# Beta Release Draft Pull Request

## Overview

Draft PR to merge hardened CI/release workflow changes from `feature/beta-release` into `feature/alpha-completion`.

## Highlights

- Secret token migration: prefer `GITHUB_TOKEN` while maintaining support for `CHARON_TOKEN` (fallback) where needed.
- Release workflow refinements: stable prerelease detection (alpha/beta/rc), artifact matrix intact.
- Prior infra hardening (already partially merged earlier): pinned GitHub Action SHAs/tags, resilient Delve (`dlv`) multi-arch build handling.
- Extensive incremental documentation trail in `docs/beta_release_draft_pr.md` plus concise snapshot in `docs/beta_release_draft_pr_body_snapshot.md` for reviewers.

## Ahead Commits (Representative)

Most recent snapshot commit: `308ae5dd` (final body content before PR). Full ordered list in `docs/beta_release_draft_pr.md`.

## Review Checklist

- Secret `GITHUB_TOKEN` (or `CHARON_TOKEN` fallback) exists and has required scopes.
- No lingering `GITHUB_TOKEN` or `CHARON_TOKEN` references beyond allowed GitHub-provided contexts.
- Artifact list (frontend dist, backend binaries, caddy binaries) still correct for release.

## Risks & Mitigations

- Secret rename: Mitigate by verifying secret presence before merge.
- Workflow call path validity: `docker-publish.yml` referenced locally; CI on draft will validate end-to-end.

## Deferred Items (Out of Scope Here)

- Frontend test coverage improvements (ProxyHostForm).
- Additional beta observability and import validation tasks.

## Actions After Approval

1. Confirm CI draft run passes.
2. Convert PR from draft to ready-for-review.
3. Merge into `feature/alpha-completion`.

## Request

Please focus review on secret usage, workflow call integrity, and artifact correctness. Comment with any missed token references.

---
Generated programmatically to aid structured review.