@orderful/droid 0.55.1 → 0.55.2

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @orderful/droid
 
+## 0.55.2
+
+### Patch Changes
+
+- [#335](https://github.com/Orderful/droid/pull/335) [`92b08af`](https://github.com/Orderful/droid/commit/92b08afeab65ad2e33c0e2b6735deff95927c2a1) Thanks [@frytyler](https://github.com/frytyler)! - release: only auto-lock branch on high-risk releases. Low-risk releases no longer attempt to lock the branch by default. Use `--lock` flag or select High Risk to trigger auto-lock.
+
 ## 0.55.1
 
 ### Patch Changes

package/dist/tools/release/skills/release/SKILL.md

@@ -27,7 +27,7 @@ Automate dev → master release ceremonies: create release PRs, lock branches du
 
 1. **`gh` CLI** — authenticated with access to target repos
 2. **Slack integration** — `droid integrations slack post` configured (optional, falls back to terminal)
-3. **`branch-lock.yml`** — GitHub Action deployed to target repo (required for auto-lock on start + lock/unlock commands)
+3. **`branch-lock.yml`** — GitHub Action deployed to target repo (required for high-risk auto-lock + lock/unlock commands)
 
 ## Configuration
 
@@ -47,7 +47,7 @@ If no repos have `release_branch` set, tell user:
 
 ## Custom Instructions
 
-Any command accepts a ` -- {instruction}` suffix. Split on the **first** ` -- ` (space-dash-dash-space): left is the command and its args, right is additional context or instruction to carry through the entire execution. Note: flag-style `--no-lock` uses `--flag` syntax (no surrounding spaces) and is distinct from this separator.
+Any command accepts a ` -- {instruction}` suffix. Split on the **first** ` -- ` (space-dash-dash-space): left is the command and its args, right is additional context or instruction to carry through the entire execution. Note: flag-style `--lock` uses `--flag` syntax (no surrounding spaces) and is distinct from this separator.
 
 Example: `/release start -- notify #releases-eng channel instead of the default`
 
@@ -55,7 +55,7 @@ Example: `/release start -- notify #releases-eng channel instead of the default`
 
 | Command | Action |
 |---------|--------|
-| `/release start [repo] [--no-lock]` | Create release PR + auto-lock branch + notify Slack |
+| `/release start [repo] [--lock]` | Create release PR + notify Slack (auto-locks on high-risk or `--lock`) |
 | `/release merge [repo]` | Merge release PR (only if checks pass) + notify Slack |
 | `/release lock [repo]` | Lock release branch (confirms first) |
 | `/release unlock [repo]` | Unlock release branch |

package/dist/tools/release/skills/release/references/templates.md

@@ -21,7 +21,7 @@ All Slack messages are posted via `droid integrations slack post`. Format as Sla
 Posted with :droid:
 ```
 
-If `--no-lock` was used, omit the lock line.
+Only include the lock line if the branch was actually locked (high-risk release, high-risk PRs detected, or `--lock` flag). Omit it for low-risk releases without locking.
 
 If `HIGH_RISK_PRS` is non-empty, append the following block after `{pr_summary}` (before `Posted with :droid:`):
 ```
@@ -135,7 +135,7 @@ Release open for review — {repo_name}
   Lock: {release_branch} locked (no merges until release completes)
 ```
 
-If `--no-lock` was used, omit the Lock line.
+Only include the Lock line if the branch was actually locked. Omit it for low-risk releases without locking.
 
 If `HIGH_RISK_PRS` is non-empty, append:
 ```

package/dist/tools/release/skills/release/references/workflows.md

@@ -25,11 +25,11 @@ git -C {repo_path} remote get-url origin
 
 ---
 
-## `/release start [repo] [--no-lock]`
+## `/release start [repo] [--lock]`
 
-Create a release PR, auto-lock the release branch, and notify Slack.
+Create a release PR and notify Slack.
 
-**Auto-lock is on by default.** The branch is locked immediately after the PR is created to prevent blind merges during CI. Pass `--no-lock` (or natural language like "start without locking") to skip.
+**Auto-lock is off by default.** The branch is only locked automatically for **high-risk** releases (user selects "High Risk" at the risk prompt, or `HIGH_RISK_PRS` are detected). Pass `--lock` (or natural language like "start and lock") to force locking on any release.
 
 ### Steps
 
@@ -82,7 +82,7 @@ Create a release PR, auto-lock the release branch, and notify Slack.
 
    See `templates.md` for the PR body template.
 
-6. **Auto-lock branch** (unless `--no-lock`):
+6. **Auto-lock branch** (only if risk is **High Risk**, `HIGH_RISK_PRS` is non-empty, or `--lock` was passed):
    ```bash
    gh workflow run branch-lock.yml \
      -f action=lock \
@@ -97,6 +97,8 @@ Create a release PR, auto-lock the release branch, and notify Slack.
    If `branch-lock.yml` is not found in the repo, warn but don't fail:
    "Could not auto-lock — `branch-lock.yml` not found in `{repo_name}`. Use `/release lock` manually after adding the workflow."
 
+   **Skip this step entirely for low-risk releases without `--lock`.**
+
 7. **Post to Slack:**
    ```bash
    node -e 'process.stdout.write(JSON.stringify({
@@ -150,7 +152,7 @@ Merge the release PR if all checks are green, then notify Slack.
 
