fix: harden release surface version and packaging sync#1388
Conversation
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
📝 WalkthroughWalkthroughThis PR centralizes and enforces repository versioning: it adds a plugin Changes
Sequence Diagram(s)sequenceDiagram
participant Tag as Git Tag (vX.Y.Z)
participant GH as GitHub Actions
participant Tests as Node Tests
participant Script as scripts/release.sh
participant Pack as npm / OpenCode pack
participant Repo as Repo Files
Tag->>GH: trigger release workflow with tag
GH->>GH: strip "v", compare to package.json.version
GH->>Tests: run plugin-manifest.test.js
Tests->>Repo: read package.json, locks, manifests, docs
Tests-->>GH: pass/fail
GH->>Script: invoke release.sh
Script->>Repo: update version fields across files
Script->>Pack: run build/opencode verification
Pack-->>Script: pack results
Script->>GH: commit & create release
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0f1106c21b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| new RegExp(`^\\| \\*\\*${label}\\*\\* \\| Plugin \\| Plugin \\| Reference config \\| [0-9][0-9.]* \\|$`, "m"), | ||
| `| **${label}** | Plugin | Plugin | Reference config | ${version} |` |
There was a problem hiding this comment.
Match zh-CN README columns in release row updater
scripts/release.sh now aborts every version bump because update_readme_version_row hardcodes the English table columns (Plugin | Plugin | Reference config) while it is called for docs/zh-CN/README.md, whose version row uses Chinese columns (插件 | 插件 | 参考配置). In this commit state, running bash scripts/release.sh 1.10.1 fails immediately with could not update README version row in docs/zh-CN/README.md, so the release automation cannot create a tag/commit.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
tests/plugin-manifest.test.js (1)
96-101: Version regex captures trailing dots - consider tightening.The regex
/^\*\*Version:\*\* ([0-9][0-9.]*)$/mwould match malformed versions like1.2.or1..2. While unlikely to occur in practice, consider using a stricter semver pattern like([0-9]+\.[0-9]+\.[0-9]+)for consistency with the release script's validation.♻️ Stricter semver pattern (optional)
- const match = agentsSource.match(/^\*\*Version:\*\* ([0-9][0-9.]*)$/m); + const match = agentsSource.match(/^\*\*Version:\*\* ([0-9]+\.[0-9]+\.[0-9]+)$/m);Apply similarly to other version-matching regexes if desired.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/plugin-manifest.test.js` around lines 96 - 101, The version regex in the test 'AGENTS.md version line matches package.json' is too permissive and can capture trailing dots; update the pattern used where agentsSource.match(...) is called to a stricter semver regex (e.g. require MAJOR.MINOR.PATCH like ([0-9]+\.[0-9]+\.[0-9]+)) so match[1] only contains a valid semantic version; adjust the regex literal used in that match invocation and keep the rest of the assertion using expectedVersion and match unchanged.tests/scripts/release.test.js (1)
37-47: Consider indexOf limitation for command ordering validation.Using
indexOffinds only the first occurrence of each pattern. Ifrelease.shcontains multiple invocations ofnode tests/plugin-manifest.test.jsor the commit command, the ordering check could pass incorrectly. This is currently acceptable since the script structure is controlled, but worth noting if the script grows more complex.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/scripts/release.test.js` around lines 37 - 47, The test uses source.indexOf to locate the plugin-manifest and commit commands (syncCheckIndex and commitIndex), which only finds the first occurrence and can give a false ordering if commands repeat; change the search so you compare the last occurrence of the plugin-manifest run to the first occurrence of the commit (e.g., set syncCheckIndex = source.lastIndexOf('node tests/plugin-manifest.test.js') and keep commitIndex = source.indexOf('git commit -m "chore: bump plugin version to $VERSION"')) and then keep the same assertions in the test 'release script reruns release metadata sync validation before commit/tag' to ensure any preceding sync appears before the commit.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/tr/README.md`:
- Line 85: The Turkish release bullet contains the misspelling "operator
skill'leri"; locate the bullet text that includes "operator skill'leri" (the
line mentioning brand-voice, social-graph-ranker, customer-billing-ops,
google-workspace-ops) and replace "operator skill'leri" with the correct Turkish
spelling "operatör skill'leri".
