npm - @aimlsuperagent/agent - Versions diffs - 0.1.1 → 0.1.2 - Mend

@aimlsuperagent/agent 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/DEPLOYMENT_LOG.md +23 -5
package/README.md +7 -7
package/REPO_SOURCE_OF_TRUTH.json +3 -3
package/SECURITY.md +1 -2
package/WORKING_NOTES.md +5 -6
package/docs/04-verification-loop.md +1 -1
package/docs/10-adoption-playbook.md +1 -1
package/docs/npm-publishing.md +96 -0
package/docs/release-checklist.md +3 -3
package/package.json +3 -3
package/docs/npm-private-publishing.md +0 -125

package/DEPLOYMENT_LOG.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Deployment Log
-This repository is currently a private release candidate and has not been publicly deployed as a package.
+This repository is public. The npm package is published publicly at `@aimlsuperagent/agent`.
 ## 2026-05-31 - Private Repository Buildout
@@ -27,7 +27,7 @@ Commit or build: pending
 Change: Added MIT License and updated package metadata.
 Verification: `node bin/aiml-superagent.js check . --release --strict`
 Rollback: change `LICENSE` and `package.json` before public release if a different license is selected.
-Risks: repository remains private; MIT terms matter when shared or made public.
+Risks: MIT terms apply to public reuse.
 ## 2026-05-31 - Private npm Package Preparation
@@ -50,8 +50,26 @@ Risks: npm package metadata changes only become visible on npm after publishing
 ## 2026-06-01 - Trusted Publishing Workflow
 Platform: GitHub Actions and npm
-Commit or build: pending
+Commit or build: `64dc17b`; GitHub Actions run `26748684943`
 Change: Added `.github/workflows/npm-publish.yml` for npm Trusted Publishing with GitHub OIDC, `id-token: write`, Node 24, release readiness checks, and restricted npm publish.
-Verification: pending local repo check and GitHub push.
+Verification: trusted publisher created for `marvinbfreedman/aimlsuperagent` and `npm-publish.yml`; workflow completed successfully; `npm view @aimlsuperagent/agent version repository.url bugs.url --json` reports version `0.1.1` with the Marvin Freedman repository URLs.
 Rollback: remove the workflow file and publish manually with npm OTP or an npm token that npm accepts for package PUT writes.
-Risks: npm package settings must trust `marvinbfreedman/aimlsuperagent` with workflow filename `npm-publish.yml` before this workflow can publish.
+Risks: public package installs no longer require npm organization authorization.
+## 2026-06-01 - Restricted npm Publish
+Platform: npm
+Commit or build: package version `0.1.1`
+Change: Published `@aimlsuperagent/agent@0.1.1` from `marvinbfreedman/aimlsuperagent` through npm Trusted Publishing.
+Verification: GitHub Actions run `26748684943` completed with `success`; npm metadata now shows repository `git+https://github.com/marvinbfreedman/aimlsuperagent.git` and bugs URL `https://github.com/marvinbfreedman/aimlsuperagent/issues`.
+Rollback: publish a new patch version with corrected metadata or access policy; do not unpublish unless there is a security issue.
+Risks: package remains private/restricted, so unauthorized users see npm `404`/access errors by design.
+## 2026-06-01 - Public npm Access
+Platform: npm and GitHub
+Commit or build: pending
+Change: Changed `@aimlsuperagent/agent` access from private/restricted to public. Confirmed `github.com/marvinbfreedman/aimlsuperagent` is public.
+Verification: `npm access set status=public @aimlsuperagent/agent` returned `@aimlsuperagent/agent: public`; repository API reported `visibility: public`.
+Rollback: npm public access can be changed back only deliberately with `npm access set status=private`; do not do that unless distribution should become private again.
+Risks: package and repository are now available to the public, so all future docs and examples must stay secret-safe.

