avav25/release
plugin/skills/release/SKILL.md
Use this skill when cutting a release, tagging a version, preparing a changelog, or publishing release notes — to run the release workflow (version bump, changelog generation, signed git tag, release notes) which detects existing release tooling (release-please, semantic-release, Changesets, GoReleaser, cargo-release, JReleaser) and routes to it, otherwise runs an inline stack-detected release.
$ install --global
skillsauthnpx skillsauth add avav25/ai-assets releaseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 4:34 AM25.8s1 file scanned
SKILL.md
- name:
- release
- description:
- Use this skill when cutting a release, tagging a version, preparing a changelog, or publishing release notes — to run the release workflow (version bump, changelog generation, signed git tag, release notes) which detects existing release tooling (release-please, semantic-release, Changesets, GoReleaser, cargo-release, JReleaser) and routes to it, otherwise runs an inline stack-detected release.
- disable-model-invocation:
- true
- argument-hint:
- [version-number] [--prerelease alpha|beta|rc]
Release
Structured workflow for preparing a release. Bumps version, generates changelog, creates a signed git tag, and produces release notes.
0. Gather Context
0a. Detect existing release tooling — route first, build inline second
Release tool detection + per-tool version-bump + changelog commands — see @release-tools-by-stack.
If a tool is detected, run its release command and skip Steps 1–6, then continue at Step 7 (Memory Write). If no tool is detected, continue to Step 0b.
0b. Read project context
Read CLAUDE.md (or AGENTS.md) at the project root to identify:
- Tech stack (determines where version files live: package.json, pom.xml, pyproject.toml, build.gradle)
- Release conventions (semantic versioning, calver, custom)
- CI/CD pipeline (what triggers on tag push)
- Changelog format (CHANGELOG.md, GitHub Releases, both)
1. Determine Release Type
Ask the user (or infer from commits since last release):
- Major (X.0.0): Breaking changes, removed APIs, major architecture shifts
- Minor (x.Y.0): New features, non-breaking API additions
- Patch (x.y.Z): Bug fixes, security patches, dependency updates
// turbo
git describe --tags --abbrev=0 2>/dev/null || echo "No tags found"
// turbo
git log $(git describe --tags --abbrev=0 2>/dev/null || echo "HEAD~20")..HEAD --oneline
2. Analyze Changes
Classify commits since last release:
| Type | Changelog Section |
|---|---|
| feat | Features |
| fix | Bug Fixes |
| perf | Performance |
| refactor | Refactoring |
| docs | Documentation |
| chore/ci | Maintenance |
| BREAKING CHANGE | Breaking Changes |
3. Bump Version
3a. Monorepo / per-package versioning
If .changeset/ directory or pnpm-workspace.yaml / lerna.json / nx.json is present, the repo uses per-package versioning — route to Changesets / Lerna / Nx. See @release-tools-by-stack for per-tool monorepo commands.
3b. Single-package version bump
Update version in the per-stack project file (Node.js package.json, Maven pom.xml, Gradle build.gradle, Python pyproject.toml, .NET *.csproj, Go = git tag only). See @release-tools-by-stack for the full per-stack file table.
4. Generate Changelog
Add entry to CHANGELOG.md (create if not exists):
## [X.Y.Z] - YYYY-MM-DD
### Breaking Changes
- Description (commit ref)
### ✨ Features
- Description (commit ref)
### 🐛 Bug Fixes
- Description (commit ref)
### ⚡ Performance
- Description (commit ref)
### 🔧 Maintenance
- Description (commit ref)
5. Create Release Commit
Present the changes for user review.
After approval, suggest:
git add -A
git commit -m "chore(release): vX.Y.Z"
git tag -s vX.Y.Z -m "Release vX.Y.Z" # -s for GPG-signed tag (recommended)
If the project ships signed artefacts (supply-chain integrity), also generate a SLSA provenance attestation and / or a cosign sign-blob signature for the release artefact in CI.
⚠️ Do NOT run git commands without user confirmation. This workflow explicitly overrides the "no git write ops" Hard Rule — git ops are permitted here only after user APPROVE.
