@wipcomputer/wip-ai-devops-toolbox 1.9.28 → 1.9.30

package/CHANGELOG.md

@@ -31,6 +31,76 @@
 
 
 
+
+## 1.9.30 (2026-03-15)
+
+# Release notes must be a file on disk
+
+**Date:** 2026-03-15
+
+## What changed
+
+wip-release no longer accepts the `--notes` flag. Release notes MUST come from a file on disk:
+
+1. `RELEASE-NOTES-v{version}.md` in repo root (auto-detected)
+2. `ai/dev-updates/YYYY-MM-DD--description.md` (auto-detected)
+3. `--notes-file=path` (explicit file path)
+
+If no file exists, the release is blocked. The gate scaffolds a template (`RELEASE-NOTES-v{version}.md`) so the agent has something to fill in.
+
+## Why
+
+The `--notes` flag was the root cause of every bad release note. Agents passed one-liners like `--notes="fix bug"` and the gate let them through. Even after we added length checks and changelog detection, agents found ways around it. The flag was an escape hatch that undermined the entire system.
+
+The file-on-disk requirement solves three problems:
+1. **Reviewability.** The file is on the branch. It shows up in the PR diff. Parker can read and approve the release notes before merge.
+2. **Quality.** Writing a file forces the agent to think about what changed and why. A flag encourages one-liners.
+3. **History.** The file is committed to git. The release notes are part of the repo history, not a transient CLI argument.
+
+## What agents need to do
+
+Before running `wip-release`:
+1. Write `RELEASE-NOTES-v{version}.md` or `ai/dev-updates/YYYY-MM-DD--description.md`
+2. Commit it on the branch
+3. The file shows up in the PR for review
+4. After merge to main, `wip-release` auto-detects it
+
+If the agent forgets, `wip-release` blocks and scaffolds a template.
+
+## 1.9.29 (2026-03-15)
+
+# Release notes must be a file on disk
+
+**Date:** 2026-03-15
+
+## What changed
+
+wip-release no longer accepts the `--notes` flag. Release notes MUST come from a file on disk:
+
+1. `RELEASE-NOTES-v{version}.md` in repo root (auto-detected)
+2. `ai/dev-updates/YYYY-MM-DD--description.md` (auto-detected)
+3. `--notes-file=path` (explicit file path)
+
+If no file exists, the release is blocked. The gate scaffolds a template (`RELEASE-NOTES-v{version}.md`) so the agent has something to fill in.
+
+## Why
+
+The `--notes` flag was the root cause of every bad release note. Agents passed one-liners like `--notes="fix bug"` and the gate let them through. Even after we added length checks and changelog detection, agents found ways around it. The flag was an escape hatch that undermined the entire system.
+
+The file-on-disk requirement solves three problems:
+1. **Reviewability.** The file is on the branch. It shows up in the PR diff. Parker can read and approve the release notes before merge.
+2. **Quality.** Writing a file forces the agent to think about what changed and why. A flag encourages one-liners.
+3. **History.** The file is committed to git. The release notes are part of the repo history, not a transient CLI argument.
+
+## What agents need to do
+
+Before running `wip-release`:
+1. Write `RELEASE-NOTES-v{version}.md` or `ai/dev-updates/YYYY-MM-DD--description.md`
+2. Commit it on the branch
+3. The file shows up in the PR for review
+4. After merge to main, `wip-release` auto-detects it
+
+If the agent forgets, `wip-release` blocks and scaffolds a template.
 
