# Phase 10 - Desktop Deploy & Rollout

Status: completed  
Date: 2026-04-19  
Target: `WepAppOpusApiDesktop`

## 1) Objective

Lock release/distribution flow for Desktop V1 so installer delivery is repeatable and verifiable:
1. generate artifact manifest with checksums
2. add smoke gate for installer completeness
3. document install/rollout for machines with no Node/Python/server setup

## 2) Core implementation

## 2.1 Release rollout module

Added:
1. `WepAppOpusApiDesktop/main/release/release-rollout.js`

Capabilities:
1. collect release artifacts in `release/`
2. classify artifact types (`nsis-installer`, `portable-executable`, `nsis-blockmap`)
3. detect `win-*-unpacked` targets and validate payload existence:
   - `<ProductName>.exe`
   - `resources/app.asar`
4. generate SHA-256 checksums for installer artifacts
5. validate release completeness with error/warning output

## 2.2 Release scripts

Added:
1. `WepAppOpusApiDesktop/scripts/release-manifest.js`
2. `WepAppOpusApiDesktop/scripts/release-smoke.js`

New npm scripts:
1. `npm run release:manifest`
2. `npm run release:smoke`
3. `npm run release:pack` (build + manifest + smoke gate)

## 2.3 Regression tests

Added:
1. `WepAppOpusApiDesktop/tests/release/release-rollout.test.js`

Coverage:
1. happy path (nsis + portable + unpacked payload)
2. negative path when artifact is missing
3. deterministic classification for release file names/unpacked directories

## 2.4 Install/rollout runbook

Added:
1. `WepAppOpusApi/docs/desktop-install-runbook.md`

Runbook covers:
1. clean-machine install steps (no runtime prerequisites)
2. recommended installer target selection (`Setup.exe` vs `Portable.exe`)
3. upgrade and rollback entry points
4. local DB migration between machines
5. keychain-bound token caveat when moving machines

## 3) Verification

Commands executed:
1. `npm run lint`
2. `npm run test`
3. `npm run build:renderer`
4. `npm run build:win`
5. `npm run release:manifest`
6. `npm run release:smoke`

Result:
1. all checks passed
2. release smoke confirms installer + portable + unpacked payload integrity

## 4) Residual risk

1. Windows code-signing/SmartScreen trust is not configured yet
2. token encryption master key remains machine keychain-bound, so DB-only migration cannot reuse old encrypted token payload directly
