1.0 Release Readiness

markstream-vue@1.0 means the Vue 3 package is safe to put in production and that 1.x will keep stable API, behavior, security defaults, and package exports unless a major version changes them.

Stable in 1.0

MarkdownRender for Vue 3.
Raw content rendering and pre-parsed nodes rendering.
Streaming mid-state rendering with final, typewriter, smoothStreaming, and useSmoothMarkdownStream.
Safe HTML rendering with htmlPolicy="safe" as the default.
Optional Mermaid, KaTeX, D2, Infographic, and Monaco integrations.
SSR import and render-to-string support for Vue / Vite / Nuxt / VitePress.
Published CSS exports: index.css, index.tailwind.css, and index.px.css.
Documented worker client exports:
- markstream-vue/workers/katexWorkerClient
- markstream-vue/workers/mermaidWorkerClient
markstream-vue/tailwind default and named safelist exports.

Experimental or internal

Cross-framework packages and playgrounds: Vue 2, React, Angular, Svelte, Next.
Repository CLI helpers, skills/prompts, and bundled agent assets.
CDN worker helper subpaths: markstream-vue/workers/katexCdnWorker and markstream-vue/workers/mermaidCdnWorker.
Low-level worker implementation files such as markstream-vue/workers/katexRenderer.worker and markstream-vue/workers/mermaidParser.worker. These are exported for bundler compatibility only and are not part of the 1.x compatibility promise.
Height-estimation experiment APIs.
Internal renderer props: indexKey, renderAsFragment, debugPerformance, initialRenderBatchSize, renderBatchSize, renderBatchDelay, renderBatchBudgetMs, renderBatchIdleTimeoutMs, and viewportPriority.

These may still exist in the repository, but they are not part of the 1.x compatibility promise unless promoted in the API docs.

Published package surface

The 1.0 npm package publishes dist only. It must not include a bin field or leak bin/, .agents/, or prompts/ into the tarball. CLI helpers for skills and prompts remain repository/internal tooling or future separate-package work.

Stable public API

import MarkdownRender, {
  clearGlobalCustomComponents,
  CodeBlockNode,
  D2BlockNode,
  disableD2,
  disableKatex,
  disableMermaid,
  enableD2,
  enableKatex,
  enableMermaid,
  getCustomNodeComponents,
  InfographicBlockNode,
  isD2Enabled,
  isKatexEnabled,
  isMermaidEnabled,
  MarkdownCodeBlockNode,
  MathBlockNode,
  MathInlineNode,
  MermaidBlockNode,
  PreCodeNode,
  removeCustomComponents,
  setCustomComponents,
  setD2Loader,
  setDefaultI18nMap,
  setDefaultMathOptions,
  setKatexLoader,
  setMermaidLoader,
  useSmoothMarkdownStream,
  VueRendererMarkdown,
} from 'markstream-vue'

VueRendererMarkdown accepts app-scoped components, which is preferred for SSR:

app.use(VueRendererMarkdown, {
  components: {
    thinking: ThinkingNode,
  },
})

The legacy/global setCustomComponents() API remains supported, but SSR and multi-tenant apps should prefer app-scoped registration.

Root exports are tiered for 1.x compatibility:

Export	1.x status
`MarkdownRender`, `VueRendererMarkdown`, `useSmoothMarkdownStream`	Stable renderer API.
`CustomComponents`, `MarkstreamVuePluginOptions`, `NodeRendererProps`, component prop types	Stable TypeScript surface.
`setCustomComponents`, `removeCustomComponents`, `clearGlobalCustomComponents`	Stable legacy/global custom component registry. Prefer app-scoped `components` for SSR and multi-tenant apps.
`getCustomNodeComponents`	Legacy registry inspection only. It reads global/customId mappings and does not include app-scoped `components`, because those are provided through Vue injection.
`enableKatex` / `disableKatex` / `isKatexEnabled` / `setKatexLoader`, `enableMermaid` / `disableMermaid` / `isMermaidEnabled` / `setMermaidLoader`, `enableD2` / `disableD2` / `isD2Enabled` / `setD2Loader`	Stable optional integration controls.
`setDefaultI18nMap`, `setDefaultMathOptions`	Stable customization hooks.
Individual node components such as `CodeBlockNode`, `PreCodeNode`, `MarkdownCodeBlockNode`, `MermaidBlockNode`, `MathBlockNode`, `MathInlineNode`, `D2BlockNode`, and `InfographicBlockNode`	Stable override surface for custom renderers when used with documented props.
Parser utilities re-exported from `stream-markdown-parser` and documented markdown plugin utilities	Stable as documented, subject to the parser/core version policy below.
Low-level utility exports under `markstream-vue/utils/*`	Advanced utility surface; only documented utilities are covered by the 1.x compatibility promise.

Parser and core version policy

The Vue renderer exposes parser node types, parse options, and smooth-streaming behavior through its public API. For 1.0, release the three packages together:

txt

markstream-vue@1.0.0
markstream-core@1.0.0
stream-markdown-parser@1.0.0

If the parser or core package stays below 1.0, markstream-vue must pin the exact compatible released versions and absorb breaking parser/core changes behind its own exported types before publishing a 1.x Vue release.

Required package smoke

Run the unified release gate before publishing:

bash

pnpm release:verify

That command runs lint, typecheck, the full Vitest suite, strict public API checks, and packed-package validation:

bash

pnpm test:smoke:pack
pnpm test:smoke:pack:optional

The smoke packs the workspace packages, installs the tarball into a fresh Vite app, verifies root imports, CSS exports, Tailwind safelist export, stable worker client subpaths, experimental worker subpaths remain importable, SSR import/render, app-scoped custom components, and optional-peer absence. The optional variant installs Mermaid, KaTeX, D2, Infographic, Monaco, stream-markdown, and vue-i18n.

Security release gate

Before 1.0, the security tests must cover:

javascript: / encoded JavaScript URL attempts in links and HTML attrs.
Unsafe image sources including SVG/data HTML/protocol-relative URLs.
Event attributes such as onerror and inline style script URLs.
Hard-blocked tags such as script, style, form, iframe, object, and template.
Streaming mid-states for partially received HTML and links.
Legacy fence renderer escaping for language labels, DOM ids, and translated copy labels.

Use htmlPolicy="trusted" only for content that is fully controlled by the application.

Performance release gate

The public benchmark set should include:

10 KB normal docs.
100 KB AI streaming.
1 MB large document.
1000 code blocks.
100 Mermaid blocks.
10k pre-parsed nodes.
Reverse-flex chat scroll.

Track initial render time, stream update cost, p95 frame cost, max long task, memory after unmount, scroll drift, and DOM node count.

Go / No-Go checklist

[ ] Stable and experimental public API documented.
[ ] Parser/core release strategy decided.
[ ] Legacy fence renderer escaping covered by tests.
[ ] Safe HTML docs and XSS regression tests complete.
[ ] App-scoped custom component registry covered by SSR test.
[ ] pnpm release:verify passes.
[ ] CSS, Tailwind, and worker subpath exports smoke-tested.
[ ] Unit, SSR, public API, and package export checks are green.
[ ] Nuxt SSR smoke or preview deployment is green.
[ ] VitePress docs build is green.
[ ] Migration notes and changelog describe beta-to-1.0 breaking changes.

1.0 Release Readiness ​

Stable in 1.0 ​

Experimental or internal ​

Published package surface ​

Stable public API ​

Parser and core version policy ​

Required package smoke ​

Security release gate ​

Performance release gate ​

Go / No-Go checklist ​