resolves the workspace, `cargo fmt --check`
clean, `taplo format --check` picks up all 26 Cargo.tomls, `actionlint`
reports no new issues (the `type:`-on-input warnings on the rustup action
predate this move).
📝 WalkthroughWalkthroughRepository layout and CI were moved under a pacquet/ subtree: workspace members, local crate paths, scripts, git hooks, tooling globs, ignores, and many workflow triggers were updated to use pacquet/ paths; nested pacquet/.github dependabot and PR template were removed and a root Dependabot cargo entry added. ChangesWorkspace, tooling, packaging, and repo layout
CI, workflows, and Dependabot
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
The monorepo's root `package.json` declares `pnpm@11.1.1` under `packageManager`, which conflicts with the workflows' explicit `version: 11.0.0-rc.5` and trips `pnpm/action-setup` ERR_PNPM_BAD_PM_VERSION. The pin was a pacquet-era workaround for the v9 lockfile while pnpm 11 was still pre-release. Stable 11.x writes v9 too, so let action-setup read the version from `packageManager` like every other workflow in this repo does.
Replaces `pnpm/action-setup@v6` with the same `pnpm/setup@b1cac3...` SHA the rest of pnpm/pnpm uses (release.yml, test.yml, ci.yml, benchmark.yml, audit.yml). Reads pnpm version from `packageManager` in root package.json, and skips the implicit `pnpm install` since pacquet does its own scoped install via `just install` (which only touches `pacquet/tasks/registry-mock/`). The release workflow now also installs Node via the same action (`runtime: node@22`) instead of via `pnpm runtime -g set node 22`, since pnpm/setup handles runtimes in one step.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/dependabot.yml (1)
16-21: ⚡ Quick winAdd cooldown for cargo updates to match the GitHub Actions updater and reduce PR volume.
The cargo updater (lines 16–21) runs weekly without cooldown, while the GitHub Actions updater (lines 6–15) includes
cooldown.default-days: 7. Adding the same cooldown to cargo ensures consistent throttling of version updates across both package managers.Suggested patch
- package-ecosystem: cargo directory: / schedule: interval: weekly + cooldown: + default-days: 7 commit-message: prefix: "chore(cargo)"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/dependabot.yml around lines 16 - 21, The cargo updater block currently lacks a cooldown and should include the same cooldown used by the GitHub Actions updater; update the cargo package-ecosystem section in .github/dependabot.yml (the block with "package-ecosystem: cargo", "directory: /", "schedule: weekly") to add a cooldown setting, e.g. add "updates:" → " - package-ecosystem: cargo" style equivalent or directly add "cooldown:" with " default-days: 7" under the cargo configuration so cargo Dependabot respects a 7-day cooldown like the actions updater.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/pacquet-ci.yml:
- Around line 1-3: Add an explicit top-level permissions block for the
GITHUB_TOKEN by adding a permissions: section with contents: read so the
workflow uses least-privilege tokens instead of repo defaults; update the
workflow named "Pacquet CI" (affects jobs like test, doc, typos, deny, format,
dylint) to include this permissions block at the top of the YAML file right
under the workflow name/trigger definition.
