microboxlabs/tag-release
.agents/skills/tag-release/SKILL.md
Tag and release a monorepo package following the project's scoped-tag convention. Use when the user wants to publish a new version of a package, create a release tag, or bump a package version.
$ install --global
skillsauthnpx skillsauth add microboxlabs/modulariot tag-releaseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 8, 2026, 2:22 AM10.6s1 file scanned
SKILL.md
- name:
- tag-release
- description:
- Tag and release a monorepo package following the project's scoped-tag convention. Use when the user wants to publish a new version of a package, create a release tag, or bump a package version.
Tag & Release
Create versioned releases for packages in this monorepo using scoped tags that trigger CI/CD pipelines.
When to Use
Use this skill when the user wants to:
- Release a new version of a package
- Create a git tag for a package
- Bump a package version and publish
- Tag a package release (e.g. "tag miot-calendar-client v0.2.0")
Instructions
Step 1: Parse Input
Extract the package name and version from the user's request.
- Package name = the directory name under
packages/(e.g.miot-calendar-client) - Version = semver string (e.g.
0.2.0)
If the user provides an npm scoped name (e.g. @microboxlabs/miot-calendar-client), map it to the directory name under packages/.
If the user provides a bare v<version> tag, ask which package it applies to — never create a plain v<version> tag.
Step 2: Verify the Package Exists
Confirm the package directory exists:
ls packages/<package-name>/package.json
If it doesn't exist, list available packages and ask the user to choose.
Step 3: Bump Version in package.json
Read packages/<package-name>/package.json and check the current version field.
- If it already matches the target version, skip this step.
- If it doesn't match, update the
versionfield to the target version.
Step 4: Commit the Version Bump
If the version was changed in Step 3, stage and commit:
git add packages/<package-name>/package.json
git commit -m "Bump <package-name> to v<version>"
If no changes were needed, skip this step.
Step 5: Create Annotated Tag
Create an annotated tag (not lightweight) using the scoped format:
git tag -a "<package-name>@v<version>" -m "<package-name>@v<version>"
Example: git tag -a "[email protected]" -m "[email protected]"
Step 6: Push Commits and Tag
Push the commit (if any) and the tag to the remote:
git push origin trunk
git push origin "<package-name>@v<version>"
Step 7: Create GitHub Release
Create a GitHub release using the gh CLI:
gh release create "<package-name>@v<version>" \
--title "<package-name>@v<version>" \
--generate-notes \
--latest
Tag Convention
These rules are critical and must always be followed:
- Tag format:
<package-dir-name>@v<version>— NEVER use plainv<version> - Package dir name = the folder name under
packages/(e.g.miot-calendar-client), not the npm scope name (@microboxlabs/miot-calendar-client) - Version sync: The
versionfield inpackages/<name>/package.jsonmust match the tag version exactly - Annotated tags: Always use
git tag -awith a message, never lightweight tags - Release title: Must match the tag name exactly (e.g.
[email protected])
CI/CD Integration
Pushing a scoped tag triggers the corresponding GitHub Actions workflow:
publish-npm.yaml: Triggered by tags matchingmiot-calendar-client@v*- Builds the package with Turbo
- Runs lint, type-check, and tests
- Publishes to npm via OIDC trusted publishing
As new publishable packages are added, each will have its own workflow trigger pattern following the same <package-name>@v* convention.
Monorepo Packages
Current packages under packages/:
| Directory | npm Name | Publishable |
|---|---|---|
| miot-calendar-client | @microboxlabs/miot-calendar-client | Yes |
| db | — | No (internal) |
| ui | — | No (internal) |
| eslint-config | — | No (internal) |
| typescript-config | — | No (internal) |
| sonarcloud-tools | — | No (internal) |
Related Skills
microboxlabs/miot-calendar
tools
VerifiedTrustedCommunity
Query and manage ModularIoT Calendar services via the miot CLI. List calendars, check slot availability, create bookings, manage time windows, and run slot managers. Use when the user asks about schedules, appointments, bookings, availability, calendar configuration, time slots, capacity, or calendar services in their ModularIoT organization.
4SKILL.mdUpdated Apr 8, 2026
microboxlabs/api-client-sync
tools
VerifiedTrustedCommunity
Propagate OpenAPI spec changes through all three layers: (1) the hand-authored TypeScript client package — types, resource methods, tests, version bump; (2) the CLI package — commands, flags, table columns, tests, version bump; (3) the agent skill — SKILL.md workflows, business rules, and reference.md sections. Use when the user says the openapi.json has changed and needs to be reflected end-to-end. Triggers on phrases like "update the client from the new openapi", "sync the client with the API spec", "implement the api changes in the client", "the openapi.json changed, update the client package", "propagate the API changes", or "update all layers from the spec".
4SKILL.mdUpdated Apr 8, 2026
microboxlabs/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
4SKILL.mdUpdated Apr 8, 2026
microboxlabs/sonarcloud-pr-review
development
VerifiedTrustedCommunity
Reviews the current pull request against SonarCloud and fixes reported issues. Fetches PR issues with rule documentation, then applies code changes per rule guidance. Use when the user asks to review the PR, fix SonarCloud issues, or address SonarCloud findings.
4SKILL.mdUpdated Apr 8, 2026