Skip to content

post-audit: close remaining release pipeline and packaging gaps #1340

Description

@JeremyDev87

Summary

A full project-wide audit after the recent fixes found that the repo is in much better shape overall, but there are still a few release-facing gaps that should be closed before calling the release fully hardened.

The remaining work clusters into three areas:

  1. The plugin's validate:commands release guard is not self-contained and may fail depending on the local/CI environment.
  2. The published codingbuddy npm package still includes test artifacts and build metadata from apps/mcp-server/dist.
  3. The /codingbuddy:* migration looks much healthier, but its end-to-end runtime consumption path is still not clearly proven by the local codebase.

Why this matters

These are not broad architecture concerns anymore. They are release-pipeline and packaging issues:

  • a release guard that is not reproducible can silently fail to protect packaging
  • a package tarball that ships tests/metadata increases size and leaks unnecessary files
  • a migration that is documented as complete should either be runtime-proven or explicitly framed as still in progress

Sub-issues

Recommended order

  1. Fix the validate:commands toolchain so the release guard can run reliably in local dev and CI.
  2. Clean the apps/mcp-server npm tarball so it only ships runtime assets.
  3. Either prove the /codingbuddy:* runtime consumption path end-to-end, or adjust messaging and docs to describe it as a migration still in progress.

Release guidance

  • Plugin-only release: likely okay once the validate:commands execution path is fixed.
  • codingbuddy npm package release: should wait until the tarball no longer ships spec files and build metadata.
  • If release messaging strongly claims the slash-command migration is complete, close the runtime-proof issue first or soften the release notes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions