ai-team 1.0.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/teams/web-product/README.md +1 -1
- package/.github/workflows/release.yml +40 -0
- package/.releaserc.json +34 -0
- package/CHANGELOG.md +39 -0
- package/README.md +9 -0
- package/docs/agents/README.md +2 -1
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/backend.md +100 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/code-review.md +83 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/frontend.md +24 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/integration.md +51 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/planning-agent.md +51 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/qa.md +87 -0
- package/docs/agents/handoffs/REL-NO-IDE-OVERLAYS/requirement-analyst.md +75 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/backend.md +77 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/code-review.md +80 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/frontend.md +22 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/integration.md +65 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/planning-agent.md +67 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/qa.md +87 -0
- package/docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/requirement-analyst.md +77 -0
- package/docs/agents/knowledge/backend-dev.md +17 -0
- package/docs/agents/knowledge/code-reviewer.md +12 -0
- package/docs/agents/knowledge/frontend-dev.md +9 -0
- package/docs/agents/knowledge/planning-agent.md +32 -0
- package/docs/agents/knowledge/requirement-analyst.md +12 -0
- package/docs/agents/knowledge/tester.md +12 -0
- package/docs/agents/plans/REL-NO-IDE-OVERLAYS/plan.md +106 -0
- package/docs/agents/plans/REL-SEMVER-AUTOPUBLISH/plan.md +148 -0
- package/docs/cli.md +11 -2
- package/docs/plan.md +1 -1
- package/package.json +18 -9
- package/src/agents/definitions/agent-manager.yaml +2 -2
- package/src/agents/generate.js +104 -48
- package/src/cli.js +13 -0
- package/src/lib/template-registry.js +67 -25
- package/templates/bootstrap/{overlays/vscode-copilot/.vscode/mcp.json → base/.agents/mcp/vscode.json} +5 -2
- package/templates/bootstrap/base/.agents/teams/web-product/README.md +1 -1
- package/templates/bootstrap/manifest.json +5 -6
- package/tests/cli.integration.test.js +51 -0
- package/tests/sync-engine.test.js +30 -0
- package/tests/template-registry.test.js +48 -0
- package/templates/bootstrap/overlays/claude-code/.claude/agents/agent-manager.md +0 -153
- package/templates/bootstrap/overlays/claude-code/.claude/agents/backend-dev.md +0 -48
- package/templates/bootstrap/overlays/claude-code/.claude/agents/cli-dev.md +0 -47
- package/templates/bootstrap/overlays/claude-code/.claude/agents/code-reviewer.md +0 -52
- package/templates/bootstrap/overlays/claude-code/.claude/agents/documentation-writer.md +0 -56
- package/templates/bootstrap/overlays/claude-code/.claude/agents/frontend-dev.md +0 -47
- package/templates/bootstrap/overlays/claude-code/.claude/agents/planning-agent.md +0 -51
- package/templates/bootstrap/overlays/claude-code/.claude/agents/product-team-orchestrator.md +0 -51
- package/templates/bootstrap/overlays/claude-code/.claude/agents/requirement-analyst.md +0 -54
- package/templates/bootstrap/overlays/claude-code/.claude/agents/tester.md +0 -58
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/agent-manager.agent.md +0 -164
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/backend-dev.agent.md +0 -67
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/cli-dev.agent.md +0 -57
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/code-reviewer.agent.md +0 -64
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/documentation-writer.agent.md +0 -72
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/frontend-dev.agent.md +0 -66
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/planning-agent.agent.md +0 -70
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/product-team-orchestrator.agent.md +0 -82
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/requirement-analyst.agent.md +0 -65
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/tester-agent.agent.md +0 -69
- package/templates/bootstrap/overlays/vscode-copilot/.github/agents/tester.agent.md +0 -80
- /package/templates/bootstrap/{overlays/claude-code/.mcp.json → base/.agents/mcp/claude-code.json} +0 -0
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# Backend/CLI Implementation Handoff — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
From: backend-dev / cli-dev
|
|
5
|
+
To: reviewers / maintainers
|
|
6
|
+
|
|
7
|
+
## Completed (MVP)
|
|
8
|
+
|
|
9
|
+
- Added semantic-release stack and `release` script to `package.json`.
|
|
10
|
+
- Updated `pnpm-lock.yaml` importer devDependency entries to reflect release stack additions.
|
|
11
|
+
- Added `.releaserc.json` for branch `main` with plugins:
|
|
12
|
+
- commit-analyzer
|
|
13
|
+
- release-notes-generator
|
|
14
|
+
- changelog (`CHANGELOG.md`)
|
|
15
|
+
- npm publish
|
|
16
|
+
- github release
|
|
17
|
+
- git commit-back of `package.json`, `pnpm-lock.yaml`, `CHANGELOG.md`
|
|
18
|
+
- Added `.github/workflows/release.yml`:
|
|
19
|
+
- trigger: push to `main`
|
|
20
|
+
- explicit permissions: `contents`, `issues`, `pull-requests` write
|
|
21
|
+
- env tokens: `GITHUB_TOKEN`, `NPM_TOKEN`
|
|
22
|
+
- preflight failure if `NPM_TOKEN` missing
|
|
23
|
+
- checkout full history + setup pnpm/node + non-frozen lockfile install + `pnpm release`
|
|
24
|
+
|
|
25
|
+
## Notes / Constraints
|
|
26
|
+
|
|
27
|
+
- Implementation kept to MVP scope only; no additional CI jobs or release channels were added.