---
Nitpick comments:
In @.github/dependabot.yml:
- Around line 16-21: The cargo updater block currently lacks a cooldown and
should include the same cooldown used by the GitHub Actions updater; update the
cargo package-ecosystem section in .github/dependabot.yml (the block with
"package-ecosystem: cargo", "directory: /", "schedule: weekly") to add a
cooldown setting, e.g. add "updates:" → " - package-ecosystem: cargo" style
equivalent or directly add "cooldown:" with " default-days: 7" under the cargo
configuration so cargo Dependabot respects a 7-day cooldown like the actions
updater.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: e9b44ddf-36d1-4338-ba85-f6d04f0309a3
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (24)
.cargo/config.toml.github/actions/binstall/action.yml.github/actions/rustup/action.yml.github/dependabot.yml.github/workflows/pacquet-cargo-unused.yml.github/workflows/pacquet-ci.yml.github/workflows/pacquet-codecov.yml.github/workflows/pacquet-integrated-benchmark-comment.yml.github/workflows/pacquet-integrated-benchmark.yml.github/workflows/pacquet-micro-benchmark.yml.github/workflows/pacquet-release-to-npm.yml.gitignore.taplo.toml.typos.tomlCargo.tomldeny.tomldylint.tomljustfilepacquet/.github/CODEOWNERSpacquet/.github/dependabot.ymlpacquet/.github/pull_request_template.mdpacquet/npm/pacquet/scripts/generate-packages.mjsrust-toolchain.tomlrustfmt.toml
💤 Files with no reviewable changes (3)
- pacquet/.github/pull_request_template.md
- pacquet/.github/CODEOWNERS
- pacquet/.github/dependabot.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: copilot-pull-request-reviewer
- GitHub Check: Dylint
- GitHub Check: Analyze (javascript)
- GitHub Check: Compile & Lint
🧰 Additional context used
🪛 GitHub Check: zizmor
.github/workflows/pacquet-cargo-unused.yml
[warning] 4-51:
overly broad permissions
.github/workflows/pacquet-codecov.yml
[warning] 3-107:
overly broad permissions
.github/dependabot.yml
[warning] 16-16:
insufficient cooldown in Dependabot updates
.github/workflows/pacquet-ci.yml
[warning] 1-253:
overly broad permissions
🔇 Additional comments (12)
Cargo.toml (1)
3-3: LGTM!Also applies to: 16-40
.gitignore (1)
60-63: LGTM!.taplo.toml (1)
1-1: LGTM!pacquet/npm/pacquet/scripts/generate-packages.mjs (1)
10-10: LGTM!.github/workflows/pacquet-cargo-unused.yml (1)
4-4: LGTM!.github/workflows/pacquet-codecov.yml (1)
3-3: LGTM!Also applies to: 10-10, 15-15
.github/workflows/pacquet-ci.yml (1)
7-39: LGTM!Also applies to: 134-134
.github/workflows/pacquet-release-to-npm.yml (1)
3-3: LGTM!Also applies to: 10-10, 32-32, 171-173, 182-182
.github/workflows/pacquet-integrated-benchmark.yml (1)
1-1: LGTM!Also applies to: 8-10, 14-20, 72-72, 114-114
.github/workflows/pacquet-integrated-benchmark-comment.yml (1)
1-1: LGTM!Also applies to: 3-4, 13-13
justfile (1)
18-18: LGTM!Also applies to: 20-20, 38-38
.github/workflows/pacquet-micro-benchmark.yml (1)
1-1: LGTM!Also applies to: 8-10, 13-17
Address zizmor warnings on the pacquet CI changes:
- `dependabot.yml`: the cargo entry I added in the previous commit
inherited from pacquet's standalone repo and is missing the
`cooldown: default-days: 7` the github-actions entry uses. Add it
so cargo and github-actions debounce updates consistently.
- `pacquet-ci.yml`, `pacquet-codecov.yml`, `pacquet-cargo-unused.yml`
lacked a top-level `permissions:` block, so GITHUB_TOKEN inherited
the repo default. Declare `contents: read` — every job in these
workflows only reads the repo and runs local checks.
The other four pacquet workflows already declare permissions
explicitly (integrated-benchmark/comment, micro-benchmark, release).
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/pacquet-codecov.yml:
- Around line 3-6: The workflow "Pacquet Code Coverage" currently lacks a
top-level permissions block, so GITHUB_TOKEN inherits repo defaults; add an
explicit minimal permissions block (e.g., set contents: read) at top level
beneath the workflow name to grant only the least-privilege access needed for
this job triggered by workflow_dispatch; ensure the new permissions block
appears alongside "name: Pacquet Code Coverage" and "on: workflow_dispatch" so
the workflow runs with explicit read-only token scope.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: a35a03f6-89c2-4c3a-9601-990c9d7ce00d
📒 Files selected for processing (4)
.github/workflows/pacquet-ci.yml.github/workflows/pacquet-codecov.yml.github/workflows/pacquet-integrated-benchmark.yml.github/workflows/pacquet-release-to-npm.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: Run benchmark on ubuntu-latest
- GitHub Check: Lint and Test (ubuntu-latest)
- GitHub Check: Lint and Test (windows-latest)
- GitHub Check: Lint and Test (macos-latest)
- GitHub Check: Dylint
- GitHub Check: Compile & Lint
🧰 Additional context used
🪛 GitHub Check: zizmor
.github/workflows/pacquet-ci.yml
[warning] 1-249:
overly broad permissions
.github/workflows/pacquet-codecov.yml
[warning] 3-103:
overly broad permissions
🔇 Additional comments (5)
.github/workflows/pacquet-ci.yml (2)
1-3: Duplicate: missing explicit top-level workflow permissions.This was already flagged in prior review comments and still appears unresolved.
