mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-14 01:50:39 +09:00
a0f5cbffd7
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Paperclip is distributed as npm packages, including plugins like `plugin-e2b` > - The release process publishes canary and stable builds via npm dist-tags > - But there was no automated verification that published packages actually landed with the correct dist-tags, and broken canary publishes could silently ship to users > - This PR adds a registry verification script that checks published packages match their expected dist-tags, and wires it into PR CI so regressions are caught before merge > - The benefit is release integrity is verified automatically, and broken dist-tag states are caught early ## What Changed - Added `scripts/verify-release-registry-state.mjs` — verifies that published npm packages have correct dist-tag assignments and detects orphaned or mispointed tags - Added `scripts/verify-release-registry-state.test.mjs` — test coverage for the verification logic - Updated `scripts/release.sh` to include canary dist-tag safety checks before publishing - Updated `.github/workflows/pr.yml` to run registry verification as a CI step - Updated `doc/PUBLISHING.md` and `doc/RELEASING.md` with the new verification workflow ## Verification - `pnpm test` — all tests pass including new verification script tests - `node scripts/verify-release-registry-state.mjs` — runs against the live npm registry and reports current state - CI: the new PR workflow step runs on every PR push ## Risks - Low risk. This is additive CI and tooling — no runtime code changes. The registry verification is read-only (queries npm, does not publish). The release script changes add safety checks that abort before publishing if state is unexpected. ## Model Used Codex GPT 5.4 high via Paperclip. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge |
||
|---|---|---|
| .. | ||
| smoke | ||
| backfill-issue-reference-mentions.ts | ||
| backup-db.sh | ||
| build-npm.sh | ||
| build-standalone-public-packages.mjs | ||
| check-docker-deps-stage.mjs | ||
| check-forbidden-tokens.mjs | ||
| clean-onboard-git.sh | ||
| clean-onboard-npm.sh | ||
| clean-onboard-ref.sh | ||
| create-github-release.sh | ||
| dev-runner-output.mjs | ||
| dev-runner-output.ts | ||
| dev-runner-paths.mjs | ||
| dev-runner.mjs | ||
| dev-runner.ts | ||
| dev-service-profile.ts | ||
| dev-service.ts | ||
| discord-daily-digest.sh | ||
| docker-build-test.sh | ||
| docker-entrypoint.sh | ||
| docker-onboard-smoke.sh | ||
| ensure-plugin-build-deps.mjs | ||
| ensure-workspace-package-links.ts | ||
| generate-company-assets.ts | ||
| generate-npm-package-json.mjs | ||
| generate-org-chart-images.ts | ||
| generate-org-chart-satori-comparison.ts | ||
| generate-plugin-package-json.mjs | ||
| generate-ui-package-json.mjs | ||
| kill-agent-browsers.sh | ||
| kill-dev.sh | ||
| kill-vitest.sh | ||
| link-plugin-dev-sdk.mjs | ||
| migrate-inline-env-secrets.ts | ||
| paperclip-commit-metrics.ts | ||
| paperclip-issue-update.sh | ||
| prepare-server-ui-dist.sh | ||
| provision-worktree.sh | ||
| release-lib.sh | ||
| release-package-map.mjs | ||
| release.sh | ||
| rollback-latest.sh | ||
| run-vitest-stable.mjs | ||
| screenshot-pap2373.mjs | ||
| screenshot-subissues.mjs | ||
| screenshot.cjs | ||
| verify-release-registry-state.mjs | ||
| verify-release-registry-state.test.mjs | ||