@bodhi-ventures/aiocs 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +105 -60
- package/dist/{chunk-AJ5NZDK4.js → chunk-M7YEYMJL.js} +1094 -261
- package/dist/cli.js +14 -2
- package/dist/mcp-server.js +22 -4
- package/docs/README.md +2 -2
- package/docs/codex-integration.md +33 -19
- package/docs/json-contract.md +21 -3
- package/package.json +20 -20
- package/skills/aiocs/SKILL.md +25 -38
- package/skills/aiocs-curation/SKILL.md +110 -0
- package/sources/nktkas-hyperliquid.yaml +30 -0
- package/docs/2026-03-26-agent-json-and-daemon-design.md +0 -157
- package/docs/2026-03-28-hybrid-search-design.md +0 -423
- package/docs/examples/codex-agents/aiocs-docs-specialist.example.toml +0 -21
- package/docs/superpowers/specs/2026-03-29-tag-driven-release-pipeline-design.md +0 -135
|
@@ -1,135 +0,0 @@
|
|
|
1
|
-
# Tag-Driven Release Pipeline Design
|
|
2
|
-
|
|
3
|
-
## Summary
|
|
4
|
-
|
|
5
|
-
`aiocs` should release as the public scoped npm package `@bodhi-ventures/aiocs` through a stable, tag-driven GitHub Actions workflow. The repository remains the source of truth for versioning. Releases are created only from pushed stable tags of the form `vX.Y.Z`.
|
|
6
|
-
|
|
7
|
-
The workflow must never mutate git state. It should validate the tag against `package.json`, run the full release verification stack, publish publicly to npm with provenance, and create a GitHub release from the same tag.
|
|
8
|
-
|
|
9
|
-
## Goals
|
|
10
|
-
|
|
11
|
-
- publish `aiocs` publicly under `@bodhi-ventures/aiocs`
|
|
12
|
-
- eliminate workflow-managed version bumps, commits, and tag creation
|
|
13
|
-
- remove improvised git author configuration from the release workflow
|
|
14
|
-
- make the release contract deterministic and easy to reason about
|
|
15
|
-
- keep CI and release validation aligned with the actual shipped package surface
|
|
16
|
-
|
|
17
|
-
## Non-Goals
|
|
18
|
-
|
|
19
|
-
- prerelease publishing
|
|
20
|
-
- automatic releases from `main`
|
|
21
|
-
- workspace/multi-package publishing
|
|
22
|
-
- alternative binary distribution outside npm
|
|
23
|
-
|
|
24
|
-
## Current State
|
|
25
|
-
|
|
26
|
-
- `package.json` still uses the unscoped package name `aiocs`
|
|
27
|
-
- the current release workflow is `workflow_dispatch`-driven
|
|
28
|
-
- the workflow edits `package.json`, creates commits and tags, and configures a bot git identity
|
|
29
|
-
- release automation is more complex than necessary and mixes version mutation with publishing
|
|
30
|
-
|
|
31
|
-
## Chosen Design
|
|
32
|
-
|
|
33
|
-
### Package Identity
|
|
34
|
-
|
|
35
|
-
- rename the npm package to `@bodhi-ventures/aiocs`
|
|
36
|
-
- keep the package public
|
|
37
|
-
- keep CLI command names unchanged:
|
|
38
|
-
- `docs`
|
|
39
|
-
- `aiocs-mcp`
|
|
40
|
-
- add explicit `publishConfig`:
|
|
41
|
-
- `access: public`
|
|
42
|
-
- `provenance: true`
|
|
43
|
-
|
|
44
|
-
### Release Trigger
|
|
45
|
-
|
|
46
|
-
- release workflow triggers only on pushed stable semver tags matching `v*.*.*`
|
|
47
|
-
- the tag version must match `package.json.version` exactly
|
|
48
|
-
- only stable releases are supported; prerelease tags are rejected
|
|
49
|
-
|
|
50
|
-
### Release Workflow Behavior
|
|
51
|
-
|
|
52
|
-
- check out the tagged revision
|
|
53
|
-
- install dependencies and release prerequisites
|
|
54
|
-
- fail fast unless all of these are true:
|
|
55
|
-
- tag matches `vX.Y.Z`
|
|
56
|
-
- `package.json.version === X.Y.Z`
|
|
57
|
-
- `package.json.name === @bodhi-ventures/aiocs`
|
|
58
|
-
- run full release validation:
|
|
59
|
-
- `pnpm lint`
|
|
60
|
-
- `pnpm test`
|
|
61
|
-
- `pnpm build`
|
|
62
|
-
- `npm pack --dry-run`
|
|
63
|
-
- built CLI smoke, at minimum `node dist/cli.js --version`
|
|
64
|
-
- publish to npm with the existing `NPM_TOKEN` org secret
|
|
65
|
-
- create a GitHub release for the pushed tag
|
|
66
|
-
- if a GitHub release already exists for that tag, do not recreate it
|
|
67
|
-
|
|
68
|
-
### Rerun and Partial-Failure Policy
|
|
69
|
-
|
|
70
|
-
Tag releases must be safely rerunnable.