 ## `/release lock [repo]`
 
-Manually lock the release branch. Use when you need to lock outside of `/release start` (which auto-locks).
+Manually lock the release branch. Use when you need to lock a low-risk release, or lock outside of `/release start`.
 
 ### Steps
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@orderful/droid",
-  "version": "0.55.1",
+  "version": "0.55.2",
   "description": "AI workflow toolkit for sharing skills, commands, and agents across the team",
   "type": "module",
   "bin": {

package/src/tools/release/skills/release/SKILL.md

@@ -27,7 +27,7 @@ Automate dev → master release ceremonies: create release PRs, lock branches du
 
 1. **`gh` CLI** — authenticated with access to target repos
 2. **Slack integration** — `droid integrations slack post` configured (optional, falls back to terminal)
-3. **`branch-lock.yml`** — GitHub Action deployed to target repo (required for auto-lock on start + lock/unlock commands)
+3. **`branch-lock.yml`** — GitHub Action deployed to target repo (required for high-risk auto-lock + lock/unlock commands)
 
 ## Configuration
 
@@ -47,7 +47,7 @@ If no repos have `release_branch` set, tell user:
 
 ## Custom Instructions
 
-Any command accepts a ` -- {instruction}` suffix. Split on the **first** ` -- ` (space-dash-dash-space): left is the command and its args, right is additional context or instruction to carry through the entire execution. Note: flag-style `--no-lock` uses `--flag` syntax (no surrounding spaces) and is distinct from this separator.
+Any command accepts a ` -- {instruction}` suffix. Split on the **first** ` -- ` (space-dash-dash-space): left is the command and its args, right is additional context or instruction to carry through the entire execution. Note: flag-style `--lock` uses `--flag` syntax (no surrounding spaces) and is distinct from this separator.
 
 Example: `/release start -- notify #releases-eng channel instead of the default`
 
@@ -55,7 +55,7 @@ Example: `/release start -- notify #releases-eng channel instead of the default`
 
 | Command | Action |
 |---------|--------|
-| `/release start [repo] [--no-lock]` | Create release PR + auto-lock branch + notify Slack |
+| `/release start [repo] [--lock]` | Create release PR + notify Slack (auto-locks on high-risk or `--lock`) |
 | `/release merge [repo]` | Merge release PR (only if checks pass) + notify Slack |
 | `/release lock [repo]` | Lock release branch (confirms first) |
 | `/release unlock [repo]` | Unlock release branch |

package/src/tools/release/skills/release/references/templates.md

@@ -21,7 +21,7 @@ All Slack messages are posted via `droid integrations slack post`. Format as Sla
 Posted with :droid:
 ```
 
-If `--no-lock` was used, omit the lock line.
+Only include the lock line if the branch was actually locked (high-risk release, high-risk PRs detected, or `--lock` flag). Omit it for low-risk releases without locking.
 
 If `HIGH_RISK_PRS` is non-empty, append the following block after `{pr_summary}` (before `Posted with :droid:`):
 ```
@@ -135,7 +135,7 @@ Release open for review — {repo_name}
   Lock: {release_branch} locked (no merges until release completes)
 ```
 
-If `--no-lock` was used, omit the Lock line.
+Only include the Lock line if the branch was actually locked. Omit it for low-risk releases without locking.
 
 If `HIGH_RISK_PRS` is non-empty, append:
 ```

package/src/tools/release/skills/release/references/workflows.md

@@ -25,11 +25,11 @@ git -C {repo_path} remote get-url origin
 
 ---
 
-## `/release start [repo] [--no-lock]`
+## `/release start [repo] [--lock]`
 
-Create a release PR, auto-lock the release branch, and notify Slack.
+Create a release PR and notify Slack.
 
-**Auto-lock is on by default.** The branch is locked immediately after the PR is created to prevent blind merges during CI. Pass `--no-lock` (or natural language like "start without locking") to skip.
+**Auto-lock is off by default.** The branch is only locked automatically for **high-risk** releases (user selects "High Risk" at the risk prompt, or `HIGH_RISK_PRS` are detected). Pass `--lock` (or natural language like "start and lock") to force locking on any release.
 
 ### Steps
 
@@ -82,7 +82,7 @@ Create a release PR, auto-lock the release branch, and notify Slack.
 
    See `templates.md` for the PR body template.
 
-6. **Auto-lock branch** (unless `--no-lock`):
+6. **Auto-lock branch** (only if risk is **High Risk**, `HIGH_RISK_PRS` is non-empty, or `--lock` was passed):
    ```bash
    gh workflow run branch-lock.yml \
      -f action=lock \
@@ -97,6 +97,8 @@ Create a release PR, auto-lock the release branch, and notify Slack.
    If `branch-lock.yml` is not found in the repo, warn but don't fail:
    "Could not auto-lock — `branch-lock.yml` not found in `{repo_name}`. Use `/release lock` manually after adding the workflow."
 
+   **Skip this step entirely for low-risk releases without `--lock`.**
+
 7. **Post to Slack:**
    ```bash
    node -e 'process.stdout.write(JSON.stringify({
@@ -150,7 +152,7 @@ Merge the release PR if all checks are green, then notify Slack.
 
 ## `/release lock [repo]`
 
-Manually lock the release branch. Use when you need to lock outside of `/release start` (which auto-locks).
+Manually lock the release branch. Use when you need to lock a low-risk release, or lock outside of `/release start`.
 
 ### Steps