|
|
28
|
+
- Ensure repository secret `NPM_TOKEN` is configured before first release run.
|
|
29
|
+
|
|
30
|
+
## Validation
|
|
31
|
+
|
|
32
|
+
- Static validation performed by inspection of config/workflow content.
|
|
33
|
+
- Runtime validation (workflow execution and publishing) requires GitHub Actions environment and repository secrets.
|
|
34
|
+
|
|
35
|
+
## Code Review Remediation (blocker/major)
|
|
36
|
+
|
|
37
|
+
Date: 2026-02-23
|
|
38
|
+
|
|
39
|
+
### Finding status
|
|
40
|
+
|
|
41
|
+
1. **[blocker] Lockfile incomplete for semantic-release graph**
|
|
42
|
+
|
|
43
|
+
- Confirmed by inspection: importer `devDependencies` contains `semantic-release` and `@semantic-release/*`, while `packages:` does not contain matching resolved entries.
|
|
44
|
+
- Validation evidence: searched `pnpm-lock.yaml` for `semantic-release@` and `@semantic-release/*@` package keys; none present.
|
|
45
|
+
|
|
46
|
+
2. **[major] Release workflow lockfile integrity**
|
|
47
|
+
|
|
48
|
+
- Not switched back to frozen mode because blocker above is unresolved.
|
|
49
|
+
- Current workflow remains intentionally on `pnpm install --no-frozen-lockfile` as the minimal fallback until lockfile is regenerated.
|
|
50
|
+
|
|
51
|
+
### Environment blocker (exact)
|
|
52
|
+
|
|
53
|
+
- This agent session can read/edit workspace files but cannot run package-manager or git commands directly (no command-execution tool available in-session).
|
|
54
|
+
- Because of that, `pnpm install` lockfile regeneration and commit creation cannot be performed from this handoff.
|
|
55
|
+
|
|
56
|
+
### Minimal fallback (no added scope)
|
|
57
|
+
|
|
58
|
+
Run these commands in the repository from a local shell or CI runner with write access:
|
|
59
|
+
|
|
60
|
+
1. `pnpm install`
|
|
61
|
+
2. `pnpm install --frozen-lockfile`
|
|
62
|
+
3. `pnpm test`
|
|
63
|
+
|
|
64
|
+
Then commit regenerated `pnpm-lock.yaml` and switch `.github/workflows/release.yml` install step back to:
|
|
65
|
+
|
|
66
|
+
- `pnpm install --frozen-lockfile`
|
|
67
|
+
|
|
68
|
+
### Exit criteria to clear blocker
|
|
69
|
+
|
|
70
|
+
- `pnpm-lock.yaml` includes resolved `packages:` entries for:
|
|
71
|
+
- `semantic-release@...`
|
|
72
|
+
- `@semantic-release/changelog@...`
|
|
73
|
+
- `@semantic-release/commit-analyzer@...`
|
|
74
|
+
- `@semantic-release/git@...`
|
|
75
|
+
- `@semantic-release/github@...`
|
|
76
|
+
- `@semantic-release/npm@...`
|
|
77
|
+
- `@semantic-release/release-notes-generator@...`
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# Code Review — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
Reviewer: code-reviewer
|
|
5
|
+
|
|
6
|
+
## Review Scope
|
|
7
|
+
|
|
8
|
+
- `docs/agents/plans/REL-SEMVER-AUTOPUBLISH/plan.md`
|
|
9
|
+
- `docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/integration.md`
|
|
10
|
+
- `package.json`
|
|
11
|
+
- `pnpm-lock.yaml`
|
|
12
|
+
- `.releaserc.json`
|
|
13
|
+
- `.github/workflows/release.yml`
|
|
14
|
+
|
|
15
|
+
## Structured Findings
|
|
16
|
+
|
|
17
|
+
### 1) [blocker] Lockfile is internally inconsistent for release dependencies
|
|
18
|
+
|
|
19
|
+
**Where:** `pnpm-lock.yaml`
|
|
20
|
+
**What:** `importers.devDependencies` includes `semantic-release` and `@semantic-release/*`, but the lockfile has no corresponding resolved entries in `packages:` for these modules.
|
|
21
|
+
**Why it matters:** This breaks determinism and signals an incomplete lockfile regeneration. CI should fail under strict lockfile mode; current workflow masks this by disabling frozen lockfile.
|
|
22
|
+
|
|
23
|
+
### 2) [major] CI workflow bypasses lockfile integrity
|
|
24
|
+
|
|
25
|
+
**Where:** `.github/workflows/release.yml` (`Install dependencies` step)
|
|
26
|
+
**What:** Uses `pnpm install --no-frozen-lockfile`.
|
|
27
|
+
**Why it matters:** Allows implicit lockfile mutation during release and hides dependency drift, reducing reproducibility and increasing supply-chain risk surface.
|
|
28
|
+
|
|
29
|
+
### 3) [major] Release pipeline and docs are coupled to duplicated dependency-state assumptions
|
|
30
|
+
|
|
31
|
+
**Where:** `plan.md` and `integration.md`
|
|
32
|
+
**What:** Both documents carry overlapping statements about lockfile completeness/state, but only one contains unresolved caveats.
