Release Checklist
Reference this document when preparing a release.
Overview
Release Checklist
Reference this document when preparing a release.
Quick Reference: checklists/release.md - condensed version with just the file updates.
Automated Release (Recommended)
Releases are automated via GitHub Actions. The workflow handles:
- Version validation across all files
- Running tests
- Publishing to npm with provenance
- Creating GitHub release with changelog
Option 1: Tag Push (Recommended)
# 1. Prepare release (update versions, changelog, README)
# 2. Commit changes
git add -A && git commit -m "chore: release vX.Y.Z"
# 3. Create and push tag
git tag vX.Y.Z
git push origin main --tags
The workflow triggers automatically on tag push.
Pre-release Channels (rc / beta)
Use pre-release tags to publish to npm without moving latest. The tag must point to a commit where all version fields have already been bumped to the prerelease version (e.g., X.Y.Z-rc.N).
git tag vX.Y.Z-rc.1
git tag vX.Y.Z-beta.1
git push origin main --tags
Behavior:
-rc.*publishes to npm tagrcand creates a prerelease on GitHub.-beta.*publishes to npm tagbetaand creates a prerelease on GitHub.- Stable tags (
vX.Y.Z) publish to npmlatest.
Option 2: Manual Dispatch
- Go to Actions → Release workflow
- Click Run workflow
- Optionally enter version (or leave empty to use package.json)
- Enable dry_run to test without publishing
Pre-Release Checklist
Before creating a tag:
- All tests pass (
npm test) - No uncommitted changes
- CHANGELOG.md updated with new version entry
- Version bumped with
npx agentsys-dev bump X.Y.Z(auto-updates 15+ files) - README.md "What's New" section updated
Version Management
Version bumping is fully automated. package.json is the single source of truth:
# Single command updates ALL 15+ version locations
npx agentsys-dev bump X.Y.Z
# Or: npm version X.Y.Z --no-git-tag-version
Updated automatically by stamp-version.js:
package.jsonandpackage-lock.json.claude-plugin/plugin.jsonand.claude-plugin/marketplace.json- All
plugins/*/.claude-plugin/plugin.json(11 plugins) site/content.jsonmeta.version
Manual updates still required:
README.md- Version badge and "What's New" sectionCHANGELOG.md- New entry at top
Verify versions:
npx agentsys-dev validate consistency
Version Types
- Patch (x.x.X): Bug fixes, security patches, docs updates
- Minor (x.X.0): New features, non-breaking changes
- Major (X.0.0): Breaking changes, API changes
- RC/Beta (x.y.z-rc.N / x.y.z-beta.N): Pre-release validation before stable
CHANGELOG Entry
Add entry before bumping version numbers.
Format (Keep a Changelog):
## [X.Y.Z] - YYYY-MM-DD
### Added
- **Feature Name** - Description (#PR)
### Changed
- **Component** - What changed (#PR)
### Fixed
- **Bug Name** - What was fixed (#PR)
### Performance
- **Optimization** - What improved (#PR)
### Security
- **Vulnerability** - What was patched (#PR)
Guidelines:
- Group changes under:
Added,Changed,Fixed,Removed,Performance,Security - Reference PR/issue numbers
- Write user-facing descriptions (what changed for plugin users)
- List breaking changes prominently
GitHub Actions Setup
Required Secrets
| Secret | Description |
|---|---|
NPM_TOKEN | npm automation token with publish access |
Creating NPM_TOKEN
- Go to npmjs.com → Access Tokens
- Generate new token → Automation (for CI/CD)
- Copy token
- In GitHub repo: Settings → Secrets → Actions → New repository secret
- Name:
NPM_TOKEN, Value: paste token
Environment Protection (Optional)
For additional security, create an "npm" environment:
- Settings → Environments → New environment →
npm - Add protection rules:
- Required reviewers (optional)
- Deployment branches:
mainonly
- Add
NPM_TOKENsecret to this environment
npm Provenance
The release workflow publishes with --provenance, which:
- Links the npm package to the exact GitHub commit
- Shows a verified badge on npmjs.com
- Provides supply chain transparency
Provenance requires:
id-token: writepermission (configured in workflow)- Publishing from GitHub Actions (not locally)
Post-Release Verification
The workflow provides a summary, but you can also verify manually:
- npm package published:
npm view agentsys version - GitHub release created: check Releases page
- Provenance visible on npm package page
- Claude Code can install:
claude plugin add npm:agentsys
Troubleshooting
Version mismatch error
The workflow validates all version numbers match. If it fails:
grep -r '"version"' package.json .claude-plugin/ plugins/*/.claude-plugin/
Update any mismatched files.
npm publish fails
- Verify
NPM_TOKENsecret is set and valid - Check npm account has publish access to
agentsys - For scoped packages, ensure
--access publicis set
Tag already exists
If re-releasing the same version:
git tag -d vX.Y.Z # delete local
git push origin :vX.Y.Z # delete remote
git tag vX.Y.Z # recreate
git push origin --tags # push