---
Nitpick comments:
In `@tests/plugin-manifest.test.js`:
- Around line 96-101: The version regex in the test 'AGENTS.md version line
matches package.json' is too permissive and can capture trailing dots; update
the pattern used where agentsSource.match(...) is called to a stricter semver
regex (e.g. require MAJOR.MINOR.PATCH like ([0-9]+\.[0-9]+\.[0-9]+)) so match[1]
only contains a valid semantic version; adjust the regex literal used in that
match invocation and keep the rest of the assertion using expectedVersion and
match unchanged.
In `@tests/scripts/release.test.js`:
- Around line 37-47: The test uses source.indexOf to locate the plugin-manifest
and commit commands (syncCheckIndex and commitIndex), which only finds the first
occurrence and can give a false ordering if commands repeat; change the search
so you compare the last occurrence of the plugin-manifest run to the first
occurrence of the commit (e.g., set syncCheckIndex = source.lastIndexOf('node
tests/plugin-manifest.test.js') and keep commitIndex = source.indexOf('git
commit -m "chore: bump plugin version to $VERSION"')) and then keep the same
assertions in the test 'release script reruns release metadata sync validation
before commit/tag' to ensure any preceding sync appears before the commit.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bbc36d57-2818-4b1f-8409-eec4a40eedc3
📒 Files selected for processing (13)
.agents/plugins/marketplace.json.github/workflows/release.yml.github/workflows/reusable-release.ymlREADME.zh-CN.mddocs/pt-BR/README.mddocs/tr/README.mdpackage.jsonscripts/release.shtests/lib/install-state.test.jstests/lib/resolve-ecc-root.test.jstests/plugin-manifest.test.jstests/scripts/build-opencode.test.jstests/scripts/release.test.js
There was a problem hiding this comment.
3 issues found across 13 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="scripts/release.sh">
<violation number="1" location="scripts/release.sh:94">
P2: Silent skip when `lock.packages[""]` is missing creates the same version drift this PR is trying to prevent. Every other update function in this script fails explicitly on a structural mismatch. Add an explicit error/exit here for consistency.</violation>
<violation number="2" location="scripts/release.sh:111">
P1: `update_readme_version_row` hardcodes English column headers (`Plugin | Plugin | Reference config`) in the regex, but the zh-CN README uses Chinese columns (`插件 | 插件 | 参考配置`). The call `update_readme_version_row "$ZH_CN_README_FILE" "版本"` will always fail because the regex never matches, aborting every release. The column names need to be parameterized (like `label` already is) or the function needs a separate regex path for localized READMEs.</violation>
</file>
<file name="tests/scripts/release.test.js">
<violation number="1" location="tests/scripts/release.test.js:50">
P2: Anchor the ordering check on the last version-update step, not the first one, so the test catches validation running before any later surface updates.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
Greptile SummaryThis PR hardens the release surface by aligning all versioned metadata files with
Confidence Score: 3/5Not safe to merge as-is — the release script will fail at runtime on every new version bump due to wrong process.argv indices. One P1 defect: all six new scripts/release.sh — all six new node -e helpers need process.argv indices shifted up by one (argv[1]→[2], argv[2]→[3], etc.) Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Developer pre-commits release notes\nto localized READMEs] --> B[git commit – clean tree required]
B --> C[./scripts/release.sh VERSION]
C --> D{Working tree clean?}
D -- No --> E[Abort]
D -- Yes --> F[Verify all manifest files exist]