|
|
33
|
+
**Why it matters:** Duplication invites drift; operational readiness can be misread if one doc is updated and the other is not.
|
|
34
|
+
|
|
35
|
+
### 4) [minor] Workflow permissions are broader than strictly required for current config intent
|
|
36
|
+
|
|
37
|
+
**Where:** `.github/workflows/release.yml`
|
|
38
|
+
**What:** Grants `issues: write` and `pull-requests: write` globally.
|
|
39
|
+
**Why it matters:** Principle-of-least-privilege concern. Keep only permissions needed by the enabled behavior of `@semantic-release/github`.
|
|
40
|
+
|
|
41
|
+
### 5) [minor] Toolchain versions in workflow are not pinned for deterministic release infra
|
|
42
|
+
|
|
43
|
+
**Where:** `.github/workflows/release.yml`
|
|
44
|
+
**What:** Uses floating action tags and `node-version: lts/*`.
|
|
45
|
+
**Why it matters:** Reproducibility and auditability are weaker when release infra floats over time.
|
|
46
|
+
|
|
47
|
+
### 6) [nit] Potentially unnecessary artifact commit in release commit-back
|
|
48
|
+
|
|
49
|
+
**Where:** `.releaserc.json` (`@semantic-release/git` assets)
|
|
50
|
+
**What:** Includes `pnpm-lock.yaml` in committed assets.
|
|
51
|
+
**Why it matters:** If no dependency version changes are intended during release, lockfile churn should not happen; including it can create noisy release commits. Keep only if intentionally required by your process.
|
|
52
|
+
|
|
53
|
+
## Simplification / Duplication / Maintainability / Security Summary
|
|
54
|
+
|
|
55
|
+
- **Simplification:** Single source of truth for release readiness should live in one doc (prefer integration handoff), with plan doc treated as design-time baseline.
|
|
56
|
+
- **Duplication:** Lockfile readiness notes are duplicated across plan/handoff narratives.
|
|
57
|
+
- **Maintainability:** Reproducible release behavior requires frozen lockfile and fully regenerated lock state.
|
|
58
|
+
- **Security:** Current install mode and broad permissions are avoidable risk multipliers in a release pipeline.
|
|
59
|
+
|
|
60
|
+
## Explicit Action List (ordered)
|
|
61
|
+
|
|
62
|
+
1. **Regenerate and commit lockfile fully**
|
|
63
|
+
- Run `pnpm install` locally and ensure `pnpm-lock.yaml` has resolved `packages:` entries for `semantic-release` + all configured plugins.
|
|
64
|
+
2. **Enforce deterministic install in release job**
|
|
65
|
+
- Change release workflow install step to `pnpm install --frozen-lockfile`.
|
|
66
|
+
3. **Add a pre-release integrity gate**
|
|
67
|
+
- Optionally add `pnpm install --frozen-lockfile` as a dedicated validation step before `pnpm release` to fail early and clearly.
|
|
68
|
+
4. **Right-size workflow permissions**
|
|
69
|
+
- Keep only required scopes; if PR/issue comments are not needed, remove `issues: write` and `pull-requests: write`.
|
|
70
|
+
5. **Reduce infra drift**
|
|
71
|
+
- Pin Node major (for example `22`) and consider pinning action SHAs for release-critical workflows.
|
|
72
|
+
6. **Document ownership of readiness state**
|
|
73
|
+
- Consolidate lockfile readiness status into one canonical handoff section and reference it from plan docs to avoid drift.
|
|
74
|
+
7. **Re-evaluate git commit assets**
|
|
75
|
+
- Keep `pnpm-lock.yaml` in release commit assets only if lockfile mutations are expected/desired during release operations.
|
|
76
|
+
|
|
77
|
+
## QA Readiness Decision
|
|
78
|
+
|
|
79
|
+
**QA should not proceed yet** (blocked) until Actions 1 and 2 are completed.
|
|
80
|
+
After those are addressed, QA can proceed with end-to-end validation from the integration test scope.
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Frontend Handoff — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
From: frontend-dev
|
|
5
|
+
To: integration/review
|
|
6
|
+
|
|
7
|
+
## Context / Objective
|
|
8
|
+
|
|
9
|
+
Feature scope is release automation for npm publish and GitHub Actions. No frontend app/UI work is in scope.
|
|
10
|
+
|
|
11
|
+
## What Changed
|
|
12
|
+
|
|
13
|
+
N/A (no frontend code or UI changes required for this feature).
|
|
14
|
+
|
|
15
|
+
## Risks / Assumptions
|
|
16
|
+
|
|
17
|
+
- Assumes release automation remains backend/CI-only.
|
|
18
|
+
- Assumes no docs/UI surfaces are needed to expose release status in this iteration.
|
|
19
|
+
|
|
20
|
+
## Exact Next Action (Integration / Review)
|
|
21
|
+
|
|
22
|
+
Proceed with backend/CI integration review only; frontend sign-off is complete with no implementation changes.