 ## 1.9.28 (2026-03-15)
 

package/SKILL.md

@@ -5,7 +5,7 @@ license: MIT
 interface: [cli, module, mcp, skill, hook, plugin]
 metadata:
   display-name: "WIP AI DevOps Toolbox"
-  version: "1.9.28"
+  version: "1.9.30"
   homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
   author: "Parker Todd Brooks"
   category: dev-tools

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/tools/deploy-public/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/deploy-public",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "Private-to-public repo sync. Excludes ai/ folder, creates PR, merges, cleans up branches.",
   "bin": {
     "deploy-public": "./deploy-public.sh"

package/tools/post-merge-rename/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/post-merge-rename",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "Post-merge branch renaming. Appends --merged-YYYY-MM-DD to preserve history.",
   "bin": {
     "post-merge-rename": "./post-merge-rename.sh"

package/tools/wip-branch-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-branch-guard",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "PreToolUse hook that blocks all writes on main branch. Forces agents to work on branches or worktrees.",
   "type": "module",
   "main": "guard.mjs",

package/tools/wip-file-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-license-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-guard",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "License compliance for your own repos. Ensures correct copyright, dual-license blocks, and LICENSE files.",
   "type": "module",
   "bin": {

package/tools/wip-license-hook/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-hook",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "License rug-pull detection and dependency license compliance for open source projects",
   "type": "module",
   "main": "dist/cli/index.js",

package/tools/wip-readme-format/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-readme-format",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "Reformat any repo's README to follow the WIP Computer standard. Agent-first, human-readable.",
   "type": "module",
   "bin": {

package/tools/wip-release/cli.js

@@ -119,12 +119,12 @@ Flags:
   --skip-stale-check       Skip stale remote branch check
   --skip-worktree-check    Skip worktree guard (allow release from worktree)
 
-Release notes (highest priority wins, files ALWAYS beat --notes flag):
-  1. --notes-file=path          Explicit file path (always wins)
-  2. RELEASE-NOTES-v{ver}.md    In repo root (wins over --notes)
-  3. ai/dev-updates/YYYY-MM-DD* Today's dev update (wins over --notes if longer)
-  4. --notes="text"             Fallback only (use for repos without release notes files)
-  Written notes on disk always take priority over a CLI one-liner.
+Release notes (REQUIRED, must be a file on disk):
+  1. --notes-file=path          Explicit file path
+  2. RELEASE-NOTES-v{ver}.md    In repo root (auto-detected)
+  3. ai/dev-updates/YYYY-MM-DD* Today's dev update (auto-detected)
+  The --notes flag is NOT accepted. Write a file. Commit it on your branch.
+  The file shows up in the PR diff so it can be reviewed before merge.
 
 Skill publish to website:
   Add .publish-skill.json to repo root: { "name": "my-tool" }

package/tools/wip-release/core.mjs

@@ -227,28 +227,38 @@ function checkReleaseNotes(notes, notesSource, level) {
   const issues = [];
 
   if (!notes) {
-    issues.push('No release notes provided. Write a RELEASE-NOTES-v{version}.md or ai/dev-updates/ file.');
+    issues.push('No release notes found. A file is REQUIRED.');
+    issues.push('Write RELEASE-NOTES-v{version}.md or ai/dev-updates/YYYY-MM-DD--description.md');
+    issues.push('Commit it on your branch so it is reviewable in the PR.');
     return { ok: false, issues, block: true };
   }
 
-  // Notes too short. All levels blocked.
-  if (notes.length < 50) {
-    issues.push('Release notes are too short (under 50 chars). Explain what changed and why.');
-    issues.push('Write a RELEASE-NOTES-v{version}.md or ai/dev-updates/ file.');
+  // HARD RULE: release notes must come from a file on disk.
+  // --notes flag is NOT accepted. Write a file. Commit it. Review it.
+  if (notesSource === 'flag') {
+    issues.push('Release notes must come from a file, not the --notes flag.');
+    issues.push('Write RELEASE-NOTES-v{version}.md or ai/dev-updates/YYYY-MM-DD--description.md');
+    issues.push('Commit it on your branch so it is reviewable in the PR before merge.');
+    return { ok: false, issues, block: true };
   }
 
-  // Bare --notes flag for minor/major is never acceptable.
-  if (notesSource === 'flag' && (level === 'minor' || level === 'major')) {
-    issues.push('Minor/major releases require a file, not --notes flag.');
-    issues.push('Write RELEASE-NOTES-v{version}.md (dashes not dots) and commit it.');
+  // Notes too short.
+  if (notes.length < 50) {
+    issues.push('Release notes are too short (under 50 chars). Explain what changed and why.');
   }
 