F --> G[update_version package.json]
G --> H[update_package_lock_version ❌ argv off-by-one]
H --> I[update_agents_version ❌ argv off-by-one]
I --> J[update_agent_yaml_version ❌ argv off-by-one]
J --> K[update_readme_version_row ❌ argv off-by-one]
K --> L[update_selective_install_repo_version ❌ argv off-by-one]
L --> M[node scripts/build-opencode.js]
M --> N[node tests/scripts/build-opencode.test.js]
N --> O[node tests/plugin-manifest.test.js]
O --> P{All pass?}
P -- Yes --> Q[git add + commit + tag + push]
P -- No --> R[Fix and retry]
Reviews (3): Last reviewed commit: "fix: make npm pack test shell-safe on wi..." | Re-trigger Greptile |
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
scripts/hooks/session-activity-tracker.js (1)
400-407: Replace magic number at Line 407 with a named constantUsing
.slice(0, 6)directly makes tuning harder and hides intent.♻️ Proposed refactor
function patchPreviewFromGitDiff(repoRoot, pathCandidates) { + const MAX_RELEVANT_PATCH_LINES = 6; for (const candidate of pathCandidates) { @@ - .slice(0, 6); + .slice(0, MAX_RELEVANT_PATCH_LINES);As per coding guidelines, "Do not use hardcoded values; use constants or configuration instead".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/hooks/session-activity-tracker.js` around lines 400 - 407, Replace the magic number in the slice call by introducing a named constant (e.g., MAX_RELEVANT_LINES or MAX_PATCH_LINES) and use it in the expression that creates `relevant`; specifically change the `.slice(0, 6)` in the `relevant = patch.split(...).filter(...).slice(0, 6)` pipeline to `.slice(0, MAX_RELEVANT_LINES)` and define the constant near the top of the file or module so it’s easy to tune and documents intent.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/hooks/session-activity-tracker.js`:
- Around line 362-388: candidateGitPaths can miss repo-root-relative paths
because it always resolves non-absolute filePath against process.cwd(); instead,
when filePath is not absolute, try resolving it relative to the provided
repoRoot (resolvedRepoRoot) first and only fallback to process.cwd() if that
result is outside the repo or doesn't exist. Update candidateGitPaths to: when
filePath is relative, compute absolute paths by resolving against
resolvedRepoRoot and also (optionally) against process.cwd(), then compute
relative = path.relative(resolvedRepoRoot, absolute) from the repo-root-resolved
absolute; keep the existing de-dup and pushCandidate logic but ensure both
repo-root-relative and cwd-relative resolutions are considered so
repo-root-relative inputs are not missed.
---
Nitpick comments:
In `@scripts/hooks/session-activity-tracker.js`:
- Around line 400-407: Replace the magic number in the slice call by introducing
a named constant (e.g., MAX_RELEVANT_LINES or MAX_PATCH_LINES) and use it in the
expression that creates `relevant`; specifically change the `.slice(0, 6)` in
the `relevant = patch.split(...).filter(...).slice(0, 6)` pipeline to `.slice(0,
MAX_RELEVANT_LINES)` and define the constant near the top of the file or module
so it’s easy to tune and documents intent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 10bee0a2-10fa-4aec-85ec-721ed5c0111b
📒 Files selected for processing (2)
scripts/hooks/session-activity-tracker.jstests/scripts/build-opencode.test.js
🚧 Files skipped from review as they are similar to previous changes (1)
- tests/scripts/build-opencode.test.js
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
scripts/release.sh (1)
58-58: Consolidate the release-surface file list to avoid future drift.The same long manifest list is duplicated for existence checks and staging. Keep one array and reuse it in both places.
