fix: pin altimate-core + force re-fetch to prevent stale native binaries

[anandgupta42]

Summary

Two fixes to prevent stale @altimateai/altimate-core native binaries during auto-upgrade:

1. Pin exact version: ^0.2.5 → 0.2.5 — prevents npm from satisfying the range with a cached older version when a newer one is published
2. Add --force: forces npm/pnpm/bun to re-download all dependencies including platform binaries, working around npm/cli#4828

Why both?

• Pin alone doesn't help when npm's cache serves a stale platform binary for the same version (the npm bug)
• Force alone bypasses peer dep checks and downloads all platform binaries — the pin reduces how often --force actually matters

Context

Companion fix to altimate-core-internal#113 which adds runtime export validation as a safety net.

Fixes #469

Test plan

• npm install -g --force verified with dry-run — correctly re-fetches all platform binaries
• bun install -g --force verified — forces latest versions from registry
• pnpm install --force confirmed valid via docs
• Type checks pass
• Upstream marker check passes

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b4480310-5cab-408d-b04c-5159a7c44bd8

📥 Commits

Reviewing files that changed from the base of the PR and between e0672f7 and b641dbf.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• packages/opencode/package.json

Disabled knowledge base sources:

• Jira integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

📝 Walkthrough

Walkthrough

A dependency in packages/opencode/package.json was changed: @altimateai/altimate-core was pinned from the caret range ^0.2.5 to the exact version 0.2.5, restricting resolver choices to that specific release.

Changes

Cohort / File(s)	Summary
Dependency Version Pin packages/opencode/package.json	Updated @altimateai/altimate-core from ^0.2.5 to 0.2.5 (exact version pin).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• AltimateAI/altimate-code — PR 463: touches packages/opencode/package.json and includes build/pre-release checks that reference the same @altimateai/altimate-core dependency.

Poem

🐰 I hopped through package.json tonight,
Pinned a core to keep the skyline bright,
No caret drift, no creeping tide,
Just steady code where rabbits bide,
✨ npm bliss, snug and right.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title describes adding --force flags to package manager upgrade commands, but the changeset only pins a dependency version. The title is misleading about what actually changed.	Update the title to reflect the actual change: 'fix: pin @altimateai/altimate-core to exact version 0.2.5' or similar, to accurately describe the dependency version pinning.
Description check	⚠️ Warning	The description discusses adding --force flags and references a companion PR, but the actual changeset only modifies a version constraint in package.json. The description does not match the implemented changes.	Revise the description to accurately document the version pinning change and clarify why the --force flag addition was reverted, ensuring the description aligns with the actual code changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/force-reinstall-stale-binaries

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}