npm - @wipcomputer/wip-ai-devops-toolbox - Versions diffs - 1.9.36 → 1.9.38 - Mend

@wipcomputer/wip-ai-devops-toolbox 1.9.36 → 1.9.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +34 -0
package/SKILL.md +1 -1
package/package.json +1 -1
package/scripts/deploy-public.sh +6 -0
package/tools/deploy-public/package.json +1 -1
package/tools/post-merge-rename/package.json +1 -1
package/tools/wip-branch-guard/guard.mjs +17 -0
package/tools/wip-branch-guard/package.json +1 -1
package/tools/wip-file-guard/package.json +1 -1
package/tools/wip-license-guard/package.json +1 -1
package/tools/wip-license-hook/package.json +1 -1
package/tools/wip-readme-format/package.json +1 -1
package/tools/wip-release/package.json +1 -1
package/tools/wip-repo-init/package.json +1 -1
package/tools/wip-repo-permissions-hook/package.json +1 -1
package/tools/wip-repos/package.json +1 -1
package/tools/wip-universal-installer/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -31,6 +31,40 @@
+## 1.9.38 (2026-03-16)
+# GitHub Packages publish from public repo
+**Date:** 2026-03-16
+**Closes:** #193
+## What changed
+`deploy-public.sh` now publishes to GitHub Packages from the public repo clone after the npm publish step. Previously, GitHub Packages were only published from the private repo during `wip-release`, so they showed on the private repo's Packages tab. Users couldn't see them.
+Now packages show on the public repo's Packages tab where users expect to find them. Uses `gh auth token` for authentication (already available from the gh CLI).
+## Why
+The Packages tab on public repos was empty. Users visiting wipcomputer/wip-ldm-os or wipcomputer/wip-ai-devops-toolbox saw no packages even though they were published. The packages existed but were linked to the private repo.
+## 1.9.37 (2026-03-16)
+# GitHub Packages publish from public repo
+**Date:** 2026-03-16
+**Closes:** #193
+## What changed
+`deploy-public.sh` now publishes to GitHub Packages from the public repo clone after the npm publish step. Previously, GitHub Packages were only published from the private repo during `wip-release`, so they showed on the private repo's Packages tab. Users couldn't see them.
+Now packages show on the public repo's Packages tab where users expect to find them. Uses `gh auth token` for authentication (already available from the gh CLI).
+## Why
+The Packages tab on public repos was empty. Users visiting wipcomputer/wip-ldm-os or wipcomputer/wip-ai-devops-toolbox saw no packages even though they were published. The packages existed but were linked to the private repo.
 ## 1.9.36 (2026-03-16)

package/SKILL.md CHANGED Viewed

@@ -5,7 +5,7 @@ license: MIT
 interface: [cli, module, mcp, skill, hook, plugin]
 metadata:
   display-name: "WIP AI DevOps Toolbox"
-  version: "1.9.36"
+  version: "1.9.38"
   homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
   author: "Parker Todd Brooks"
   category: dev-tools

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/scripts/deploy-public.sh CHANGED Viewed

@@ -122,6 +122,12 @@ rsync -a \
 cd "$TMPDIR/public"
+# Rewrite package.json repository URL from private to public repo
+# GitHub Packages links packages to the repo in repository.url
+if [[ -f package.json ]] && grep -q "\-private" package.json 2>/dev/null; then
+  sed -i '' 's|-private\.git|.git|g; s|-private"|"|g' package.json
+fi
 # Check if there are changes
 if git diff --quiet HEAD -- 2>/dev/null && git diff --cached --quiet HEAD -- 2>/dev/null && [[ -z "$(git ls-files --others --exclude-standard)" ]]; then
   echo "No changes to deploy."

