npm - @wipcomputer/wip-ai-devops-toolbox - Versions diffs - 1.9.33 → 1.9.35 - Mend

@wipcomputer/wip-ai-devops-toolbox 1.9.33 → 1.9.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +34 -0
package/SKILL.md +1 -1
package/package.json +1 -1
package/scripts/deploy-public.sh +42 -2
package/tools/deploy-public/package.json +1 -1
package/tools/post-merge-rename/package.json +1 -1
package/tools/wip-branch-guard/guard.mjs +26 -6
package/tools/wip-branch-guard/package.json +1 -1
package/tools/wip-file-guard/package.json +1 -1
package/tools/wip-license-guard/package.json +1 -1
package/tools/wip-license-hook/package.json +1 -1
package/tools/wip-readme-format/package.json +1 -1
package/tools/wip-release/core.mjs +6 -10
package/tools/wip-release/package.json +1 -1
package/tools/wip-repo-init/package.json +1 -1
package/tools/wip-repo-permissions-hook/package.json +1 -1
package/tools/wip-repos/package.json +1 -1
package/tools/wip-universal-installer/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -31,6 +31,40 @@
+## 1.9.35 (2026-03-16)
+# GitHub Packages publish from public repo
+**Date:** 2026-03-16
+**Closes:** #193
+## What changed
+`deploy-public.sh` now publishes to GitHub Packages from the public repo clone after the npm publish step. Previously, GitHub Packages were only published from the private repo during `wip-release`, so they showed on the private repo's Packages tab. Users couldn't see them.
+Now packages show on the public repo's Packages tab where users expect to find them. Uses `gh auth token` for authentication (already available from the gh CLI).
+## Why
+The Packages tab on public repos was empty. Users visiting wipcomputer/wip-ldm-os or wipcomputer/wip-ai-devops-toolbox saw no packages even though they were published. The packages existed but were linked to the private repo.
+## 1.9.34 (2026-03-16)
+# GitHub Packages publish from public repo
+**Date:** 2026-03-16
+**Closes:** #193
+## What changed
+`deploy-public.sh` now publishes to GitHub Packages from the public repo clone after the npm publish step. Previously, GitHub Packages were only published from the private repo during `wip-release`, so they showed on the private repo's Packages tab. Users couldn't see them.
+Now packages show on the public repo's Packages tab where users expect to find them. Uses `gh auth token` for authentication (already available from the gh CLI).
+## Why
+The Packages tab on public repos was empty. Users visiting wipcomputer/wip-ldm-os or wipcomputer/wip-ai-devops-toolbox saw no packages even though they were published. The packages existed but were linked to the private repo.
 ## 1.9.33 (2026-03-15)

package/SKILL.md CHANGED Viewed

@@ -5,7 +5,7 @@ license: MIT
 interface: [cli, module, mcp, skill, hook, plugin]
 metadata:
   display-name: "WIP AI DevOps Toolbox"
-  version: "1.9.33"
+  version: "1.9.35"
   homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
   author: "Parker Todd Brooks"
   category: dev-tools

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/scripts/deploy-public.sh CHANGED Viewed

