* ✨ feat(browser): enable RUM feature flag tracking by default if RUM is available

* do not add flag evaluation if variant is null

* format fix

* update 3rd party license attribution

Co-authored-by: campaigner-prod[bot] <87874424+campaigner-prod[bot]@users.noreply.github.com>

* Executing automated changes

* fix lint

---------

Co-authored-by: campaigner-prod[bot] <87874424+campaigner-prod[bot]@users.noreply.github.com>
Co-authored-by: Greg Huels <[email protected]>

Co-authored-by: campaigner-prod[bot] <87874424+campaigner-prod[bot]@users.noreply.github.com>

Co-authored-by: campaigner-prod[bot] <87874424+campaigner-prod[bot]@users.noreply.github.com>

* Add IndexedDB persistence for flag configurations

Store precomputed flag assignments in IndexedDB so the browser SDK
can serve cached flags across page loads, surviving short backend
outages (e.g., CDN maintenance windows) instead of falling back to
programmatic defaults.

* Fix import ordering and add fake-indexeddb license entry

* Wait for transaction commit in IndexedDB set/clear operations

Resolve on tx.oncomplete instead of request.onsuccess so that writes
are guaranteed to be persisted. A request can succeed but the
transaction can still fail (e.g. quota errors), which would silently
lose data under the old pattern.

* Scope IndexedDB cache by client token and add targetingKey/initialConfig guards

Prevent cross-user flag leakage on shared computers by validating
targetingKey before using cached data, skip cache when caller provides
initialFlagsConfiguration, and isolate cache entries per SDK key.

* Address review: store objects directly, key by context, non-blocking cache, STALE status

- Store FlagsConfiguration objects directly in IndexedDB (no JSON
  stringify/parse — IndexedDB uses the structured clone algorithm).
- Key cache entries by clientToken + hashed EvaluationContext, so
  different contexts don't collide. Removes the targetingKey comparison
  guard in provider.ts.
- Make set() fire-and-forget — cache writes never block initialize or
  onContextChange, and never put the provider into ERROR state.
- Exposure cache init runs concurrently with the network fetch.
- Emit ProviderStatus.STALE / ProviderEvents.Stale when serving cached
  config after a fetch failure (instead of READY).

* Fix import ordering in indexeddb-flags-cache

* Don't block fetch on cache read, use full hash, normalize context keys

- Cache read now runs concurrently with the network fetch instead of
  blocking it. Cached config is only used as fallback when fetch fails.
- Use full MD5 hash for context key (no truncation) to avoid collisions.
- Sort context keys before hashing so {a:1, b:2} and {b:2, a:1}
  produce the same cache key.

* Fix prettier formatting in provider.ts

* v1.1.0

* Add AGENTS.md with release guide for Lerna workflow

* Fix AGENTS.md formatting for prettier

* Remove preview/prerelease references from AGENTS.md

* Remove preview/prerelease references from docs — project is GA

* Simplify release section in CONTRIBUTING.md, defer to AGENTS.md

* Move release guide into CONTRIBUTING.md, slim down AGENTS.md

* Fix CHANGELOG.md formatting for prettier

* Restore build commands, env vars, testing, and troubleshooting sections to CONTRIBUTING.md

* Restore full CONTRIBUTING.md, narrowly remove only preview/prerelease references

* Address PR review: separate public/internal changelog, fix node-server description

- Move IndexedDB persistence and RUM tracking items to Public Changes section
- Fix node-server package.json description from "React Native" to "Node.js server"

* Update CHANGELOG.md

Co-authored-by: Oleksii Shmalko <[email protected]>

---------

Co-authored-by: Oleksii Shmalko <[email protected]>

Classic NPM tokens are being deprecated. This switches the release
workflow to use GitHub Actions OIDC for authentication instead of
the ENV_NPM_TOKEN secret.

Changes:
- Remove ~/.npmrc token injection and NODE_AUTH_TOKEN env from all
  publish steps in release.yaml
- Add registry-url to setup-node for OIDC discovery
- Bump yarn from 4.9.2 to 4.10.3 (minimum for OIDC support)
- Add migration plan doc with manual pre/post steps

npm trusted publishing (OIDC) requires Node >= 22. Updated both
release.yaml and ci.yaml from 20.x to 22.x.

setup-node with registry-url writes a placeholder NODE_AUTH_TOKEN to
.npmrc, which makes npm attempt token auth instead of using OIDC.

)

Node 24 ships with npm 11+ which has built-in OIDC trusted publishing
support. Node 22 only has npm 10.9.4 which doesn't support it.
Also adds --provenance flag to trigger the OIDC token exchange.

…196)

Consolidates the 3 separate publish steps into one. This ensures the
OIDC token stays valid across all publishes and allows re-runs to skip
packages that were already published successfully.