7-39: LGTM!Also applies to: 66-68, 130-130
.github/workflows/pacquet-codecov.yml (1)
10-15: LGTM!Also applies to: 44-46
.github/workflows/pacquet-release-to-npm.yml (1)
3-3: LGTM!Also applies to: 10-10, 32-32, 142-147, 164-167, 175-177
.github/workflows/pacquet-integrated-benchmark.yml (1)
1-1: LGTM!Also applies to: 8-10, 14-20, 72-72, 103-105, 110-110
cspell at the repo root scans all `**/README.md` and was rejecting `pacquet/README.md` and `pacquet/npm/pacquet/README.md`, which describe pacquet as "not a reimagining of pnpm." Add the word to the existing allow-list rather than rewording two READMEs imported from a separate repo.
Two Rust source files looked up paths off the cargo workspace root
(\`cargo locate-project --workspace\`), which now resolves to the
monorepo root rather than the pacquet directory. Add the \`pacquet/\`
prefix:
- \`tasks/registry-mock/src/dirs.rs\` — \`registry_mock()\` was
pointing the node launcher at \`<repo>/tasks/registry-mock/launch.mjs\`
instead of \`<repo>/pacquet/tasks/registry-mock/launch.mjs\`, which
failed every Pacquet CI test job ("Cannot find module ...launch.mjs").
- \`tasks/micro-benchmark/src/main.rs\` — same idea for the
fixtures folder.
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
* chore(pacquet): wire pacquet workflows into monorepo
Move Cargo workspace, Rust toolchain configs, justfile, composite actions,
and 7 workflow files out of `pacquet/` and up to the repo root so:
- cargo / just / taplo run from repo root, the way the rest of the
monorepo's tooling does
- GitHub Actions actually discovers the workflows (it only reads
`.github/workflows/` at the repo root)
Workflows are prefixed with `pacquet-` and renamed to "Pacquet ..." so
they don't collide with the existing pnpm CI. Path filters are scoped
to `pacquet/**` so they don't trigger on every commit. The cargo entry
from pacquet's standalone `dependabot.yml` is folded into the root one;
pacquet's `CODEOWNERS` and `pull_request_template.md` are dropped because
the root copies supersede them.
Path rewrites:
- `Cargo.toml` workspace members → `pacquet/crates/*`, `pacquet/tasks/*`
- all path-deps in `[workspace.dependencies]` → `pacquet/...`
- `justfile` recipes (`install`, `install-hooks`) point at `pacquet/...`
- `.taplo.toml` include globs → `pacquet/crates/*/*.toml`, `pacquet/tasks/*/*.toml`
- `pacquet/npm/pacquet/scripts/generate-packages.mjs` REPO_ROOT walks one
more level up
- workflow `paths:` filters, `hashFiles(...)`, and shell paths all updated
Verified: `cargo metadata` resolves the workspace, `cargo fmt --check`
clean, `taplo format --check` picks up all 26 Cargo.tomls, `actionlint`
reports no new issues (the `type:`-on-input warnings on the rustup action
predate this move).
* chore(pacquet): drop pnpm version pin from pacquet CI workflows
The monorepo's root `package.json` declares `pnpm@11.1.1` under
`packageManager`, which conflicts with the workflows' explicit
`version: 11.0.0-rc.5` and trips `pnpm/action-setup` ERR_PNPM_BAD_PM_VERSION.
The pin was a pacquet-era workaround for the v9 lockfile while pnpm 11
was still pre-release. Stable 11.x writes v9 too, so let action-setup
read the version from `packageManager` like every other workflow in
this repo does.
* chore(pacquet): use pnpm/setup matching the rest of the monorepo
Replaces `pnpm/action-setup@v6` with the same `pnpm/setup@b1cac3...`
SHA the rest of pnpm/pnpm uses (release.yml, test.yml, ci.yml,
benchmark.yml, audit.yml). Reads pnpm version from `packageManager`
in root package.json, and skips the implicit `pnpm install` since
pacquet does its own scoped install via `just install` (which only
touches `pacquet/tasks/registry-mock/`).
The release workflow now also installs Node via the same action
(`runtime: node@22`) instead of via `pnpm runtime -g set node 22`,
since pnpm/setup handles runtimes in one step.
