Publishing
Publishing is the point where project-scoped draft state becomes an operational release. MergeSafe does more than just save a snapshot: it evaluates tool readiness, compiles the pack content, signs the artifact, stores the release, and activates a version.
How publish evaluates tools
Publish works across the project state rather than one tool at a time. Tools are classified as invalid, skipped, or publishable based on whether they meet the requirements for inclusion in the next pack.
- Invalid tools are not ready for release.
- Skipped tools are intentionally excluded from the pack.
- Publishable tools are the set that can be compiled into the next version.
What publish creates
The pack is the versioned release concept. The artifact is the concrete signed JSON file produced for that pack version. Docs should keep those terms distinct even though they are closely related operationally.
During publish, MergeSafe assigns the next version, compiles the content, signs the artifact, verifies the signature, stores the artifact, and writes the version record.
What the active publish outcome means
A successful publish makes the new version active. The runtime active-pointer flow resolves against that version, then downloads the corresponding artifact.
That is why publish has operational weight: it changes what the runtime considers live for the project.
Publishing language to keep qualified
Docs-safe claim boundary
It is safe to say that the runtime fetches an active pointer and then the artifact, and that signature verification is part of the runtime flow.
It is not safe to state as a guaranteed product truth that active pack delivery always requires the project key. The current docs source keeps that point qualified until it is manually verified.