Reference
How GNO proves the npm tarball users install contains the runtime files and doctor contract needed for release.
The supported CLI distribution is the npm package installed through Bun. Before a release is published, GNO verifies the actual packed tarball instead of only testing the repository checkout.
bun run test:packageThis command runs scripts/package-smoke.ts. It calls npm pack, installs from the generated npm tarball into isolated temporary HOME, GNO_*, npm cache, and npm prefix paths, then runs the packaged binary.
The smoke checks the package allowlist and required runtime files. The required file proof includes package.json, bunfig.toml, src/index.ts, src/sdk/index.ts, src/embed/retry.ts, src/serve/public/globals.built.css, and THIRD_PARTY_NOTICES.md.
The installed tarball binary must pass gno --version, gno --help, gno init, and gno doctor --json from the isolated install. Doctor JSON failures are release failures.
The doctor assertion is exact: output must include the embedding-fingerprint check and an embeddingFingerprint payload with currentFingerprint, pendingChunks, legacyChunks, mixedGroups, and groups. This proves the packaged install exposes the same embedding freshness contract as the repository build.