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Integration Handoff — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
From: planning-agent (integration owner)
|
|
5
|
+
To: code-reviewer / tester
|
|
6
|
+
|
|
7
|
+
## 1) Combined Readiness Note
|
|
8
|
+
|
|
9
|
+
- Frontend readiness: complete with no code changes required for this feature.
|
|
10
|
+
- Backend/CI readiness: MVP implementation is present (`semantic-release` config + release workflow + release dependencies), with one known lockfile integrity follow-up.
|
|
11
|
+
- Integration status: conditionally ready for review/test, pending dependency closure listed below.
|
|
12
|
+
|
|
13
|
+
## 2) Confirmed Review Scope (Code Reviewer)
|
|
14
|
+
|
|
15
|
+
Review only the release automation surface (no frontend scope):
|
|
16
|
+
|
|
17
|
+
- `package.json`
|
|
18
|
+
- `release` script exists and release stack is in `devDependencies`.
|
|
19
|
+
- `pnpm-lock.yaml`
|
|
20
|
+
- lock graph consistency with the newly added release dependencies.
|
|
21
|
+
- `.releaserc.json`
|
|
22
|
+
- branch set to `main`.
|
|
23
|
+
- plugin order and intent:
|
|
24
|
+
1. commit analyzer
|
|
25
|
+
2. release notes generator
|
|
26
|
+
3. changelog (`CHANGELOG.md`)
|
|
27
|
+
4. npm publish
|
|
28
|
+
5. github release
|
|
29
|
+
6. git commit-back of `package.json`, `pnpm-lock.yaml`, `CHANGELOG.md`
|
|
30
|
+
- `.github/workflows/release.yml`
|
|
31
|
+
- trigger on push to `main`.
|
|
32
|
+
- explicit write permissions (`contents`, `issues`, `pull-requests`).
|
|
33
|
+
- env/token wiring (`GITHUB_TOKEN`, `NPM_TOKEN`) and fail-fast check for missing `NPM_TOKEN`.
|
|
34
|
+
- install + release steps are consistent with project package manager usage.
|
|
35
|
+
|
|
36
|
+
## 3) Confirmed Test Scope (Tester)
|
|
37
|
+
|
|
38
|
+
Validate the following behavior end-to-end in CI:
|
|
39
|
+
|
|
40
|
+
- Workflow executes on push to `main`.
|
|
41
|
+
- No-op path succeeds when no semver-relevant commit is present (for example `docs:`).
|
|
42
|
+
- Semver-relevant path (`fix:` / `feat:`) computes next version and performs release artifacts:
|
|
43
|
+
- npm publish,
|
|
44
|
+
- git tag,
|
|
45
|
+
- GitHub release,
|
|
46
|
+
- commit-back updates for `package.json` and `CHANGELOG.md` (and lockfile when changed).
|
|
47
|
+
- Missing or invalid `NPM_TOKEN` fails with explicit/auth-related error signal.
|
|
48
|
+
- Local dependency integrity checks pass after lockfile regeneration:
|
|
49
|
+
1. `pnpm install`
|
|
50
|
+
2. `pnpm install --frozen-lockfile`
|
|
51
|
+
3. `pnpm test`
|
|
52
|
+
|
|
53
|
+
## 4) Explicit Unresolved Dependencies
|
|
54
|
+
|
|
55
|
+
1. **Lockfile resolution completeness**
|
|
56
|
+
- Current state indicates importer devDependency references were added, but full resolved `packages:` entries for `semantic-release` and `@semantic-release/*` still require verification/regeneration.
|
|
57
|
+
- Needed action: regenerate lockfile and confirm frozen-lockfile install passes.
|
|
58
|
+
2. **Repository secret availability**
|
|
59
|
+
- `NPM_TOKEN` must be configured in GitHub repository secrets prior to first release execution.
|
|
60
|
+
3. **Runtime CI validation not yet executed in handoff context**
|
|
61
|
+
- End-to-end GitHub Actions run and actual npm publish flow remain pending tester execution in the target repo environment.
|
|
62
|
+
|
|
63
|
+
## Integration Owner Decision
|
|
64
|
+
|
|
65
|
+
Proceed to code review and tester validation with the above unresolved dependencies tracked as required completion gates before production reliance.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Planning Handoff — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
From: planning-agent
|
|
5
|
+
To: implementation agent (`backend-dev` / `cli-dev`)
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Implement MVP auto semantic-version publishing for `ai-team` on push to `main` using `semantic-release`, including npm publish, GitHub release/tag, and commit-back of version/changelog artifacts.
|
|
10
|
+
|
|
11
|
+
## Required File Changes
|
|
12
|
+
|
|
13
|
+
- `package.json`
|
|
14
|
+
- `pnpm-lock.yaml`
|
|
15
|
+
- `.releaserc.json` (new)
|
|
16
|
+
- `.github/workflows/release.yml` (new)
|
|
17
|
+
- `CHANGELOG.md` (created/updated by release)
|
|
18
|
+
|
|
19
|
+
## Implementation Notes (MVP)
|
|
20
|
+
|
|
21
|
+
1. Add only required semantic-release stack dependencies and a `release` script.
|
|
22
|
+
2. Configure `.releaserc.json` for branch `main`, standard analyzer/notes plugins, npm publish, GitHub release, and git commit of artifacts.
|
|
23
|
+
3. Use a single workflow triggered on push to `main` with explicit permissions:
|
|
24
|
+
- `contents: write`
|
|
25
|
+
- `issues: write`
|
|
26
|
+
- `pull-requests: write`
|
|
27
|
+
4. Workflow auth/env must use:
|
|
28
|
+
- `GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
|
|
29
|
+
- `NPM_TOKEN: ${{ secrets.NPM_TOKEN }}`
|
|
30
|
+
5. Include a clear preflight check for missing `NPM_TOKEN`.
|
|
31
|
+
|
|
32
|
+
## Execution Checklist
|
|
33
|
+
|
|
34
|
+
- [ ] Update `package.json` with release dependencies + `release` script.