* chore(pacquet): tighten permissions and Dependabot cooldown
Address zizmor warnings on the pacquet CI changes:
- `dependabot.yml`: the cargo entry I added in the previous commit
inherited from pacquet's standalone repo and is missing the
`cooldown: default-days: 7` the github-actions entry uses. Add it
so cargo and github-actions debounce updates consistently.
- `pacquet-ci.yml`, `pacquet-codecov.yml`, `pacquet-cargo-unused.yml`
lacked a top-level `permissions:` block, so GITHUB_TOKEN inherited
the repo default. Declare `contents: read` — every job in these
workflows only reads the repo and runs local checks.
The other four pacquet workflows already declare permissions
explicitly (integrated-benchmark/comment, micro-benchmark, release).
* chore(pacquet): add "reimagining" to cspell dictionary
cspell at the repo root scans all `**/README.md` and was rejecting
`pacquet/README.md` and `pacquet/npm/pacquet/README.md`, which describe
pacquet as "not a reimagining of pnpm." Add the word to the existing
allow-list rather than rewording two READMEs imported from a separate
repo.
* fix(pacquet): prefix workspace-relative paths with pacquet/
Two Rust source files looked up paths off the cargo workspace root
(\`cargo locate-project --workspace\`), which now resolves to the
monorepo root rather than the pacquet directory. Add the \`pacquet/\`
prefix:
- \`tasks/registry-mock/src/dirs.rs\` — \`registry_mock()\` was
pointing the node launcher at \`<repo>/tasks/registry-mock/launch.mjs\`
instead of \`<repo>/pacquet/tasks/registry-mock/launch.mjs\`, which
failed every Pacquet CI test job ("Cannot find module ...launch.mjs").
- \`tasks/micro-benchmark/src/main.rs\` — same idea for the
fixtures folder.
Summary
Followup to #11632 (the pacquet history import). Makes the imported pacquet
workflows actually run, and moves the Rust workspace files out of
pacquet/and up to the repo root socargo/just/taplobehavelike the rest of the monorepo's tooling — invoked from the repo root, not
a nested subdir.
What moves to the repo root
Cargo.toml,Cargo.lockrust-toolchain.toml,rustfmt.toml,deny.toml,dylint.toml.taplo.toml,.typos.toml.cargo/config.tomljustfile.github/actions/rustup/,.github/actions/binstall/.github/workflows/pacquet-*.yml(prefixed to avoid theci.ymlcollision)What stays under
pacquet/crates/,tasks/,benchmark/,npm/,plans/,.githooks/,package.json,pnpm-lock.yaml, docs (AGENTS.md,CLAUDE.md,GEMINI.md,README.md,CONTRIBUTING.md,CODE_STYLE_GUIDE.md,LICENSE),.gitignore,.editorconfig,.gitattributes,.devcontainer/.Path rewrites required by the move
Cargo.tomlworkspace members:crates/*,tasks/*→pacquet/crates/*,pacquet/tasks/*path = "crates/..."in[workspace.dependencies]→pacquet/...justfilerecipesinstallandinstall-hooksnow point atpacquet/....taplo.tomlincludeglobs →pacquet/crates/*/*.toml,pacquet/tasks/*/*.tomlpacquet/npm/pacquet/scripts/generate-packages.mjsREPO_ROOTwalks one morelevel up (
../..instead of..)paths:filters scoped topacquet/**and the moved root configs soCI doesn't fire on every commit
hashFiles(...)and shell paths (tasks/...,npm/...) updated.github/dependabot.yml(root) gains acargoecosystem entry, merged frompacquet's standalone
dependabot.yml.github/CODEOWNERS(root) already covers* @zkochan, so pacquet's copy isdropped. Pacquet's
pull_request_template.mdis dropped too — it referencedthe standalone repo's roadmap, and GitHub only honors one template at the
repo level.
.gitignoregains/target,/bench-work-env,.pacquetso the newcargo build location is ignored
Rust source path fixes
Two Rust sources looked up paths off the cargo workspace root, which now
resolves to the monorepo root rather than
pacquet/. Both prefixed withpacquet/:pacquet/tasks/registry-mock/src/dirs.rs—registry_mock()was sendingthe node launcher at
<repo>/tasks/registry-mock/launch.mjsinstead of<repo>/pacquet/tasks/.... Failed Pacquet CI on all 3 OSes with"Cannot find module ...launch.mjs".
pacquet/tasks/micro-benchmark/src/main.rs— same pattern for the fixturesfolder.