-  // Check for changelog-style one-liners regardless of source
+  // Check for changelog-style one-liners
   const looksLikeChangelog = /^(fix|add|update|remove|bump|chore|refactor|docs?)[\s:]/i.test(notes);
   if (looksLikeChangelog && notes.length < 100) {
     issues.push('Notes look like a changelog entry, not a narrative. Explain the impact.');
   }
 
+  // Release notes should reference at least one issue
+  const hasIssueRef = /#\d+/.test(notes);
+  if (!hasIssueRef) {
+    issues.push('No issue reference found (#XX). Every release should close or reference an issue.');
+  }
+
   return { ok: issues.length === 0, issues, block: issues.length > 0 };
 }
 
@@ -264,6 +274,19 @@ export function scaffoldReleaseNotes(repoPath, version) {
   const pkg = JSON.parse(readFileSync(join(repoPath, 'package.json'), 'utf8'));
   const name = pkg.name?.replace(/^@[^/]+\//, '') || basename(repoPath);
 
+  // Auto-detect issue references from commits since last tag
+  let issueRefs = '';
+  try {
+    const lastTag = execFileSync('git', ['describe', '--tags', '--abbrev=0'],
+      { cwd: repoPath, encoding: 'utf8' }).trim();
+    const log = execFileSync('git', ['log', `${lastTag}..HEAD`, '--oneline'],
+      { cwd: repoPath, encoding: 'utf8' });
+    const issues = [...new Set(log.match(/#\d+/g) || [])];
+    if (issues.length > 0) {
+      issueRefs = issues.map(i => `- ${i}`).join('\n');
+    }
+  } catch {}
+
   const template = `# Release Notes: ${name} v${version}
 
 **One-line summary of what this release does**
@@ -279,6 +302,10 @@ Describe the changes. Not a commit list. Explain:
 
 What problem does this solve? What was broken or missing?
 
+## Issues closed
+
+${issueRefs || '- #XX (replace with actual issue numbers)'}
+
 ## How to verify
 
 \`\`\`bash
@@ -495,6 +522,23 @@ export function createGitHubRelease(repoPath, newVersion, notes, currentVersion)
         console.warn(`  ! GitHub release body is only ${bodyLen} chars. Notes may be truncated.`);
       }
     } catch {}
+
+    // Auto-close referenced issues
+    const issueNums = [...new Set((body.match(/#(\d+)/g) || []).map(m => m.slice(1)))];
+    for (const num of issueNums) {
+      try {
+        // Only close if issue exists and is open on the public repo
+        const publicSlug = repoSlug.replace(/-private$/, '');
+        execFileSync('gh', [
+          'issue', 'close', num,
+          '--repo', publicSlug,
+          '--comment', `Closed by v${newVersion}. See release notes.`
+        ], { cwd: repoPath, stdio: 'pipe' });
+        console.log(`  ✓ Closed #${num} on ${publicSlug}`);
+      } catch {
+        // Issue doesn't exist on public repo or already closed. Fine.
+      }
+    }
   } finally {
     try { execFileSync('rm', ['-f', tmpFile]); } catch {}
   }

package/tools/wip-release/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-release",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "One-command release pipeline. Bumps version, updates changelog + SKILL.md, publishes to npm + GitHub.",
   "main": "core.mjs",

package/tools/wip-repo-init/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-init",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "description": "Scaffold the standard ai/ directory structure in any repo",
   "type": "module",
   "bin": {

package/tools/wip-repo-permissions-hook/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-permissions-hook",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
   "main": "core.mjs",

package/tools/wip-repos/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repos",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "Repo manifest reconciler. Single source of truth for repo organization. Like prettier for folder structure.",
   "main": "core.mjs",

package/tools/wip-universal-installer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/universal-installer",
-  "version": "1.9.28",
+  "version": "1.9.30",
   "type": "module",
   "description": "The Universal Interface specification for agent-native software. Teaches your AI how to build repos with every interface: CLI, Module, MCP Server, OpenClaw Plugin, Skill, Claude Code Hook.",
   "main": "detect.mjs",