|
|
35
|
+
- [ ] Update `pnpm-lock.yaml` via install.
|
|
36
|
+
- [ ] Add `.releaserc.json` with plugin order and git assets (`package.json`, `pnpm-lock.yaml`, `CHANGELOG.md`).
|
|
37
|
+
- [ ] Add `.github/workflows/release.yml` with push-to-main trigger, permissions, setup/install, and `pnpm release`.
|
|
38
|
+
- [ ] Ensure repo secret `NPM_TOKEN` exists.
|
|
39
|
+
- [ ] Validate no-op behavior with non-release commit.
|
|
40
|
+
- [ ] Validate publish behavior with `fix:` or `feat:` commit.
|
|
41
|
+
|
|
42
|
+
## Acceptance Mapping
|
|
43
|
+
|
|
44
|
+
- AC1 (workflow on main push): workflow trigger in `.github/workflows/release.yml`.
|
|
45
|
+
- AC2 (no-op success): semantic-release exits successfully when no relevant commits.
|
|
46
|
+
- AC3 (publish + tag + GitHub release + commit-back): `.releaserc.json` plugins + workflow auth.
|
|
47
|
+
- AC4 (missing/invalid token fails clearly): workflow preflight + semantic-release logs.
|
|
48
|
+
- AC5 (no manual bump): commit-message-driven versioning only.
|
|
49
|
+
|
|
50
|
+
## Failure / Rollback
|
|
51
|
+
|
|
52
|
+
- If config breaks CI, revert `.releaserc.json` and `.github/workflows/release.yml` in one commit.
|
|
53
|
+
- If release artifacts are incorrect, revert release commit/tag and ship corrective follow-up version.
|
|
54
|
+
- If npm auth fails, rotate `NPM_TOKEN` and rerun workflow.
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Closeout Note (2026-02-23)
|
|
59
|
+
|
|
60
|
+
- **Status:** Blocked (not complete).
|
|
61
|
+
- **Driver:** QA decision is **BLOCKED / NOT APPROVED** pending lockfile integrity closure and runtime CI release-path validation.
|
|
62
|
+
- **Required next actions:**
|
|
63
|
+
1. Regenerate + commit `pnpm-lock.yaml` and verify semantic-release packages are fully resolved.
|
|
64
|
+
2. Update release workflow install step to `pnpm install --frozen-lockfile`.
|
|
65
|
+
3. Re-run CI acceptance on `main` for `docs:` no-op and `fix:`/`feat:` publish behavior.
|
|
66
|
+
4. Confirm `NPM_TOKEN` secret and validate missing/invalid token failure paths.
|
|
67
|
+
- **Closeout gate:** Feature remains open until tester returns APPROVED.
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
# QA Report — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
Agent: tester
|
|
5
|
+
|
|
6
|
+
## Inputs Reviewed
|
|
7
|
+
|
|
8
|
+
- docs/agents/plans/REL-SEMVER-AUTOPUBLISH/plan.md
|
|
9
|
+
- docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/integration.md
|
|
10
|
+
- docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/code-review.md
|
|
11
|
+
- docs/agents/handoffs/REL-SEMVER-AUTOPUBLISH/backend.md
|
|
12
|
+
- package.json
|
|
13
|
+
- .releaserc.json
|
|
14
|
+
- .github/workflows/release.yml
|
|
15
|
+
- pnpm-lock.yaml
|
|
16
|
+
|
|
17
|
+
## Verification Performed (Current Environment)
|
|
18
|
+
|
|
19
|
+
- Static verification of release config, workflow trigger/permissions/token checks, and dependency declarations.
|
|
20
|
+
- Lockfile integrity inspection for semantic-release package resolution entries.
|
|
21
|
+
- Workspace diagnostics check (`get_errors`) returned no editor-detected errors.
|
|
22
|
+
|
|
23
|
+
## Acceptance Check Results
|
|
24
|
+
|
|
25
|
+
1. **Workflow runs on push to `main`**
|
|
26
|
+
**Status:** BLOCKED (not executable in current environment)
|
|
27
|
+
**Evidence:** Workflow exists with `on.push.branches: [main]` in `.github/workflows/release.yml`, but no GitHub Actions execution capability is available in this session.
|
|
28
|
+
|
|
29
|
+
2. **No-op release succeeds when no semver-relevant commits**
|
|
30
|
+
**Status:** BLOCKED
|
|
31
|
+
**Evidence:** Requires an actual push (for example `docs:`) and observing workflow result; cannot be executed from this environment.
|
|
32
|
+
|
|
33
|
+
3. **Semver-relevant commits publish and create artifacts (npm/tag/GitHub release/commit-back)**
|
|
34
|
+
**Status:** BLOCKED
|
|
35
|
+
**Evidence:** Requires live GitHub Actions + npm publish credentials and repository access. Not executable here.
|
|
36
|
+
|
|
37
|
+
4. **Missing/invalid `NPM_TOKEN` fails clearly**
|
|
38
|
+
**Status:** PARTIAL PASS (missing-token path), BLOCKED (invalid-token path)
|
|
39
|
+
**Evidence:** `.github/workflows/release.yml` includes an explicit preflight that exits with a clear error when `NPM_TOKEN` is empty. Invalid token behavior still requires runtime execution to verify auth failure path.