@@ -158,7 +158,14 @@ if $DRY_RUN; then
   exit 0
 fi
-git commit -m "$COMMIT_MSG (from $COMMIT_HASH)"
+git commit -m "$(cat <<COMMITEOF
+$COMMIT_MSG (from $COMMIT_HASH)
+Co-Authored-By: Parker Todd Brooks <parkertoddbrooks@users.noreply.github.com>
+Co-Authored-By: Lēsa <lesaai@icloud.com>
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+COMMITEOF
+)"
 if [[ "$EMPTY_REPO" == "true" ]]; then
   # Empty repo: push directly to main (no base branch to PR against)
@@ -285,7 +292,40 @@ if [[ -n "${VERSION:-}" ]]; then
         done
       fi
-      cd - > /dev/null
+      # Publish to GitHub Packages from public repo (#193)
+      echo "Publishing to GitHub Packages from public repo..."
+      GH_TOKEN=$(gh auth token 2>/dev/null || echo "")
+      if [[ -n "$GH_TOKEN" ]]; then
+        cd "$NPM_TMPDIR/public"
+        # Root package
+        if [[ "$IS_PRIVATE" != "true" ]]; then
+          echo "//npm.pkg.github.com/:_authToken=${GH_TOKEN}" > .npmrc
+          npm publish --registry https://npm.pkg.github.com/ --access public 2>/dev/null && echo "  ✓ Published root to GitHub Packages" || echo "  ✗ Root GitHub Packages publish failed (non-fatal)"
+          rm -f .npmrc
+        fi
+        # Sub-tools
+        if [[ -d "tools" ]]; then
+          for TOOL_DIR in tools/*/; do
+            if [[ -f "${TOOL_DIR}package.json" ]]; then
+              TOOL_PRIVATE=$(node -p "require('./${TOOL_DIR}package.json').private || false" 2>/dev/null)
+              if [[ "$TOOL_PRIVATE" != "true" ]]; then
+                TOOL_NAME=$(node -p "require('./${TOOL_DIR}package.json').name" 2>/dev/null)
+                echo "//npm.pkg.github.com/:_authToken=${GH_TOKEN}" > "${TOOL_DIR}.npmrc"
+                (cd "$TOOL_DIR" && npm publish --registry https://npm.pkg.github.com/ --access public 2>/dev/null) && echo "  ✓ Published $TOOL_NAME to GitHub Packages" || echo "  ✗ GitHub Packages failed for $TOOL_NAME (non-fatal)"
+                rm -f "${TOOL_DIR}.npmrc"
+              fi
+            fi
+          done
+        fi
+        cd - > /dev/null
+      else
+        echo "  ! gh auth token not found. Skipping GitHub Packages publish."
+      fi
+      cd - > /dev/null 2>/dev/null || true
     else
       echo "  ! npm Token not found in 1Password. Skipping npm publish."
     fi

package/tools/deploy-public/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/deploy-public",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "Private-to-public repo sync. Excludes ai/ folder, creates PR, merges, cleans up branches.",
   "bin": {
     "deploy-public": "./deploy-public.sh"

package/tools/post-merge-rename/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/post-merge-rename",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "Post-merge branch renaming. Appends --merged-YYYY-MM-DD to preserve history.",
   "bin": {
     "post-merge-rename": "./post-merge-rename.sh"

package/tools/wip-branch-guard/guard.mjs CHANGED Viewed

@@ -205,10 +205,30 @@ async function main() {
     repoDir = process.env.CWD || process.cwd();
   }
-  // Check if the target repo is on main
+  // Check if the target repo is on main AND if we're in a worktree
   const branch = getCurrentBranch(repoDir);
-  if (!branch || (branch !== 'main' && branch !== 'master')) {
-    // Not on main, allow everything
+  const worktree = isInWorktree(repoDir);
+  if (!branch) {
+    // Not in a git repo, allow
+    process.exit(0);
+  }
+  if (branch !== 'main' && branch !== 'master' && worktree) {
+    // On a branch AND in a worktree. Correct workflow. Allow.
+    process.exit(0);
+  }
+  if (branch !== 'main' && branch !== 'master' && !worktree) {
+    // On a branch but NOT in a worktree. Block writes.
+    const isWriteOp = WRITE_TOOLS.has(toolName) ||
+      (toolName === BASH_TOOL && command &&
+        BLOCKED_BASH_PATTERNS.some(p => p.test(command)) &&
+        !ALLOWED_BASH_PATTERNS.some(p => p.test(command)));
+    if (isWriteOp) {
+      deny(`BLOCKED: On branch "${branch}" but not in a worktree. Use: git worktree add ../my-worktree -b ${branch}`);
+      process.exit(0);
+    }
     process.exit(0);
   }
@@ -216,7 +236,7 @@ async function main() {
   // Block Write/Edit tools entirely on main
   if (WRITE_TOOLS.has(toolName)) {
-    deny(`BLOCKED: Cannot ${toolName} while on main branch. Create a branch first: git checkout -b cc-mini/your-feature. Or use a worktree.`);
+    deny(`BLOCKED: Cannot ${toolName} while on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
     process.exit(0);
   }
@@ -238,7 +258,7 @@ async function main() {
           if (ap.test(command)) { isAllowed = true; break; }
         }
         if (!isAllowed) {
-          deny(`BLOCKED: Cannot run "${command.substring(0, 60)}..." on main branch. Create a branch first.`);
+          deny(`BLOCKED: Cannot run "${command.substring(0, 60)}..." on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
           process.exit(0);
         }
       }
@@ -253,7 +273,7 @@ async function main() {
           if (ap.test(command)) { isAllowed = true; break; }
         }
         if (!isAllowed) {
-          deny(`BLOCKED: Cannot run file-modifying command on main branch. Create a branch first.`);
+          deny(`BLOCKED: Cannot run file-modifying command on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
           process.exit(0);
         }
       }

