forked from farhoodlabs/paperclip
Devin Foley
29401b231b
## Thinking Path > - Paperclip is a control plane for autonomous agent companies, so its release automation is part of the core operator trust boundary. > - The affected subsystem is npm/GitHub Actions release publishing for the public monorepo packages. > - The concrete failure was that a newly added package reached `master`, the canary workflow attempted its first publish, and npm trusted publishing was not yet bootstrapped for that package. > - That means the problem is not just one broken run; it is a missing pre-merge guard that lets release-ineligible packages land and only fail once `publish_canary` runs. > - This pull request makes release enrollment explicit, validates that enrollment in CI, and adds a PR-time bootstrap check against npm for changed release-enabled package manifests. > - The result is that we keep trusted publishing, avoid teaching CI to `npm adduser`, and move this class of failure from post-merge canary time to pre-merge review time. ## What Changed - Added `scripts/release-package-manifest.json` so release-managed public packages are explicitly enrolled instead of being inferred from every non-private workspace package. - Hardened `scripts/release-package-map.mjs` to validate the manifest before release workflows rewrite versions or assemble publish payloads. - Added `scripts/check-release-package-bootstrap.mjs` and wired it into `.github/workflows/pr.yml` so PRs that change a release-enabled package manifest fail if that package does not already exist on npm. - Added release-package manifest coverage tests to `scripts/release-package-map.test.mjs` and included them in `pnpm run test:release-registry`. - Wired manifest validation into `.github/workflows/release.yml` and documented the first-publish bootstrap policy in `doc/PUBLISHING.md` and `doc/RELEASE-AUTOMATION-SETUP.md`. ## Verification - `pnpm run test:release-registry` - `./scripts/release.sh canary --skip-verify --dry-run` - Confirmed the committed diff contains no obvious PII/secrets via targeted pattern scan before pushing. ## Risks - Low risk overall: this is CI/release-policy code, not product runtime logic. - The new PR bootstrap check depends on npm metadata availability, so a transient npm outage could block a PR that changes a release-enabled package manifest. - The manifest introduces a new source of truth that must stay aligned with public package additions, but that is intentional and now enforced. ## Model Used - OpenAI Codex via the `codex_local` Paperclip adapter; GPT-5-based coding agent with tool use, terminal execution, git, and GitHub CLI. Exact served model ID/context window are not exposed by the local runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge
93 lines
2.0 KiB
JSON
93 lines
2.0 KiB
JSON
[
|
|
{
|
|
"dir": "packages/adapter-utils",
|
|
"name": "@paperclipai/adapter-utils",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/acpx-local",
|
|
"name": "@paperclipai/adapter-acpx-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/claude-local",
|
|
"name": "@paperclipai/adapter-claude-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/codex-local",
|
|
"name": "@paperclipai/adapter-codex-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/cursor-local",
|
|
"name": "@paperclipai/adapter-cursor-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/gemini-local",
|
|
"name": "@paperclipai/adapter-gemini-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/opencode-local",
|
|
"name": "@paperclipai/adapter-opencode-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/pi-local",
|
|
"name": "@paperclipai/adapter-pi-local",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/adapters/openclaw-gateway",
|
|
"name": "@paperclipai/adapter-openclaw-gateway",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/shared",
|
|
"name": "@paperclipai/shared",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/db",
|
|
"name": "@paperclipai/db",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/plugins/sdk",
|
|
"name": "@paperclipai/plugin-sdk",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "server",
|
|
"name": "@paperclipai/server",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "cli",
|
|
"name": "paperclipai",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/mcp-server",
|
|
"name": "@paperclipai/mcp-server",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/plugins/create-paperclip-plugin",
|
|
"name": "@paperclipai/create-paperclip-plugin",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "packages/plugins/sandbox-providers/e2b",
|
|
"name": "@paperclipai/plugin-e2b",
|
|
"publishFromCi": true
|
|
},
|
|
{
|
|
"dir": "ui",
|
|
"name": "@paperclipai/ui",
|
|
"publishFromCi": true
|
|
}
|
|
]
|