|
|
71
|
-
|
|
72
|
-
- `workflow_dispatch` is removed entirely; tag pushes are the only release trigger
|
|
73
|
-
- if a rerun sees that `@bodhi-ventures/aiocs@X.Y.Z` is already published on npm, it must skip `npm publish` instead of failing
|
|
74
|
-
- if a rerun sees that the GitHub release for `vX.Y.Z` already exists, it must skip release creation instead of failing
|
|
75
|
-
- validation steps always run on every attempt, even when publish/release steps are skipped
|
|
76
|
-
- if npm already contains `@bodhi-ventures/aiocs@X.Y.Z` but the checked-out tag does not match `package.json.version === X.Y.Z` or `package.json.name === @bodhi-ventures/aiocs`, the workflow must fail fast
|
|
77
|
-
- the workflow should treat npm and GitHub release publication as independently idempotent so a partial success can be completed by rerunning the same tag job
|
|
78
|
-
|
|
79
|
-
### Git Behavior
|
|
80
|
-
|
|
81
|
-
- the workflow never edits files
|
|
82
|
-
- the workflow never commits
|
|
83
|
-
- the workflow never creates tags
|
|
84
|
-
- the workflow never configures a synthetic git author
|
|
85
|
-
|
|
86
|
-
Version bumps happen in normal development flow:
|
|
87
|
-
|
|
88
|
-
1. update `package.json.version`
|
|
89
|
-
2. commit the version bump
|
|
90
|
-
3. create tag `vX.Y.Z`
|
|
91
|
-
4. push commit and tag
|
|
92
|
-
|
|
93
|
-
## CI Alignment
|
|
94
|
-
|
|
95
|
-
CI remains the pre-release gate and should stay close to the release workflow:
|
|
96
|
-
|
|
97
|
-
- install dependencies
|
|
98
|
-
- install Playwright Chromium
|
|
99
|
-
- run lint, tests, build, and `npm pack --dry-run`
|
|
100
|
-
- validate Docker image and compose config
|
|
101
|
-
- smoke test the packaged CLI surface
|
|
102
|
-
|
|
103
|
-
CI should also assert package metadata consistency where useful, especially the scoped package name.
|
|
104
|
-
|
|
105
|
-
## Documentation Changes
|
|
106
|
-
|
|
107
|
-
Update repository docs to reflect the scoped public package and release process:
|
|
108
|
-
|
|
109
|
-
- install command becomes `npm install -g @bodhi-ventures/aiocs`
|
|
110
|
-
- add a short release section to the README describing the tag-based flow
|
|
111
|
-
- keep the CLI-facing command examples unchanged
|
|
112
|
-
|
|
113
|
-
## Risks
|
|
114
|
-
|
|
115
|
-
- npm org publishing can still fail if org/package permissions are not configured correctly on npmjs
|
|
116
|
-
- the first release is the highest-risk run because the scoped package has not been proven yet
|
|
117
|
-
- GitHub Actions can only validate the workflow structure locally; final proof requires one live tag release
|
|
118
|
-
|
|
119
|
-
## Acceptance Criteria
|
|
120
|
-
|
|
121
|
-
- `package.json` is updated to `@bodhi-ventures/aiocs`
|
|
122
|
-
- release workflow triggers on stable tags only
|
|
123
|
-
- release workflow does not mutate git state
|
|
124
|
-
- release workflow validates tag/version/name consistency before publishing
|
|
125
|
-
- README/install docs reference the scoped package name
|
|
126
|
-
- local verification passes on the updated tree:
|
|
127
|
-
- lint
|
|
128
|
-
- tests
|
|
129
|
-
- build
|
|
130
|
-
- `npm pack --dry-run`
|
|
131
|
-
- the first real release can be executed by bumping version, pushing a `vX.Y.Z` tag, and observing npm + GitHub release creation
|
|
132
|
-
|
|
133
|
-
## Follow-Up
|
|
134
|
-
|
|
135
|
-
After implementation, do one real tagged stable release to prove the pipeline end to end.
|