Pin .nvmrc to 24.15.0 and align CI via node-version-file

[plx]

Summary

• Pins .nvmrc to 24.15.0 so nvm use resolves deterministically across machines (replacing the looser 24 major-only pin).
• Updates .github/workflows/build.yml to read the version from .nvmrc via node-version-file, replacing the hardcoded >=24.0.0 floor so CI and local environments share a single source of truth.
• engines.node in package.json (>=24.0.0) is still satisfied; no change needed there.

Test plan

• nvm use picks up Node 24.15.0 in a fresh shell.
• CI (.github/workflows/build.yml) reads .nvmrc via node-version-file and continues to pass.

🤖 Generated with Claude Code

[github-actions]

PR Validation ✅

All checks passed! Ready for review.

Checks Performed:

✓ Linting
✓ Spell check (source)
✓ Type checking & Build
✓ Spell check (HTML)
✓ Internal link validation
✓ Artifact upload

This is a complete dry-run of the deployment process, ensuring your changes will deploy successfully when merged.

[claude]

Code Review — PR #45: Pin .nvmrc to 24.0.0

Overview

A one-line change: .nvmrc moves from the loose 24 pin to the explicit 24.0.0. The intent — deterministic nvm use resolution across machines — is sound and worth doing.

---

What works well

• Correct direction: 24 in .nvmrc is a partial semver. nvm resolves it to the latest locally-installed 24.x.y, which varies per developer. An exact version removes that ambiguity.
• Consistent with package.json: engines.node is >=24.0.0, so 24.0.0 is a valid floor.
• Minimal, focused change with a clear PR description.

---

Concerns

1. CI still uses a floating version — the bigger reproducibility gap

build.yml:31 specifies node-version: '>=24.0.0', which resolves to the latest Node 24.x.y available in the GitHub Actions runner at build time. That means:

• Local dev: Node 24.0.0 (pinned)
• CI: Node 24.latest (floating)

This is the larger source of reproducibility drift, and the PR doesn't address it. The cleaner fix is to align CI with .nvmrc:

- name: Setup Node
  uses: actions/setup-node@v4
  with:
    node-version-file: '.nvmrc'   # reads the exact version from .nvmrc
    cache: 'npm'

This makes local and CI identical with a single source of truth.

2. Pinning to 24.0.0 locks in a ~1-year-old release

Node 24.0.0 shipped in April 2025. As of now (April 2026), Node 24 has had roughly a year of patch releases, some of which address security CVEs. Pinning exactly to .0.0 means local dev misses those fixes while CI (via the floating spec) gets them — a subtle inconsistency that cuts against the reproducibility goal.

Consider pinning to a more recent patch (e.g. the current 24.x.y as of today), and revisiting the pin periodically or via Dependabot/Renovate. Alternatively, if you adopt node-version-file in CI (above), you can update .nvmrc infrequently and both environments stay in sync automatically.

---

Summary

	Verdict
Change is safe to merge	✅ Yes — no risk of breakage
Achieves stated goal (local reproducibility)	✅ Partially — local-to-local is now consistent
Closes the local↔CI gap	❌ No — CI still floats
Avoids running on an old patched release	❌ Not ideally — 24.0.0 is ~1 year old

The PR is a net improvement and safe to merge as-is. But I'd suggest either following up (or amending) with the node-version-file: '.nvmrc' change in build.yml, and bumping the .nvmrc pin to the current stable Node 24 patch release.

[github-actions]

PR Validation ✅

All checks passed! Ready for review.

Checks Performed:

✓ Linting
✓ Spell check (source)
✓ Type checking & Build
✓ Spell check (HTML)
✓ Internal link validation
✓ Artifact upload

This is a complete dry-run of the deployment process, ensuring your changes will deploy successfully when merged.

[claude]

Code Review

Overview

This PR improves environment reproducibility by:

1. Pinning .nvmrc from the loose 24 to a specific version
2. Updating CI to use node-version-file: '.nvmrc' instead of a hardcoded >=24.0.0 constraint — so local and CI environments now share a single source of truth

The general direction is correct and the change is low-risk.

---

Issues

PR title/description vs. actual diff mismatch

The title says "Pin .nvmrc to 24.0.0" and the summary mentions 24.0.0, but the actual change pins to 24.15.0. This is likely a stale description from an earlier draft, but it's worth correcting before merging to keep the git history trustworthy (and so the test-plan checklist — which says to verify nvm use picks up 24.0.0 — actually matches reality).

---

Positives

• Single source of truth: node-version-file: '.nvmrc' in build.yml means CI and local nvm use will always agree on the Node version. The old >=24.0.0 floor let CI silently drift ahead of whatever a developer had installed locally.
• Specific pin over a range: 24.15.0 is far better than 24 for reproducibility — nvm use 24 resolves differently depending on what's installed and when.
• Minimal diff: Only 2 lines changed, which is exactly the right scope for this kind of infra hygiene fix.

---

Suggestions

1. Update the PR title and description to reference 24.15.0 instead of 24.0.0, and fix the test-plan checklist to match.
2. Consider a comment in build.yml (optional) linking .nvmrc as the canonical version file if your team is not already familiar with node-version-file — though the actions/setup-node docs are clear enough that this is probably unnecessary.
3. No package.json update needed? The current engines.node floor is >=24.0.0; 24.15.0 satisfies that, so no change is required there. Just confirming this was considered.

---

Verdict

Approve with minor fix — update the PR description and test-plan checklist to say 24.15.0. The code change itself is correct and an improvement.