package/README.md CHANGED Viewed

@@ -115,13 +115,13 @@ npm i -D @aimlsuperagent/agent
 Copy the templates into a project:
 ```bash
-npx aiml-superagent init .
+npx @aimlsuperagent/agent init .
 ```
 Check a project for SuperAgent readiness:
 ```bash
-npx aiml-superagent check .
+npx @aimlsuperagent/agent check .
 ```
 For personal machine-wide use, install the CLI globally:
@@ -143,13 +143,13 @@ npm run pack:dry-run
 Before making a repo public:
 ```bash
-npx aiml-superagent check . --release
+npx @aimlsuperagent/agent check . --release
 ```
 For CI where medium-risk findings should fail the build:
 ```bash
-npx aiml-superagent check . --strict
+npx @aimlsuperagent/agent check . --strict
 ```
 ## Package Analytics
@@ -245,7 +245,7 @@ The model can change. The operating discipline should remain stable.
 2. Fill in production owners, deployment surfaces, package manager, test commands, and secret names.
 3. Add `DEPLOYMENT_LOG.md` after the next live deploy.
 4. Add incident reports only for issues that change future behavior.
-5. Run `npx aiml-superagent check`.
+5. Run `npx @aimlsuperagent/agent check`.
 6. Iterate until the checker reports no high-risk gaps.
 ## Design Principles
@@ -272,11 +272,11 @@ See [docs/comparison-claude-md.md](docs/comparison-claude-md.md).
 ## Status
-Private release candidate. The repository can remain private while using the MIT License; the license defines reuse terms if and when the project is shared publicly.
+Public release candidate. The repository and npm package are public under the MIT License.
 Package name: `@aimlsuperagent/agent`.
-The npm package uses restricted/private access while early testing continues. Authorized users must be added to the npm organization/team and run `npm login` before installing. See [docs/npm-private-publishing.md](docs/npm-private-publishing.md).
+Install globally with `npm i -g @aimlsuperagent/agent`, or run directly with `npx @aimlsuperagent/agent`. See [docs/npm-publishing.md](docs/npm-publishing.md).
 ## License

package/REPO_SOURCE_OF_TRUTH.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "project": {
     "name": "AiML SuperAgent",
     "purpose": "A token-efficient operating framework for AI coding assistants.",
-    "status": "private-release-candidate",
+    "status": "public-release-candidate",
     "primaryAudience": [
       "software teams using AI coding assistants",
       "solo builders managing long-running projects",
@@ -16,7 +16,7 @@
     "templates": "templates/",
     "docs": "docs/",
     "examples": "examples/",
-    "privateNpmPublishing": "docs/npm-private-publishing.md"
+    "npmPublishing": "docs/npm-publishing.md"
   },
   "contextMinimizer": {
     "readFirst": [
@@ -57,7 +57,7 @@
       "all templates are copy-safe",
       "checker passes",
       "README links resolve",
-      "npm restricted/private access confirmed before publishing"
+      "npm public access confirmed before publishing"
     ]
   },
   "secrets": {

package/SECURITY.md CHANGED Viewed

@@ -6,7 +6,7 @@ AiML SuperAgent is designed around secret-safe operation.
 Do not open public issues containing secrets.
-If this repo is made public, use the repository security contact or private advisory flow for sensitive reports.
+Use the repository security contact or private advisory flow for sensitive reports.
 ## Secret Policy
@@ -29,4 +29,3 @@ Run before release:
 ```bash
 npm run check
 ```