|
|
40
|
+
|
|
41
|
+
5. **No manual version bump required**
|
|
42
|
+
**Status:** PARTIAL PASS (static), BLOCKED (runtime confirmation)
|
|
43
|
+
**Evidence:** `package.json` has `"release": "semantic-release"`; `.releaserc.json` is configured for semantic-release branch/plugin flow. End-to-end confirmation requires a real `fix:`/`feat:` release run.
|
|
44
|
+
|
|
45
|
+
## Additional QA Gate Checks from Integration Handoff
|
|
46
|
+
|
|
47
|
+
1. `pnpm install`
|
|
48
|
+
**Status:** BLOCKED (command execution unavailable in this session)
|
|
49
|
+
2. `pnpm install --frozen-lockfile`
|
|
50
|
+
**Status:** BLOCKED (command execution unavailable in this session)
|
|
51
|
+
3. `pnpm test`
|
|
52
|
+
**Status:** BLOCKED (command execution unavailable in this session)
|
|
53
|
+
|
|
54
|
+
Static evidence indicates lockfile/workflow readiness is not yet production-safe:
|
|
55
|
+
|
|
56
|
+
- `pnpm-lock.yaml` importer references include `semantic-release` and `@semantic-release/*`, but resolved `packages:` entries for those release modules are not present.
|
|
57
|
+
- `.github/workflows/release.yml` currently installs with `pnpm install --no-frozen-lockfile`, which bypasses lockfile integrity.
|
|
58
|
+
|
|
59
|
+
## Blockers and Exact Steps to Complete QA
|
|
60
|
+
|
|
61
|
+
### Blockers
|
|
62
|
+
|
|
63
|
+
1. No GitHub Actions execution / push capability in this environment.
|
|
64
|
+
2. No npm publish/token validation path in this environment.
|
|
65
|
+
3. No package-manager command execution available in-session for local integrity checks.
|
|
66
|
+
4. Dependency lockfile state not fully regenerated for release stack; workflow currently avoids frozen lockfile.
|
|
67
|
+
|
|
68
|
+
### Exact Completion Steps
|
|
69
|
+
|
|
70
|
+
1. Regenerate lockfile in a shell with repo write access:
|
|
71
|
+
- `pnpm install`
|
|
72
|
+
2. Validate deterministic install and tests:
|
|
73
|
+
- `pnpm install --frozen-lockfile`
|
|
74
|
+
- `pnpm test`
|
|
75
|
+
3. Commit regenerated `pnpm-lock.yaml`.
|
|
76
|
+
4. Update workflow install step in `.github/workflows/release.yml` to:
|
|
77
|
+
- `pnpm install --frozen-lockfile`
|
|
78
|
+
5. In GitHub repository settings, ensure `NPM_TOKEN` exists and has publish scope.
|
|
79
|
+
6. Execute CI acceptance runs on `main`:
|
|
80
|
+
- Push `docs:` commit and confirm successful no-op release.
|
|
81
|
+
- Push `fix:` commit and confirm npm publish, tag `vX.Y.Z`, GitHub release, and commit-back updates.
|
|
82
|
+
- Validate missing-token and invalid-token failure paths in a safe test repo/context.
|
|
83
|
+
|
|
84
|
+
## Final QA Decision
|
|
85
|
+
|
|
86
|
+
**Decision: BLOCKED / NOT APPROVED**
|
|
87
|
+
Reason: Core acceptance checks requiring CI runtime and publish flow are not executable in this environment, and pre-runtime dependency integrity gates (lockfile completeness + frozen lockfile install path) are not yet satisfied.
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# Requirement Analysis — REL-SEMVER-AUTOPUBLISH
|
|
2
|
+
|
|
3
|
+
Date: 2026-02-23
|
|
4
|
+
Agent: requirement-analyst
|
|
5
|
+
|
|
6
|
+
## User Ask (normalized)
|
|
7
|
+
|
|
8
|
+
Enable semantic versioning and a GitHub pipeline so that every push to `main` automatically determines the next version, bumps the package version, and publishes the new version of `ai-team` to npm.
|
|
9
|
+
|
|
10
|
+
## MVP Scope
|
|
11
|
+
|
|
12
|
+
1. Add one release workflow in `.github/workflows/` triggered on push to `main`.
|
|
13
|
+
2. Use semantic versioning automation (MVP choice: `semantic-release` + npm + git/github plugins).
|
|
14
|
+
3. Publish `ai-team` to npm when a release is produced.
|
|
15
|
+
4. Commit version/changelog updates back to `main` as part of release automation.
|
|
16
|
+
|
|
17
|
+
## Out of Scope (for this feature)
|
|
18
|
+
|
|
19
|
+
- Multi-branch release channels (`beta`, `next`, etc.).
|
|
20
|
+
- Monorepo/workspace package release orchestration.
|
|
21
|
+
- Container/image publishing.
|
|
22
|
+
- Custom changelog formatting beyond default plugin templates.
|
|
23
|
+
|
|
24
|
+
## Assumptions
|
|
25
|
+
|
|
26
|
+
1. `main` is the only release branch.
