From 89ba72c35dcbcdc0144f4e57a0b76568c50c2cbb Mon Sep 17 00:00:00 2001 From: Mario Zechner Date: Sat, 23 May 2026 12:07:52 +0200 Subject: [PATCH] Update release instructions and image models --- AGENTS.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 72cdd05c0..33be8f279 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -142,14 +142,16 @@ Attribution: 4. **Brief the user on the WebAuthn flow before running anything**. Print exactly the following message and then stop and wait for the user to confirm in their next message: ``` - Before I run the release script, read this carefully: + Before the release publish step, read this carefully: - `npm publish` uses WebAuthn 2FA. - - A login URL will appear in the live bash output in this TUI. I will NOT see it until the command exits. - - You must watch the bash output, cmd/ctrl-click the URL, log in in the browser, and select the "don't ask again for N minutes" option so publish can continue. - - This may happen more than once during the release. + - The safest flow is for you to run the publish command yourself, because you can see and open the npm authentication URL immediately. + - I will tell you the exact command to run. + - When npm prints an auth URL, cmd/ctrl-click it, log in in the browser, and select the "don't ask again for N minutes" option if available. + - This may happen more than once during publish. + - Do not rerun `npm run release:patch` or `npm run release:minor` after a failed publish; only rerun the publish command I give you. - Reply "ready" once you have read this and are watching the bash output. I will not run the release script until you do. + Reply "ready" once you have read this and are ready to run the command locally. ``` Do not proceed to step 5 until the user explicitly confirms. @@ -159,7 +161,7 @@ Attribution: npm run release:patch # fixes + additions npm run release:minor # breaking changes ``` - Do not pass a `timeout` to the bash tool for this call. If publish fails partway, stop and report to the user what happened (which package failed, the error output) along with possible solutions. Never rerun the version bump on your own. + Do not pass a `timeout` to the bash tool for this call. If publish fails during the WebAuthn/OTP step after version bump, stop and tell the user to run `npm run publish` themselves from the repo root. Never rerun the version bump on your own. After the user reports publish success, continue with the post-publish steps. 6. **After publish succeeds**: - Add fresh `## [Unreleased]` sections to package changelogs.