package/WORKING_NOTES.md CHANGED Viewed

@@ -2,9 +2,9 @@
 ## Current State
-- Repository is private at `github.com/marvinbfreedman/aimlsuperagent`.
-- npm package is `@aimlsuperagent/agent` and uses restricted/private package access.
-- Goal is a public-ready release candidate for AiML SuperAgent.
+- Repository is public at `github.com/marvinbfreedman/aimlsuperagent`.
+- npm package is public at `@aimlsuperagent/agent`.
+- Goal is a public release candidate for AiML SuperAgent.
 - Positioning: not a replacement for behavior files, but the next operating layer after them.
 - Core differentiator: Context Minimizer, which reduces token waste by separating durable memory from active task context.
 - Checker now validates unresolved placeholders, source-of-truth paths, context-bloat size limits, and optional release/strict gates.
@@ -19,11 +19,10 @@
 ## Open Decisions
-- Whether to make the npm package public after private-package testing is complete.
 - Whether to add model-specific adapter files for Claude, Codex, Cursor, and Gemini in separate folders.
 ## Decisions
-- License set to MIT while repository remains private. This preserves private development while preparing clean public reuse terms.
+- License set to MIT for public reuse.
 - Package metadata points at `github.com/marvinbfreedman/aimlsuperagent`.
-- npm scope ownership and restricted package access are confirmed for `@aimlsuperagent/agent`.
+- npm package public access is confirmed for `@aimlsuperagent/agent`.

package/docs/04-verification-loop.md CHANGED Viewed

@@ -78,5 +78,5 @@ CLI script:
 ```bash
 npm i -D @aimlsuperagent/agent
-npx aiml-superagent check .
+npx @aimlsuperagent/agent check .
 ```

package/docs/10-adoption-playbook.md CHANGED Viewed

@@ -14,7 +14,7 @@ Run:
 ```bash
 npm i -D @aimlsuperagent/agent
-npx aiml-superagent check .
+npx @aimlsuperagent/agent check .
 ```
 Replace every placeholder before relying on the output.

package/docs/npm-publishing.md ADDED Viewed

@@ -0,0 +1,96 @@
+# npm Publishing
+This repository publishes a public npm package named:
+```text
+@aimlsuperagent/agent
+```
+The package is public. Anyone can install it from the npm registry without joining the `aimlsuperagent` npm organization.
+## Current Publish State
+`package.json` includes:
+```json
+"publishConfig": {
+  "access": "public",
+  "registry": "https://registry.npmjs.org/"
+}
+```
+Public access is intentional for the scoped package.
+## Confirm Current Access
+Check package visibility:
+```bash
+npm access get status @aimlsuperagent/agent
+```
+Expected current shape:
+- package status: `public`
+- package name: `@aimlsuperagent/agent`
+- repository: `github.com/marvinbfreedman/aimlsuperagent`
+```bash
+npm i -g @aimlsuperagent/agent
+aiml-superagent --help
+```
+## Dry Run
+Run:
+```bash
+npm run check:release
+npm run pack:dry-run
+```
+Review the file list. It should include docs, templates, examples, schemas, the CLI, and root operating files. It should not include secrets, local logs, or build output.
+## Publishing Procedure
+For a new public version:
+1. Bump the package version.
+2. Run:
+```bash
+npm run check:release
+npm run pack:dry-run
+npm publish --access public
+```
+## Trusted Publishing
+npm recommends Trusted Publishing for automation and CI/CD. This repository includes:
+```text
+.github/workflows/npm-publish.yml
+```
+Trusted Publishing is configured for this package:
+- Provider: GitHub Actions
+- Organization or user: `marvinbfreedman`
+- Repository: `aimlsuperagent`
+- Workflow filename: `npm-publish.yml`
+- Allowed action: `npm publish`
+Use GitHub Actions > Publish npm package > Run workflow. The workflow uses GitHub OIDC instead of a long-lived `NPM_TOKEN`.
+## Install
+Anyone can install globally:
+```bash
+npm i -g @aimlsuperagent/agent
+aiml-superagent --help
+```
+## Failure Rule
+If `npm run check:release` or `npm run pack:dry-run` fails, do not publish. Fix the release blocker first.