6. Release Notes
Generate release notes for GitHub/GitLab:
# Release vX.Y.Z
## Highlights
[1-3 sentence summary of the most important changes]
## What's Changed
[Changelog content from Step 4]
## Upgrade Guide
[If breaking changes — step-by-step migration instructions]
## Contributors
[List contributors from git log]
7. Memory Write (L4)
Append a release event to .ai-skills-memory/runs.jsonl for cross-session aggregation per memory-discipline.md:
{"ts": "<ISO8601>", "event": "release", "version": "vX.Y.Z", "type": "major|minor|patch", "commit_count": N, "breaking_changes": <bool>}
This enables the memory-curator to surface release cadence patterns and the eval framework to gate behavioral suites against release tags.
8. Next Steps
Suggest post-release actions:
- Push tag:
git push origin vX.Y.Z - Push branch:
git push - Create GitHub Release with release notes
- Deploy to staging:
/deploy-staging - Deploy to production:
/deploy-production - Announce release to team
Integration
- Preceded by:
/code-review(all PRs merged) - Followed by:
/deploy-staging,/deploy-production - Skills:
@humanizerMUST be applied to public-facing release notes per CLAUDE.md humanizer rule - Rules:
git-conventions(Conventional Commits required for changelog classification) - Memory writes: L4
runs.jsonl(release event per Step 7)
Related Skills
avav25/knowledge-sync
development
VerifiedTrustedCommunity
Use this skill when running the recurring (daily) knowledge-base rescan for a repo that already has knowledge/.knowledge-sync.yml — the main-thread dispatcher that reads the config, computes the git delta since last_scanned_sha, maps changed paths to affected doc areas, early-exits cheaply when nothing changed, then fans out one Agent(content-writer) per affected area, applies the propose/direct update policy, advances the baseline only on success, and writes an L4 run log — all with the G1 untrusted-content choke-point, secret-scan, deny-list, and budget controls woven in. For first-time setup use /knowledge-sync-init.
1SKILL.mdUpdated May 24, 2026
avav25/knowledge-sync-init
development
VerifiedTrustedCommunity
Use this skill when bootstrapping scheduled knowledge-base sync for a repo that has no knowledge/.knowledge-sync.yml yet — to run one-time setup that detects the knowledge_root from CLAUDE.md/AGENTS.md, maps doc areas to source globs, records opt-in external sources (Linear/Notion/WebFetch, all disabled by default), captures a baseline last_scanned_sha, sets the per-area update policy, generates or seeds knowledge/CONVENTIONS.md, provisions the L4 memory dir, and offers to register the daily routine. Routes ongoing recurring sync operations to /knowledge-sync.
1SKILL.mdUpdated May 24, 2026
avav25/ai-skills-init
tools
VerifiedTrustedCommunity
Use this skill when bootstrapping a target repository to be ai-skills-aware — on the first run of any ai-skills workflow in a fresh repo, when adopting the ai-skills plugin in an existing repo, or after upgrading to a plugin version that adds new memory paths or templates, including when the user does not say "init" but asks to "set up" or "onboard" the repo — to detect codebase type, create CLAUDE.md + AGENTS.md scaffolding, initialize the .ai-skills-memory/ directory tree from L1 templates, and configure .gitignore. Idempotent — safe to re-run. Accepts `--codebase-type <type>` and `--overwrite`. Not for re-initializing only memory — use `/memory-init` instead.
1SKILL.mdUpdated May 18, 2026
avav25/plugin-author
tools
VerifiedTrustedCommunity
Use this skill when extending, repairing, or improving plugin assets, when ingesting a `/feedback` report as a fix-cycle backlog, or when you do not remember which lower-level command is right for the job — the umbrella workflow for ai-skills plugin-asset authoring and maintenance: creating, auditing, fixing, improving, refactoring, and migrating skills, agents, rules, hooks, prompts, schemas, and rubrics inside the plugin. Auto-classifies the request, loads the right knowledge skills (`@prompt-engineering`, `@context-engineering`, `@team-protocols`), and spawns the right subagents (`prompt-engineer`, `system-architect`, `python-engineer`, `software-engineer`, `qa-engineer`, `eval-judge`) via the `Agent` tool.
1SKILL.mdUpdated May 14, 2026