Workflow rename map
pacquet/.github/workflows/)name:ci.ymlpacquet-ci.ymlPacquet CIcargo-unused.ymlpacquet-cargo-unused.ymlPacquet Cargo Unused Featurescodecov.ymlpacquet-codecov.ymlPacquet Code Coverageintegrated-benchmark.ymlpacquet-integrated-benchmark.ymlPacquet Integrated-Benchmarkintegrated-benchmark-comment.ymlpacquet-integrated-benchmark-comment.ymlPacquet Integrated-Benchmark Commentmicro-benchmark.ymlpacquet-micro-benchmark.ymlPacquet Micro-Benchmarkrelease-to-npm.ymlpacquet-release-to-npm.ymlRelease Pacquet(already hadPacquetin it)The integrated-benchmark-comment workflow's
workflow_run.workflows:referencewas updated to
Pacquet Integrated-Benchmarkso the two-stage pipeline stillchains.
Workflow setup aligned with the rest of pnpm/pnpm
pnpm/action-setup@v6topnpm/setup@b1cac37306e39c21283b9dd6cb0ac288fb35ba6b— the same SHA pin every other pnpm/pnpm workflow uses.
version: 11.0.0-rc.5pin (a pacquet-era workaround for v9lockfile during pre-release); pnpm/setup reads from
packageManagerin theroot
package.jsoninstead.install: falseso pnpm/setup doesn't trigger a root-workspace install —pacquet still scopes installs via
just install, which only touchespacquet/tasks/registry-mock/.runtime: node@22instead of aseparate "Setup Node" step that ran
pnpm runtime -g set node 22.Security / linter cleanup
.github/dependabot.ymlcargo entry gainscooldown: default-days: 7tomatch the github-actions entry (zizmor: insufficient cooldown).
pacquet-ci.yml,pacquet-codecov.yml,pacquet-cargo-unused.ymlgaintop-level
permissions: contents: read(zizmor: overly broad permissions).The other four pacquet workflows already declare permissions explicitly.
cspell.jsongains"reimagining"— pacquet's READMEs describe pacquetas "not a reimagining of pnpm" and cspell scans
**/README.mdat the root.Verification
cargo metadata --no-depsresolves the workspace from the repo root — all 24pacquet crates + 3 tasks present.
cargo fmt --all -- --checkclean.taplo format --checkpicks up all 26Cargo.tomlfiles and reports noreformatting.
python3 -c 'yaml.safe_load(...)'parses all 7 workflow files.actionlintreports no new findings — thetype:-on-composite-action-inputwarnings on the rustup action are pre-existing (they were on the imported
files before this PR).
pnpm dlx cspell pacquet/README.md pacquet/npm/pacquet/README.mdpassesafter adding "reimagining" to the dictionary.
Known-failing CI on this PR
Pacquet Micro-Benchmark / Run benchmark on ubuntu-latest— chicken-and-egg.The workflow checks out
mainfirst to bench the baseline, then runs./.github/actions/rustup— butmaindoesn't have.github/actions/rustupyet (this PR is what introduces it). Resolves itself the moment this PR
merges; every subsequent PR works.
Pacquet Code Coverage / Upload coverage file—secrets.CODECOV_TOKENis not set on
pnpm/pnpm. The first stage (Code Coverage— runningcargo llvm-covand uploadinglcov.infoas a GitHub artifact) succeeds;only the codecov.io upload step fails. Requires the user to either add the
CODECOV_TOKEN secret, reconfigure codecov to use a monorepo-level project,
or disable the workflow until coverage tracking is decided.
Out of scope (followups)
pacquet/npm/pacquet/package.jsonpush to mainand would create a GitHub release on
pnpm/pnpm. May want to gate itbehind a manual approval or move the release to a separate repo — left as-is.
pacquet/pnpm-lock.yaml(for thetasks/registry-mockJSworkspace) is still pnpm-installed via
just installrather thanparticipating in the root
pnpm-workspace.yaml. Folding that in is itsown decision.
Test plan
Pacquet CI(Lint and Testubuntu/macos/windows) runs and passes.Pacquet Code Coverage / Code Coveragestage runs and passes (theupload stage is blocked on CODECOV_TOKEN — see Known-failing).
cargo metadataresolves workspace locally.cargo build -p pacquet-clifrom repo root succeeds locally.just installfrom repo root populatespacquet/tasks/registry-mock/node_modules.Written by an agent (Claude Code, claude-opus-4-7).