♻️ Suggested refactor
+VERSIONED_FILES=( + "$ROOT_PACKAGE_JSON" "$PACKAGE_LOCK_JSON" "$ROOT_AGENTS_MD" "$TR_AGENTS_MD" "$ZH_CN_AGENTS_MD" + "$AGENT_YAML" "$VERSION_FILE" "$PLUGIN_JSON" "$MARKETPLACE_JSON" "$CODEX_MARKETPLACE_JSON" + "$CODEX_PLUGIN_JSON" "$OPENCODE_PACKAGE_JSON" "$OPENCODE_PACKAGE_LOCK_JSON" + "$README_FILE" "$ZH_CN_README_FILE" "$SELECTIVE_INSTALL_ARCHITECTURE_DOC" +) @@ -for FILE in "$ROOT_PACKAGE_JSON" "$PACKAGE_LOCK_JSON" "$ROOT_AGENTS_MD" "$TR_AGENTS_MD" "$ZH_CN_AGENTS_MD" "$AGENT_YAML" "$VERSION_FILE" "$PLUGIN_JSON" "$MARKETPLACE_JSON" "$CODEX_MARKETPLACE_JSON" "$CODEX_PLUGIN_JSON" "$OPENCODE_PACKAGE_JSON" "$OPENCODE_PACKAGE_LOCK_JSON" "$README_FILE" "$ZH_CN_README_FILE" "$SELECTIVE_INSTALL_ARCHITECTURE_DOC"; do +for FILE in "${VERSIONED_FILES[@]}"; do @@ -git add "$ROOT_PACKAGE_JSON" "$PACKAGE_LOCK_JSON" "$ROOT_AGENTS_MD" "$TR_AGENTS_MD" "$ZH_CN_AGENTS_MD" "$AGENT_YAML" "$VERSION_FILE" "$PLUGIN_JSON" "$MARKETPLACE_JSON" "$CODEX_MARKETPLACE_JSON" "$CODEX_PLUGIN_JSON" "$OPENCODE_PACKAGE_JSON" "$OPENCODE_PACKAGE_LOCK_JSON" "$README_FILE" "$ZH_CN_README_FILE" "$SELECTIVE_INSTALL_ARCHITECTURE_DOC" +git add "${VERSIONED_FILES[@]}"Also applies to: 246-246
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/release.sh` at line 58, Create a single shared array (e.g., FILES) that contains the current long manifest entries (ROOT_PACKAGE_JSON, PACKAGE_LOCK_JSON, ROOT_AGENTS_MD, TR_AGENTS_MD, ZH_CN_AGENTS_MD, AGENT_YAML, VERSION_FILE, PLUGIN_JSON, MARKETPLACE_JSON, CODEX_MARKETPLACE_JSON, CODEX_PLUGIN_JSON, OPENCODE_PACKAGE_JSON, OPENCODE_PACKAGE_LOCK_JSON, README_FILE, ZH_CN_README_FILE, SELECTIVE_INSTALL_ARCHITECTURE_DOC) and replace all hard‑coded for loops and checks that iterate those variables (the loop using "for FILE in \"$ROOT_PACKAGE_JSON\" \"$PACKAGE_LOCK_JSON\" ..."; and the other occurrence around line 246) to iterate over "${FILES[@]}" instead so a single source of truth is reused for both existence checks and staging.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/release.sh`:
- Line 229: Replace the GNU sed in update_version call that edits
MARKETPLACE_JSON with a JSON-based update like the existing Node.js routines:
stop using the macOS-incompatible sed address syntax ("0,/regex/") and instead
parse .claude-plugin/marketplace.json, update the "version" property to VERSION,
and write it back; reuse the same approach used by update_package_lock_version()
or update_codex_marketplace_version() to locate MARKETPLACE_JSON
(MARKETPLACE_JSON variable) and perform a safe JSON read/modify/write so the
script works on macOS/BSD and Linux.
---
Nitpick comments:
In `@scripts/release.sh`:
- Line 58: Create a single shared array (e.g., FILES) that contains the current
long manifest entries (ROOT_PACKAGE_JSON, PACKAGE_LOCK_JSON, ROOT_AGENTS_MD,
TR_AGENTS_MD, ZH_CN_AGENTS_MD, AGENT_YAML, VERSION_FILE, PLUGIN_JSON,
MARKETPLACE_JSON, CODEX_MARKETPLACE_JSON, CODEX_PLUGIN_JSON,
OPENCODE_PACKAGE_JSON, OPENCODE_PACKAGE_LOCK_JSON, README_FILE,
ZH_CN_README_FILE, SELECTIVE_INSTALL_ARCHITECTURE_DOC) and replace all
hard‑coded for loops and checks that iterate those variables (the loop using
"for FILE in \"$ROOT_PACKAGE_JSON\" \"$PACKAGE_LOCK_JSON\" ..."; and the other
occurrence around line 246) to iterate over "${FILES[@]}" instead so a single
source of truth is reused for both existence checks and staging.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b0101aba-982e-4d25-90a2-c43a3e6d84ad
📒 Files selected for processing (4)
docs/tr/README.mdscripts/release.shtests/plugin-manifest.test.jstests/scripts/release.test.js
✅ Files skipped from review due to trivial changes (1)
- docs/tr/README.md
🚧 Files skipped from review as they are similar to previous changes (2)
- tests/scripts/release.test.js
- tests/plugin-manifest.test.js
| update_agent_yaml_version | ||
| update_version_file | ||
| update_version "$PLUGIN_JSON" "s|\"version\": *\"[^\"]*\"|\"version\": \"$VERSION\"|" | ||
| update_version "$MARKETPLACE_JSON" "0,/\"version\": *\"[^\"]*\"/s|\"version\": *\"[^\"]*\"|\"version\": \"$VERSION\"|" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
tmp="$(mktemp)"
cat > "$tmp" <<'JSON'