package/docs/release-checklist.md CHANGED Viewed

@@ -34,12 +34,12 @@ Optional:
 mkdir -p /tmp/superagent-smoke
 cd /tmp/superagent-smoke
 npm i -D @aimlsuperagent/agent
-npx aiml-superagent init .
-npx aiml-superagent check .
+npx @aimlsuperagent/agent init .
+npx @aimlsuperagent/agent check .
 ```
 ## Publication
 - Confirm MIT License is still the intended public license.
-- Remove private release candidate wording if appropriate.
+- Remove stale pre-publication wording if appropriate.
 - Tag first public release.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aimlsuperagent/agent",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "A token-efficient operating framework for AI coding assistants.",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
     "check:json": "node bin/aiml-superagent.js check . --json",
     "check:release": "node bin/aiml-superagent.js check . --release --strict",
     "pack:dry-run": "npm pack --dry-run --cache ./.npm-cache",
-    "prepublishOnly": "node scripts/assert-private-publish-ready.js && node bin/aiml-superagent.js check . --release --strict"
+    "prepublishOnly": "node scripts/assert-public-publish-ready.js && node bin/aiml-superagent.js check . --release --strict"
   },
   "keywords": [
     "ai",
@@ -50,7 +50,7 @@
     "node": ">=18"
   },
   "publishConfig": {
-    "access": "restricted",
+    "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
   "license": "MIT"

package/docs/npm-private-publishing.md DELETED Viewed

@@ -1,125 +0,0 @@
-# Private npm Publishing
-This repository is prepared for a private npm package named:
-```text
-@aimlsuperagent/agent
-```
-The package is currently published as a private/restricted npm package. Users who are not authenticated and authorized will see npm `404 Not Found` errors that can look like the package or organization does not exist.
-## Current Safety State
-`package.json` includes:
-```json
-"publishConfig": {
-  "access": "restricted",
-  "registry": "https://registry.npmjs.org/"
-}
-```
-Restricted access is the npm setting required for a private scoped package.
-## Confirm Current Access
-Log in:
-```bash
-npm login
-npm whoami
-```
-Check organization or scope access:
-```bash
-npm org ls aimlsuperagent
-npm team ls aimlsuperagent
-npm team ls aimlsuperagent:developers
-npm access get status @aimlsuperagent/agent
-npm access list packages aimlsuperagent:developers
-```
-Expected current shape:
-- package status: `private`
-- org owner: `aimlnexus`
-- install team: `aimlsuperagent:developers`
-- team package access: `@aimlsuperagent/agent` read-only
-## Add A Private Package User
-Use the person's npm username, not their email address.
-```bash
-npm org set aimlsuperagent npm_username developer
-npm team add aimlsuperagent:developers npm_username
-```
-The user must accept the npm organization invite, then run:
-```bash
-npm login
-npm i -g @aimlsuperagent/agent
-aiml-superagent --help
-```
-If they still see `404 Not Found`, they are either not logged in, have not accepted the org invite, are not in the `developers` team, or are using a different npm registry.
-## Dry Run
-Run:
-```bash
-npm run check:release
-npm run pack:dry-run
-```
-Review the file list. It should include docs, templates, examples, schemas, the CLI, and root operating files. It should not include secrets, local logs, or build output.
-## Publishing Procedure
-For a new private version:
-1. Bump the package version.
-2. Run:
-```bash
-npm run check:release
-npm run pack:dry-run
-npm publish --access restricted
-```
-Do not run `npm publish --access public`.
-## Trusted Publishing
-npm recommends Trusted Publishing for automation and CI/CD. This repository includes:
-```text
-.github/workflows/npm-publish.yml
-```
-Configure the trusted publisher in npm package settings:
-- Provider: GitHub Actions
-- Organization or user: `marvinbfreedman`
-- Repository: `aimlsuperagent`
-- Workflow filename: `npm-publish.yml`
-- Allowed action: `npm publish`
-After that, use GitHub Actions > Publish npm package > Run workflow. The workflow uses GitHub OIDC instead of a long-lived `NPM_TOKEN`.
-## Install
-Authorized users can install globally:
-```bash
-npm login
-npm i -g @aimlsuperagent/agent
-aiml-superagent --help
-```
-## Failure Rule
-If npm cannot confirm restricted/private access, do not publish. Keep using the private GitHub repo or a private tarball.