package/tools/wip-branch-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-branch-guard",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "PreToolUse hook that blocks all writes on main branch. Forces agents to work on branches or worktrees.",
   "type": "module",
   "main": "guard.mjs",

package/tools/wip-file-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-license-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-guard",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "License compliance for your own repos. Ensures correct copyright, dual-license blocks, and LICENSE files.",
   "type": "module",
   "bin": {

package/tools/wip-license-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-hook",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "License rug-pull detection and dependency license compliance for open source projects",
   "type": "module",
   "main": "dist/cli/index.js",

package/tools/wip-readme-format/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-readme-format",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "Reformat any repo's README to follow the WIP Computer standard. Agent-first, human-readable.",
   "type": "module",
   "bin": {

package/tools/wip-release/core.mjs CHANGED Viewed

@@ -941,7 +941,7 @@ export async function release({ repoPath, level, notes, notesSource, dryRun, noP
     console.log(`  [dry run] Would commit and tag v${newVersion}`);
     if (!noPublish) {
       console.log(`  [dry run] Would publish to npm (@wipcomputer scope)`);
-      console.log(`  [dry run] Would publish to GitHub Packages`);
+      console.log(`  [dry run] GitHub Packages: handled by deploy-public.sh`);
       console.log(`  [dry run] Would create GitHub release v${newVersion}`);
       if (hasSkill) console.log(`  [dry run] Would publish to ClawHub`);
       // Skill-to-website dry run (auto-detects SKILL.md, no config needed)
@@ -1043,15 +1043,11 @@ export async function release({ repoPath, level, notes, notesSource, dryRun, noP
       console.log(`  ✗ npm publish failed: ${e.message}`);
     }
-    // 7. GitHub Packages
-    try {
-      publishGitHubPackages(repoPath);
-      distResults.push({ target: 'GitHub Packages', status: 'ok', detail: `${newVersion}` });
-      console.log(`  ✓ Published to GitHub Packages`);
-    } catch (e) {
-      distResults.push({ target: 'GitHub Packages', status: 'failed', detail: e.message });
-      console.log(`  ✗ GitHub Packages publish failed: ${e.message}`);
-    }
+    // 7. GitHub Packages ... SKIPPED from private repos.
+    // deploy-public.sh publishes to GitHub Packages from the public repo clone.
+    // Publishing from private ties the package to the private repo, making it
+    // invisible on the public repo's Packages tab. (#53)
+    console.log(`  - GitHub Packages: handled by deploy-public.sh (from public repo)`);
     // 8. GitHub release
     try {

package/tools/wip-release/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-release",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "One-command release pipeline. Bumps version, updates changelog + SKILL.md, publishes to npm + GitHub.",
   "main": "core.mjs",

package/tools/wip-repo-init/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-init",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "description": "Scaffold the standard ai/ directory structure in any repo",
   "type": "module",
   "bin": {

package/tools/wip-repo-permissions-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-permissions-hook",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
   "main": "core.mjs",

package/tools/wip-repos/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repos",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "Repo manifest reconciler. Single source of truth for repo organization. Like prettier for folder structure.",
   "main": "core.mjs",

package/tools/wip-universal-installer/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/universal-installer",
-  "version": "1.9.33",
+  "version": "1.9.35",
   "type": "module",
   "description": "The Universal Interface specification for agent-native software. Teaches your AI how to build repos with every interface: CLI, Module, MCP Server, OpenClaw Plugin, Skill, Claude Code Hook.",
   "main": "detect.mjs",