Adopt persist repo practices: release, CI, .agents#187
Conversation
Release: npm trusted publishing (OIDC, no NPM_TOKEN) + Sigstore provenance. CI: least-priv perms, SHA-pinned checkout + persist-credentials:false, check-pack job, audit blocks on high/critical, dependabot. Tooling: check:pack (attw+publint), :changes scripts, coverage threshold, AGENTS.md stub. .agents: adopt persist thin-rule + skill-decomposition format — slim 5 rules, split 4 monolith skills, add 10 new skills, merge preserve/concise into authoring-discipline, add architecture-priming.
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
diagnose: fold persist's per-phase "Done when" completion criteria into codemap's stronger skill (one skill, no duplicate). teach: new multi-session learning workspace skill (SKILL + 4 format siblings), adapted for codemap domain; wired into AGENTS.md + ask-agents router. improve-codebase-architecture/REFERENCE: drop stale "(same caveats as persist's REFERENCE)" adoption leftover.
Summary
Adopts practices audited from the sibling
persistrepo across three surfaces.Release — npm trusted publishing (GitHub OIDC, no
NPM_TOKEN):release.ymlgetsid-token: write,releaseenvironment, Node 24 + npm ≥11 for OIDC detection, pinnedchangesets/action;publishConfig.provenance: true;docs/packaging.md+.changeset/README.mdupdated.CI / tooling —
ci.yml: top-levelpermissions: contents: read, SHA-pinnedactions/checkout+persist-credentials: false, newcheck-packjob (attw + publint),auditpromoted to block on high/critical and wired intoci-complete;.github/dependabot.yml(npm + github-actions weekly);AGENTS.mdcross-tool stub;check:pack(attw + publint),:changesscripts +scripts/run-on-changed-files.ts,sideEffects: false,packageManager, coverage threshold (0.75);prepublishOnlychainscheck && check:pack..agents/— adopt persist's thin-rule + skill-decomposition format: slim 5 rules to priming pointers (agents-tier-system,tracer-bullets,verify-after-each-step,docs-governance,agents-first-convention), split 4 monolith skills into slim SKILL + sibling (harden-pr→WORKFLOW,docs-governance→LIFECYCLE,docs-lifecycle-sweep→WORKFLOW,pr-comment-fact-check→WORKFLOW), mergepreserve-comments+concise-commentsintoauthoring-discipline(+PROSE.md), addarchitecture-primingrule, add 10 new skills (agents-tier-system,ask-agents,authoring-discipline,domain-modeling,grill-with-docs,grilling,tdd,tracer-bullets,verify-after-each-step,writing-agents-config,writing-great-skills), restructuregrill-me+write-a-skill+improve-codebase-architecture(+REFERENCE.md). No persist-domain leakage; all codemap-specific substance preserved.Test plan
bun run check:pack(attw 🟢, publint clean)bun run test:coverage— 1857 pass, 0.75 threshold holdsbun run typecheck,bun run lint:ci,bun run format:check— clean.cursor/rules+.cursor/skillssymlinks resolve; no broken linksdocs/README.mdRules 1–10 pointer preservedreleaseenvironment + npm trusted-publisher binding for@stainless-code/codemap(workflowrelease.yml, envrelease); removeNPM_TOKENsecret after first OIDC publishbun auditfindings (promoted to hard gate)