@wipcomputer/wip-ai-devops-toolbox 1.9.36 → 1.9.37

package/CHANGELOG.md

@@ -31,6 +31,23 @@
 
 
 
+
+## 1.9.37 (2026-03-16)
+
+# GitHub Packages publish from public repo
+
+**Date:** 2026-03-16
+**Closes:** #193
+
+## What changed
+
+`deploy-public.sh` now publishes to GitHub Packages from the public repo clone after the npm publish step. Previously, GitHub Packages were only published from the private repo during `wip-release`, so they showed on the private repo's Packages tab. Users couldn't see them.
+
+Now packages show on the public repo's Packages tab where users expect to find them. Uses `gh auth token` for authentication (already available from the gh CLI).
+
+## Why
+
+The Packages tab on public repos was empty. Users visiting wipcomputer/wip-ldm-os or wipcomputer/wip-ai-devops-toolbox saw no packages even though they were published. The packages existed but were linked to the private repo.
 
 ## 1.9.36 (2026-03-16)
 

package/SKILL.md

@@ -5,7 +5,7 @@ license: MIT
 interface: [cli, module, mcp, skill, hook, plugin]
 metadata:
   display-name: "WIP AI DevOps Toolbox"
-  version: "1.9.36"
+  version: "1.9.37"
   homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
   author: "Parker Todd Brooks"
   category: dev-tools

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/scripts/deploy-public.sh

@@ -122,6 +122,12 @@ rsync -a \
 
 cd "$TMPDIR/public"
 
+# Rewrite package.json repository URL from private to public repo
+# GitHub Packages links packages to the repo in repository.url
+if [[ -f package.json ]] && grep -q "\-private" package.json 2>/dev/null; then
+  sed -i '' 's|-private\.git|.git|g; s|-private"|"|g' package.json
+fi
+
 # Check if there are changes
 if git diff --quiet HEAD -- 2>/dev/null && git diff --cached --quiet HEAD -- 2>/dev/null && [[ -z "$(git ls-files --others --exclude-standard)" ]]; then
   echo "No changes to deploy."

package/tools/deploy-public/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/deploy-public",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "Private-to-public repo sync. Excludes ai/ folder, creates PR, merges, cleans up branches.",
   "bin": {
     "deploy-public": "./deploy-public.sh"

package/tools/post-merge-rename/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/post-merge-rename",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "Post-merge branch renaming. Appends --merged-YYYY-MM-DD to preserve history.",
   "bin": {
     "post-merge-rename": "./post-merge-rename.sh"

package/tools/wip-branch-guard/guard.mjs

@@ -3,6 +3,7 @@
 // PreToolUse hook for Claude Code.
 // Blocks ALL file writes and git commits when on main branch.
 // Agents must work on branches or worktrees. Never on main.
+// Also blocks dangerous flags (--no-verify, --force) on ANY branch.
 
 import { execSync } from 'node:child_process';
 import { dirname, join } from 'node:path';
@@ -171,6 +172,19 @@ async function main() {
   const toolName = input.tool_name || '';
   const toolInput = input.tool_input || {};
 
+  // Block dangerous flags on ANY branch (these bypass safety checks)
+  if (toolName === BASH_TOOL) {
+    const cmd = (toolInput.command || '');
+    if (/--no-verify\b/.test(cmd)) {
+      deny('BLOCKED: --no-verify bypasses git hooks. Remove it and let the hooks run.');
+      process.exit(0);
+    }
+    if (/\bgit\s+push\b.*--force\b/.test(cmd) && !/--force-with-lease\b/.test(cmd)) {
+      deny('BLOCKED: git push --force can destroy remote history. Use --force-with-lease or ask Parker.');
+      process.exit(0);
+    }
+  }
+
   // Determine which repo to check.
   // Claude Code always opens in .openclaw, but edits files in other repos.
   // We need to check the branch of THE REPO THE FILE LIVES IN, not the CWD.

package/tools/wip-branch-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-branch-guard",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "PreToolUse hook that blocks all writes on main branch. Forces agents to work on branches or worktrees.",
   "type": "module",
   "main": "guard.mjs",

package/tools/wip-file-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-license-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-guard",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "License compliance for your own repos. Ensures correct copyright, dual-license blocks, and LICENSE files.",
   "type": "module",
   "bin": {

package/tools/wip-license-hook/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-hook",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "License rug-pull detection and dependency license compliance for open source projects",
   "type": "module",
   "main": "dist/cli/index.js",

package/tools/wip-readme-format/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-readme-format",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "Reformat any repo's README to follow the WIP Computer standard. Agent-first, human-readable.",
   "type": "module",
   "bin": {

package/tools/wip-release/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-release",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "One-command release pipeline. Bumps version, updates changelog + SKILL.md, publishes to npm + GitHub.",
   "main": "core.mjs",

package/tools/wip-repo-init/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-init",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "description": "Scaffold the standard ai/ directory structure in any repo",
   "type": "module",
   "bin": {

package/tools/wip-repo-permissions-hook/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-permissions-hook",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
   "main": "core.mjs",

package/tools/wip-repos/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repos",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "Repo manifest reconciler. Single source of truth for repo organization. Like prettier for folder structure.",
   "main": "core.mjs",

package/tools/wip-universal-installer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/universal-installer",
-  "version": "1.9.36",
+  "version": "1.9.37",
   "type": "module",
   "description": "The Universal Interface specification for agent-native software. Teaches your AI how to build repos with every interface: CLI, Module, MCP Server, OpenClaw Plugin, Skill, Claude Code Hook.",
   "main": "detect.mjs",