Skip to content

Commit f1465f1

Browse files
NagyViktNagyVikt
andauthored
Ensure version publishes always carry release notes (#46)
Added a standing release-note requirement to the repository agent contract, propagated the same rule to the install template and contributor guide, and created missing v5 release notes in README. A metadata test now enforces that README release notes include the current package version heading, so future version bumps cannot skip documenting release changes. Constraint: Keep release-note policy lightweight and dependency-free Rejected: Add a release-notes generator dependency | unnecessary maintenance overhead Confidence: high Scope-risk: narrow Reversibility: clean Directive: When bumping package.json version, add matching README release note heading in the same change Tested: npm test; node --check bin/multiagent-safety.js; npm pack --dry-run Not-tested: GitHub release body automation Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
1 parent 0899be8 commit f1465f1

5 files changed

Lines changed: 33 additions & 0 deletions

File tree

AGENTS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ This AGENTS.md is the top-level operating contract for this repository.
2828
- Prefer deletion over addition.
2929
- Reuse existing patterns before introducing new abstractions.
3030
- No new dependencies without explicit request.
31+
- When publishing or bumping a version, update release notes in the same change (`README.md` release notes section and the release body when tagging).
3132
- Keep diffs small, reviewable, and reversible.
3233
- Run lint/typecheck/tests/static analysis after changes.
3334
- Final reports must include: changed files, simplifications made, and remaining risks.

CONTRIBUTING.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,4 @@ npm pack --dry-run
2323
- Keep `main` green (CI passing)
2424
- Prefer trusted publishing (`npm publish --provenance`)
2525
- Use a clean working tree and tag-based releases when possible
26+
- When version changes, update `README.md` release notes in the same PR/commit

README.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,20 @@ npm pack --dry-run
208208

209209
## Release notes
210210

211+
### v5.0.2
212+
213+
- Auto-closes Codex sandbox branches through PR workflow and keeps merged branch/worktree sandboxes for explicit cleanup via `gx cleanup`.
214+
- Runs `gx doctor` repairs from a sandbox when `main` is protected.
215+
- Allows tightly guarded Codex-only commits for `AGENTS.md` / `.gitignore` on protected branches.
216+
- Advanced package version to keep npm publishing unblocked.
217+
218+
### v5.0.0
219+
220+
- Rebranded the CLI to **GuardeX** with `gx`-first command UX.
221+
- Published under scoped package name `@imdeadpool/guardex` to avoid npm name collisions.
222+
- Enforced a repeatable per-message agent branch lifecycle in setup/init flows.
223+
- Added codex-auth-aware sandbox branch naming support.
224+
211225
### v0.4.6
212226

213227
- Added repository metadata (`repository`, `bugs`, `homepage`, `funding`) in package manifest.

templates/AGENTS.multiagent-safety.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
- If merge/rebase conflicts block auto-finish, run a conflict-resolution review pass in that sandbox branch, then rerun `agent-branch-finish.sh --via-pr` until merged.
1919
- Completion is not valid until these are true: commit exists on the agent branch, branch is pushed to `origin`, and PR/merge status is produced by `agent-branch-finish.sh` or `codex-agent`.
2020
- Per-message loop is mandatory: for every new user message/task, start a fresh agent branch/worktree, claim ownership locks, implement and verify, finish via PR/merge cleanup, then repeat for the next message/task.
21+
- If the change publishes or bumps a version, the same change must also update release notes/changelog entries.
2122

2223
1. Explicit ownership before edits
2324

test/metadata.test.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ const path = require('node:path');
55

66
const repoRoot = path.resolve(__dirname, '..');
77
const packageJsonPath = path.join(repoRoot, 'package.json');
8+
const readmePath = path.join(repoRoot, 'README.md');
9+
10+
function escapeRegexLiteral(value) {
11+
return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
12+
}
813

914
test('package manifest includes repository and support metadata', () => {
1015
const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
@@ -26,6 +31,17 @@ test('release workflow publishes with provenance in CI', () => {
2631
assert.match(workflow, /npm publish --provenance --access public/);
2732
});
2833

34+
test('README release notes include current package version', () => {
35+
const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
36+
const readme = fs.readFileSync(readmePath, 'utf8');
37+
const headingPattern = new RegExp(`^###\\s+v${escapeRegexLiteral(pkg.version)}\\b`, 'm');
38+
assert.match(
39+
readme,
40+
headingPattern,
41+
`README release notes must include heading for v${pkg.version}`,
42+
);
43+
});
44+
2945
test('security workflows are present and use pinned GitHub Actions SHAs', () => {
3046
const workflowDir = path.join(repoRoot, '.github', 'workflows');
3147
const expected = ['ci.yml', 'release.yml', 'scorecard.yml', 'codeql.yml'];

0 commit comments

Comments
 (0)