What & why

Audit of the repo at v2.0.15 turned up several things that had drifted out of sync.

1. PLUGIN_VERSION was frozen at "2.0.0" (real bug)

index.ts hardcoded const PLUGIN_VERSION = "2.0.0", used in the startup log (Plugin vX loaded) and morph_edit tool metadata. The release workflow's bump step only ran npm version (package.json), so every release since 2.0.0 shipped reporting itself as 2.0.0.

• Synced the constant to 2.0.15.
• release.yml now rewrites the constant during the version bump via sed, with a grep guard that fails the release if the sync misses. Build now runs after the bump so the published dist reflects the correct version, and the commit step adds index.ts alongside package.json/package-lock.json.

2. Dependencies were far behind

OpenCode was ~15 minor versions behind (the lockfiles froze 1.2.22). Regenerated both bun.lock and package-lock.json.

3. README

Compaction note no longer pins a single OpenCode minor (1.14.x → 1.14+).

Validation

bun run typecheck, bun run build, and the full 67-test suite all pass on the bumped dependencies. Verified the built dist/index.js now reports 2.0.15, and simulated the workflow's sed to confirm a future bump rewrites the constant correctly.

⚠️ Note for reviewer

• The @opencode-ai/sdk/plugin 1.2 → 1.17 jump is the one risk area. It's type-clean and build/test-clean, but the test suite skips live API calls and doesn't exercise the OpenCode hooks at runtime — a quick smoke test against a live OpenCode 1.17 session before merging is worth it. Happy to split the dep bump into its own PR if you'd rather land the version fix first.
• Merging to main auto-publishes to npm (release workflow), so this is intentionally a PR rather than a direct push.
• morphsdk 0.2.180 pulls in new OpenTelemetry/Traceloop transitive deps (one blocked protobufjs postinstall under bun — doesn't affect build/test/CI).

🤖 Generated with Claude Code