{"version":"1.0.0","plugins":[{"name":"ecc","version":"1.0.0"}]}
JSON
# Verifies whether local sed supports GNU-style 0,/regex/ addressing.
if sed '0,/"version": *"[^"]*"/s|"version": *"[^"]*"|"version": "2.0.0"|' "$tmp" >/dev/null 2>&1; then
echo "sed supports 0,/regex/ on this machine"
else
echo "sed does NOT support 0,/regex/ on this machine"
fiRepository: affaan-m/everything-claude-code
Length of output: 113
🏁 Script executed:
# Check if scripts/release.sh exists and its size
wc -l scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 97
🏁 Script executed:
# Read the scripts/release.sh file, particularly around line 229
sed -n '1,50p' scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 1467
🏁 Script executed:
# Check for macOS-specific branching mentioned in scratchpad
grep -n "macos\|darwin\|uname\|system" scripts/release.sh -iRepository: affaan-m/everything-claude-code
Length of output: 117
🏁 Script executed:
# Get context around line 229
sed -n '220,240p' scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 1339
🏁 Script executed:
# Check if JSON files are being updated and how
grep -n "update_version\|json" scripts/release.sh -i | head -20Repository: affaan-m/everything-claude-code
Length of output: 1495
🏁 Script executed:
# Read the update_version function and surrounding context
sed -n '70,110p' scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 1294
🏁 Script executed:
# Check the macOS branching section
sed -n '76,85p' scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 266
🏁 Script executed:
# Search for GNU-specific sed patterns (0,/regex/)
grep -n "0,/" scripts/release.shRepository: affaan-m/everything-claude-code
Length of output: 197
🏁 Script executed:
# Check for CI configuration that tests macOS
fd -t f "\.yml\|\.yaml\|\.github" | head -20Repository: affaan-m/everything-claude-code
Length of output: 57
🏁 Script executed:
# Check for any platform or macOS documentation
rg -i "macos|darwin|platform|support" README.mdRepository: affaan-m/everything-claude-code
Length of output: 3062
Use a JSON updater for .claude-plugin/marketplace.json; sed 0,/regex/ syntax breaks on macOS.
Line 229 uses GNU-specific sed address syntax (0,/regex/) which fails on macOS/BSD sed. This breaks releases on macOS despite documented cross-platform support ("All hooks and scripts have been rewritten in Node.js for maximum compatibility"). The codebase already uses Node.js JSON parsing for similar updates (update_package_lock_version(), update_codex_marketplace_version()), so a JSON-based approach is consistent and portable:
Proposed fix
+update_claude_marketplace_version() {
+ node -e '
+ const fs = require("fs");
+ const file = process.argv[1];
+ const version = process.argv[2];
+ const marketplace = JSON.parse(fs.readFileSync(file, "utf8"));
+ if (!marketplace || typeof marketplace !== "object" || Array.isArray(marketplace)) {
+ console.error(`Error: ${file} does not contain a marketplace object`);
+ process.exit(1);
+ }
+ marketplace.version = version;
+ fs.writeFileSync(file, `${JSON.stringify(marketplace, null, 2)}\n`);
+ ' "$MARKETPLACE_JSON" "$VERSION"
+}
-update_version "$MARKETPLACE_JSON" "0,/\"version\": *\"[^\"]*\"/s|\"version\": *\"[^\"]*\"|\"version\": \"$VERSION\"|"
+update_claude_marketplace_version🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@scripts/release.sh` at line 229, Replace the GNU sed in update_version call
that edits MARKETPLACE_JSON with a JSON-based update like the existing Node.js
routines: stop using the macOS-incompatible sed address syntax ("0,/regex/") and
instead parse .claude-plugin/marketplace.json, update the "version" property to
VERSION, and write it back; reuse the same approach used by
update_package_lock_version() or update_codex_marketplace_version() to locate
MARKETPLACE_JSON (MARKETPLACE_JSON variable) and perform a safe JSON
read/modify/write so the script works on macOS/BSD and Linux.