|
|
27
|
+
2. Commit messages will follow Conventional Commits for deterministic semver bumps:
|
|
28
|
+
- `fix:` => patch
|
|
29
|
+
- `feat:` => minor
|
|
30
|
+
- `BREAKING CHANGE:` / `!` => major
|
|
31
|
+
3. npm package `ai-team` already exists and is intended to remain public (`publishConfig.access=public`).
|
|
32
|
+
4. Repository administrators can add required GitHub Actions permissions and repository secrets.
|
|
33
|
+
|
|
34
|
+
## Required Secrets & Permissions
|
|
35
|
+
|
|
36
|
+
### GitHub Repository Secrets
|
|
37
|
+
|
|
38
|
+
- `NPM_TOKEN`: npm automation token with publish access to `ai-team`.
|
|
39
|
+
|
|
40
|
+
### Workflow Permissions
|
|
41
|
+
|
|
42
|
+
Release workflow job must grant:
|
|
43
|
+
|
|
44
|
+
- `contents: write` (commit/tag/release notes/version artifacts)
|
|
45
|
+
- `issues: write` and `pull-requests: write` (if release tool comments/updates PR metadata)
|
|
46
|
+
|
|
47
|
+
### Optional/Conditional
|
|
48
|
+
|
|
49
|
+
- `GH_TOKEN` is usually provided via `${{ secrets.GITHUB_TOKEN }}`; no extra secret needed unless org policy requires PAT.
|
|
50
|
+
|
|
51
|
+
## Acceptance Criteria (implementable)
|
|
52
|
+
|
|
53
|
+
1. On every push to `main`, GitHub Actions runs a release workflow.
|
|
54
|
+
2. If commits since last release contain no semver-relevant changes, workflow exits successfully without publishing.
|
|
55
|
+
3. If commits include semver-relevant changes:
|
|
56
|
+
- next semver version is computed from commit history,
|
|
57
|
+
- npm package `ai-team` is published,
|
|
58
|
+
- release tag (e.g. `v1.0.3`) and GitHub release are created,
|
|
59
|
+
- `package.json` version and changelog artifacts are committed back to `main`.
|
|
60
|
+
4. Workflow fails with clear logs when `NPM_TOKEN` is missing/invalid.
|
|
61
|
+
5. No manual version bump step is required from developers for normal releases.
|
|
62
|
+
|
|
63
|
+
## Constraints for Planning/Implementation
|
|
64
|
+
|
|
65
|
+
- Keep implementation minimal: one workflow file, minimal release config, only required dev dependencies/plugins.
|
|
66
|
+
- Do not add unrelated CI jobs or quality gates in this feature.
|
|
67
|
+
- Preserve current package metadata and existing scripts unless strictly needed for release automation.
|
|
68
|
+
|
|
69
|
+
## Exact Next Action for Planning Agent
|
|
70
|
+
|
|
71
|
+
Create `docs/agents/plans/REL-SEMVER-AUTOPUBLISH/plan.md` with a step-by-step implementation plan that includes:
|
|
72
|
+
|
|
73
|
+
1. Adding `semantic-release` and required plugins (`@semantic-release/commit-analyzer`, `@semantic-release/release-notes-generator`, `@semantic-release/changelog`, `@semantic-release/npm`, `@semantic-release/git`, `@semantic-release/github`).
|
|
74
|
+
2. Defining semantic-release config (release branch `main`, changelog + package version commit strategy).
|
|
75
|
+
3. Creating `.github/workflows/release.yml` for push-to-main execution with required permissions and npm auth.
|
|
76
|
+
4. Validation steps (dry-run where possible, then real run criteria) and rollback/failure handling notes.
|
|
77
|
+
5. Explicit checklist mapping each implementation step back to acceptance criteria above.
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Backend Dev Knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23 — REL-SEMVER-AUTOPUBLISH
|
|
4
|
+
|
|
5
|
+
- Keep semantic-release MVP minimal: one `.releaserc.json` and one `push`-to-`main` workflow.
|
|
6
|
+
- Include explicit workflow permissions and a preflight `NPM_TOKEN` check to fail fast with clear logs.
|
|
7
|
+
- Include lockfile in git plugin assets so release commit-back stays deterministic for package metadata updates.
|
|
8
|
+
|
|
9
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
10
|
+
|
|
11
|
+
- Keep agent definitions as the only maintained source and derive IDE artifacts at runtime to avoid overlay drift.
|
|
12
|
+
- When generation logic moves into runtime paths, ensure renderer dependencies (for example `mustache`) are runtime dependencies, not dev-only.
|
|
13
|
+
|
|
14
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS Fix Pass
|
|
15
|
+
|
|
16
|
+
- When recursive-copying base template assets, explicitly exclude internal template inputs (for example `.agents/mcp/*`) so only intended install targets are emitted.
|
|
17
|
+
- For manifest schema transitions, prefer a narrow compatibility shim at read boundaries (`packs.ide` + legacy `packs.overlays`) rather than duplicating conditional logic in multiple call sites.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# code-reviewer knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23 — REL-SEMVER-AUTOPUBLISH
|
|
4
|
+
|
|
5
|
+
- Treat lockfile importer-only dependency additions as a blocker when `packages:` resolutions are missing; this is incomplete dependency state, not a cosmetic diff.
|
|
6
|
+
- Flag any release workflow use of `--no-frozen-lockfile` as a reproducibility/security risk unless explicitly justified for non-release jobs.
|
|
7
|
+
- For release features, always verify least-privilege workflow permissions and call out duplicated readiness statements across plan and integration docs to reduce drift.
|
|
8
|
+
|
|
9
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
10
|
+
|
|
11
|
+
- When moving template assets into `base/.agents/**`, always verify recursive copy paths do not accidentally install internal template artifacts (for example MCP source templates) into downstream projects.
|
|
12
|
+
- For schema transitions like `packs.overlays` to `packs.ide`, require explicit compatibility behavior (migration or fail-fast) in the same feature to avoid hidden operational breakage.
