Adopt persist repo practices: release, CI, .agents#187
Conversation
Release: npm trusted publishing (OIDC, no NPM_TOKEN) + Sigstore provenance. CI: least-priv perms, SHA-pinned checkout + persist-credentials:false, check-pack job, audit blocks on high/critical, dependabot. Tooling: check:pack (attw+publint), :changes scripts, coverage threshold, AGENTS.md stub. .agents: adopt persist thin-rule + skill-decomposition format — slim 5 rules, split 4 monolith skills, add 10 new skills, merge preserve/concise into authoring-discipline, add architecture-priming.
|
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (76)
📝 WalkthroughWalkthroughThis PR overhauls the ChangesAgents Documentation Restructuring
CI, Release, and Packaging Infrastructure
Estimated code review effort: 3 (Moderate) | ~30 minutes Sequence Diagram(s)sequenceDiagram
participant Actions as GitHub Actions
participant OIDC as GitHub OIDC
participant Changesets as changesets/action
participant npm as npm registry
Actions->>OIDC: request id-token
OIDC-->>Actions: issue token
Actions->>Changesets: run version/publish
Changesets->>npm: publish with Sigstore provenance
Possibly related PRs
Suggested labels: ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
diagnose: fold persist's per-phase "Done when" completion criteria into codemap's stronger skill (one skill, no duplicate). teach: new multi-session learning workspace skill (SKILL + 4 format siblings), adapted for codemap domain; wired into AGENTS.md + ask-agents router. improve-codebase-architecture/REFERENCE: drop stale "(same caveats as persist's REFERENCE)" adoption leftover.
…ents-config) Drop the skill, its .cursor symlink, and all refs (AGENTS.md intent line, ask-agents router table, consumer-surfaces Related link).
README: add .agents/README.md (adapted from persist) as the in-.agents hub; wire agents-tier-system skill + AGENTS.md to point at it. diagnose: update skill to mattpocock/skills diagnosing-bugs structure (Phase 1 red-capable completion criterion, Phase 2 minimise), then rename the skill dir diagnose → diagnosing-bugs (frontmatter name, H1, .cursor symlink, and all citations in AGENTS.md, ask-agents, writing-agents-config, architecture-priming).
Add the library import surface (.d.mts/JSDoc on exports) to the consumer surface table + intro, and an editing rule that @example imports must resolve against exports (prose depth + no-internals defer to authoring-discipline § PROSE + existing items, no duplication).
CI (Socket firewall) closes the connection downloading today's 7.0.0-dev.20260707.2 tarball during `sfw bun install --frozen-lockfile`, failing every job at setup. 20260706.1 is the build main already ships (PR #187) and installs cleanly through sfw. The native-preview bump is a dev-tooling moving-target (tsgo) — not worth blocking CI for a one-day delta; can re-bump once the newer tarball is fetchable.
Summary
Adopts practices audited from the sibling
persistrepo across three surfaces.Release — npm trusted publishing (GitHub OIDC, no
NPM_TOKEN):release.ymlgetsid-token: write,releaseenvironment, Node 24 + npm ≥11 for OIDC detection, pinnedchangesets/action;publishConfig.provenance: true;docs/packaging.md+.changeset/README.mdupdated.CI / tooling —
ci.yml: top-levelpermissions: contents: read, SHA-pinnedactions/checkout+persist-credentials: false, newcheck-packjob (attw + publint),auditpromoted to block on high/critical and wired intoci-complete;.github/dependabot.yml(npm + github-actions weekly);AGENTS.mdcross-tool stub;check:pack(attw + publint),:changesscripts +scripts/run-on-changed-files.ts,sideEffects: false,packageManager, coverage threshold (0.75);prepublishOnlychainscheck && check:pack..agents/— adopt persist's thin-rule + skill-decomposition format: slim 5 rules to priming pointers (agents-tier-system,tracer-bullets,verify-after-each-step,docs-governance,agents-first-convention), split 4 monolith skills into slim SKILL + sibling (harden-pr→WORKFLOW,docs-governance→LIFECYCLE,docs-lifecycle-sweep→WORKFLOW,pr-comment-fact-check→WORKFLOW), mergepreserve-comments+concise-commentsintoauthoring-discipline(+PROSE.md), addarchitecture-primingrule, add 10 new skills (agents-tier-system,ask-agents,authoring-discipline,domain-modeling,grill-with-docs,grilling,tdd,tracer-bullets,verify-after-each-step,writing-agents-config,writing-great-skills), restructuregrill-me+write-a-skill+improve-codebase-architecture(+REFERENCE.md). No persist-domain leakage; all codemap-specific substance preserved.Test plan
bun run check:pack(attw 🟢, publint clean)bun run test:coverage— 1857 pass, 0.75 threshold holdsbun run typecheck,bun run lint:ci,bun run format:check— clean.cursor/rules+.cursor/skillssymlinks resolve; no broken linksdocs/README.mdRules 1–10 pointer preservedreleaseenvironment + npm trusted-publisher binding for@stainless-code/codemap(workflowrelease.yml, envrelease); removeNPM_TOKENsecret after first OIDC publishbun auditfindings (promoted to hard gate)Summary by CodeRabbit
New Features
Bug Fixes
Chores