package/tools/deploy-public/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/deploy-public",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "Private-to-public repo sync. Excludes ai/ folder, creates PR, merges, cleans up branches.",
   "bin": {
     "deploy-public": "./deploy-public.sh"

package/tools/post-merge-rename/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/post-merge-rename",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "Post-merge branch renaming. Appends --merged-YYYY-MM-DD to preserve history.",
   "bin": {
     "post-merge-rename": "./post-merge-rename.sh"

package/tools/wip-branch-guard/guard.mjs CHANGED Viewed

@@ -3,6 +3,7 @@
 // PreToolUse hook for Claude Code.
 // Blocks ALL file writes and git commits when on main branch.
 // Agents must work on branches or worktrees. Never on main.
+// Also blocks dangerous flags (--no-verify, --force) on ANY branch.
 import { execSync } from 'node:child_process';
 import { dirname, join } from 'node:path';
@@ -85,6 +86,9 @@ const ALLOWED_BASH_PATTERNS = [
   /\bwip-release\b.*--dry-run/,
   /\bnpm\s+install\s+-g\b/,   // global installs modify /opt/homebrew/, not the repo
   /\bnpm\s+link\b/,            // global operation, not repo-local
+  /\bldm\s+(install|init|doctor|stack|updates)\b/,  // LDM OS commands modify ~/.ldm/, not the repo
+  /\brm\s+.*\.ldm\/state\//,    // cleaning LDM state files only, not repo files
+  /\bclaude\s+mcp\b/,          // MCP registration, not repo files
 ];
 function deny(reason) {
@@ -171,6 +175,19 @@ async function main() {
   const toolName = input.tool_name || '';
   const toolInput = input.tool_input || {};
+  // Block dangerous flags on ANY branch (these bypass safety checks)
+  if (toolName === BASH_TOOL) {
+    const cmd = (toolInput.command || '');
+    if (/--no-verify\b/.test(cmd)) {
+      deny('BLOCKED: --no-verify bypasses git hooks. Remove it and let the hooks run.');
+      process.exit(0);
+    }
+    if (/\bgit\s+push\b.*--force\b/.test(cmd) && !/--force-with-lease\b/.test(cmd)) {
+      deny('BLOCKED: git push --force can destroy remote history. Use --force-with-lease or ask Parker.');
+      process.exit(0);
+    }
+  }
   // Determine which repo to check.
   // Claude Code always opens in .openclaw, but edits files in other repos.
   // We need to check the branch of THE REPO THE FILE LIVES IN, not the CWD.

package/tools/wip-branch-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-branch-guard",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "PreToolUse hook that blocks all writes on main branch. Forces agents to work on branches or worktrees.",
   "type": "module",
   "main": "guard.mjs",

package/tools/wip-file-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-license-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-guard",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "License compliance for your own repos. Ensures correct copyright, dual-license blocks, and LICENSE files.",
   "type": "module",
   "bin": {

package/tools/wip-license-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-hook",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "License rug-pull detection and dependency license compliance for open source projects",
   "type": "module",
   "main": "dist/cli/index.js",

package/tools/wip-readme-format/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-readme-format",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "Reformat any repo's README to follow the WIP Computer standard. Agent-first, human-readable.",
   "type": "module",
   "bin": {

package/tools/wip-release/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-release",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "One-command release pipeline. Bumps version, updates changelog + SKILL.md, publishes to npm + GitHub.",
   "main": "core.mjs",

package/tools/wip-repo-init/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-init",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "description": "Scaffold the standard ai/ directory structure in any repo",
   "type": "module",
   "bin": {

package/tools/wip-repo-permissions-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-permissions-hook",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
   "main": "core.mjs",

package/tools/wip-repos/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repos",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "Repo manifest reconciler. Single source of truth for repo organization. Like prettier for folder structure.",
   "main": "core.mjs",

package/tools/wip-universal-installer/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/universal-installer",
-  "version": "1.9.36",
+  "version": "1.9.38",
   "type": "module",
   "description": "The Universal Interface specification for agent-native software. Teaches your AI how to build repos with every interface: CLI, Module, MCP Server, OpenClaw Plugin, Skill, Claude Code Hook.",
   "main": "detect.mjs",