There was a problem hiding this comment.
1 issue found across 7 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="scripts/hooks/session-activity-tracker.js">
<violation number="1" location="scripts/hooks/session-activity-tracker.js:378">
P1: Relative paths can resolve to the wrong file because repo-root resolution is tried before cwd resolution, causing incorrect tracked status and patch previews in nested working directories.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
| path.resolve(resolvedRepoRoot, filePath), | ||
| path.resolve(process.cwd(), filePath), |
There was a problem hiding this comment.
P1: Relative paths can resolve to the wrong file because repo-root resolution is tried before cwd resolution, causing incorrect tracked status and patch previews in nested working directories.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/hooks/session-activity-tracker.js, line 378:
<comment>Relative paths can resolve to the wrong file because repo-root resolution is tried before cwd resolution, causing incorrect tracked status and patch previews in nested working directories.</comment>
<file context>
@@ -359,44 +359,72 @@ function gitRepoRoot(cwd) {
+ const absoluteCandidates = path.isAbsolute(filePath)
+ ? [path.resolve(filePath)]
+ : [
+ path.resolve(resolvedRepoRoot, filePath),
+ path.resolve(process.cwd(), filePath),
+ ];
</file context>
| path.resolve(resolvedRepoRoot, filePath), | |
| path.resolve(process.cwd(), filePath), | |
| path.resolve(process.cwd(), filePath), | |
| path.resolve(resolvedRepoRoot, filePath), |
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
* fix: keep ecc release surfaces version-synced * fix: keep lockfile release version in sync * fix: remove release version drift from locks and tests * fix: keep root release metadata version-synced * fix: keep codex marketplace metadata version-synced * fix: gate release workflows on full metadata sync * fix: ship all versioned release metadata * fix: harden manual release path * fix: keep localized release docs version-synced * fix: sync install architecture version examples * test: cover shipped plugin metadata in npm pack * fix: verify final npm payload in release script * fix: ship opencode lockfile in npm package * docs: sync localized release highlights * fix: stabilize windows ci portability * fix: tighten release script version sync * fix: prefer repo-relative hook file paths * fix: make npm pack test shell-safe on windows
Summary
package.jsonscripts/release.sharound full metadata and tarball validationWhy
The repo had multiple real release drift classes: versioned manifests not updated together, release checks that only covered part of the shipped surface, and package artifacts that could diverge from the metadata we advertise.
Validation
Summary by cubic
Hardened release versioning and packaging so every shipped surface stays synced with
package.json, with CI/release gates to block drift. The session activity tracker now prefers repo‑relative paths and nested CWDs for reliable patch previews.package.jsonand run the release‑surface sync check (tests/plugin-manifest.test.js) in bothrelease.ymlandreusable-release.yml.scripts/release.sh: clean tree check includes untracked; bumps versions across lockfiles, manifests,AGENTS.md(tr/zh‑CN),agent.yaml,VERSION, Codex/Claude marketplace, README version rows, and selective‑install docs; re‑verifies OpenCode build,npm packpayload, and metadata sync before commit/tag..opencode/package-lock.json,agent.yaml,.claude-plugin/marketplace.json,.agents/plugins/marketplace.json, andVERSION; pack test is shell‑safe on Windows.tests/scripts/release.test.js; expandedtests/plugin-manifest.test.jsto validate versions across locks, manifests, localized READMEs, selective‑installrepoVersion, andAGENTS.md; improved Windows portability inbuild-opencode.test.js.Written for commit c2e8e9d. Summary will update on new commits.
Summary by CodeRabbit
New Features
Documentation
Chores
Tests
Bug Fixes