@dylanrussell/agent-router 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -206,6 +206,51 @@ pnpm test
206
206
  pnpm build
207
207
  ```
208
208
 
209
+ ### Making changes & releasing
210
+
211
+ You never run `npm publish` or touch an npm token. The only npm command in the loop is `npm version` (a local file-edit + git-commit helper), and even that is wrapped by the release script.
212
+
213
+ #### One-time setup (already done for this repo)
214
+
215
+ Publishing uses npm **Trusted Publishing (OIDC)** — no `NPM_TOKEN` secret is stored. The `Release` workflow mints a short-lived OIDC token that npm trusts because this repo is registered as a trusted publisher on npmjs.com. If a release ever fails with a 403/404 on the publish step, register the trusted publisher on npmjs.com → package settings → *Trusted Publishers* → add:
216
+
217
+ - Repository: `dylanrussellmd/agent-router`
218
+ - Workflow filename: `release.yml`
219
+ - Environment: *(leave blank)*
220
+
221
+ #### The workflow
222
+
223
+ ```sh
224
+ # 1. Make your changes on main (or a PR, merged to main).
225
+ pnpm test # full gate: lint + typecheck + build + test + coverage
226
+ git add -A && git commit # commit your changes
227
+ git push # push to main (CI runs the gate on node 20 + 22)
228
+
229
+ # 2. Cut a release. The script:
230
+ # - refuses if main is dirty or out of sync with origin
231
+ # - bumps package.json + src/version.ts (via the `version` hook)
232
+ # - commits both as "<new-version>", tags vX.Y.Z
233
+ # - pushes main + the tag
234
+ ./scripts/release.sh patch # 1.0.2 → 1.0.3
235
+ # ./scripts/release.sh minor # 1.0.2 → 1.1.0
236
+ # ./scripts/release.sh major # 1.0.2 → 2.0.0
237
+ # ./scripts/release.sh 1.5.0 # explicit version
238
+
239
+ # 3. Done. The Release workflow picks up the tag, re-runs the full gate,
240
+ # and publishes to npm with signed build provenance. Watch it:
241
+ # https://github.com/dylanrussellmd/agent-router/actions/workflows/release.yml
242
+ ```
243
+
244
+ #### What the release script guards against
245
+
246
+ - **Dirty work tree** — uncommitted changes would get swept into the version commit or left behind.
247
+ - **Wrong branch** — refuses to cut a release from anything but `main`.
248
+ - **Diverged main** — local `main` must match `origin/main` so the tag lands on a commit the runner can check out.
249
+
250
+ #### How the version stays in sync
251
+
252
+ `package.json` and `src/version.ts` must always agree. `scripts/sync-version.mjs` runs as the npm `version` lifecycle hook during `./scripts/release.sh`: after `npm version` bumps `package.json`, the hook rewrites `src/version.ts` to match and stages it, so both files land in the same commit. The Release workflow also verifies the tag (`vX.Y.Z`) matches `package.json` `version` exactly, failing loudly if they drift.
253
+
209
254
  ## License
210
255
 
211
256
  MIT — see [LICENSE](./LICENSE).
package/dist/cli.js CHANGED
@@ -16551,7 +16551,7 @@ async function exportStack(paths, name, toFile) {
16551
16551
  }
16552
16552
 
16553
16553
  // src/version.ts
16554
- var VERSION = "1.0.1";
16554
+ var VERSION = "1.0.4";
16555
16555
 
16556
16556
  // src/cli.ts
16557
16557
  var log = (...args) => console.log(...args);