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# Frontend Dev Knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23 — REL-SEMVER-AUTOPUBLISH
|
|
4
|
+
|
|
5
|
+
No frontend/UI scope for this feature; frontend changes are intentionally N/A. Integration proceeds via backend/CI review only.
|
|
6
|
+
|
|
7
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
8
|
+
|
|
9
|
+
When feature scope is explicitly backend-only (CLI/template/runtime/docs) with no user-facing UI surface changes, record frontend implementation as N/A and hand off directly to backend/integration validation.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Planning Agent Knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23 — REL-SEMVER-AUTOPUBLISH
|
|
4
|
+
|
|
5
|
+
- For semver autopublish MVPs, keep to one workflow (`push` on `main`) plus one `.releaserc.json`; avoid extra channels/gates.
|
|
6
|
+
- Always include git plugin assets explicitly (`package.json`, lockfile, `CHANGELOG.md`) to satisfy commit-back acceptance criteria.
|
|
7
|
+
- Add explicit token preflight in workflow to make missing `NPM_TOKEN` failures obvious and fast to diagnose.
|
|
8
|
+
|
|
9
|
+
## 2026-02-23 — Integration Handoff Practice
|
|
10
|
+
|
|
11
|
+
- Integration handoff should always consolidate frontend/backend readiness into one explicit go/no-go note.
|
|
12
|
+
- Confirm review scope and test scope as concrete file/behavior checklists, not generic guidance.
|
|
13
|
+
- Always include a dedicated unresolved dependencies list so blockers (for example secrets, lockfile integrity, runtime CI validation) are tracked to closure.
|
|
14
|
+
|
|
15
|
+
## 2026-02-23 — Closeout Discipline
|
|
16
|
+
|
|
17
|
+
- In closeout updates, feature status must mirror QA disposition exactly; if QA is blocked, plan/handoff status must remain blocked.
|
|
18
|
+
|
|
19
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
20
|
+
|
|
21
|
+
- For architecture-removal work, require acceptance checks that prove behavior parity (paths, frontmatter, drift semantics), not just file deletions.
|
|
22
|
+
- When frontend impact is truly absent, explicitly mark frontend workstream as N/A with rationale to avoid ambiguous ownership.
|
|
23
|
+
|
|
24
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS Integration
|
|
25
|
+
|
|
26
|
+
- Integration handoff must explicitly call out missing test execution evidence as an unresolved dependency and assign an exact first-review action to code-reviewer.
|
|
27
|
+
|
|
28
|
+
## 2026-02-23 — QA Execution-Blocked Closeout
|
|
29
|
+
|
|
30
|
+
- During closeout, set lifecycle to NOT COMPLETE whenever QA is execution-blocked, even if static review is clean.
|
|
31
|
+
- Record the exact blocked commands in the plan status so the next actor can resume validation without re-discovery.
|
|
32
|
+
- Treat completion as gated by command-output evidence, not by handoff readiness alone.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Requirement Analyst Knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23 — REL-SEMVER-AUTOPUBLISH
|
|
4
|
+
|
|
5
|
+
- For "auto bump + publish on main" asks, define MVP as a single push-to-main release workflow using semantic-release and Conventional Commits.
|
|
6
|
+
- Always capture required operational prerequisites explicitly: `NPM_TOKEN` secret and workflow write permissions (`contents` at minimum).
|
|
7
|
+
- Acceptance criteria must include both publish and no-op behavior so teams can verify deterministic release outcomes.
|
|
8
|
+
|
|
9
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
10
|
+
|
|
11
|
+
- When architecture asks remove per-IDE maintained templates, require a single maintained source plus generation parity requirements for each supported IDE.
|
|
12
|
+
- Call out hash/drift compatibility as an explicit non-functional constraint when sync behavior depends on deterministic rendered outputs.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Tester Knowledge
|
|
2
|
+
|
|
3
|
+
## 2026-02-23
|
|
4
|
+
|
|
5
|
+
- For release automation features, separate static-confidence checks (workflow/config correctness) from runtime-proof checks (GitHub Actions execution, publish, tags, releases) and report them independently.
|
|
6
|
+
- Treat lockfile completeness + frozen-lockfile install as mandatory preconditions before declaring QA ready on CI release pipelines.
|
|
7
|
+
- When environment tooling cannot execute package-manager or CI actions, include exact completion commands and the minimum external validations needed to close QA.
|
|
8
|
+
|
|
9
|
+
## 2026-02-23 — REL-NO-IDE-OVERLAYS
|
|
10
|
+
|
|
11
|
+
- For CLI/template architecture changes, mark acceptance as FAIL (not PASS) when runtime checks are unexecutable and core parity/drift behaviors remain unproven.
|
|
12
|
+
- In blocked environments, include one concrete command list that covers targeted tests, full suite, init/doctor flows for each IDE, and drift conflict/force verification.
|