Skip to content

ci: guard against package.json / plugin.json version skew#10

Merged
walkindude merged 1 commit intomasterfrom
ci/check-version-consistency
Apr 26, 2026
Merged

ci: guard against package.json / plugin.json version skew#10
walkindude merged 1 commit intomasterfrom
ci/check-version-consistency

Conversation

@walkindude
Copy link
Copy Markdown
Owner

@walkindude walkindude commented Apr 26, 2026

Summary

The plugin manifest at `.claude-plugin/plugin.json` was silently out of sync with `package.json` between v0.1.0 and v0.1.2 (0.1.0 on the plugin side vs 0.1.1 on package). The README's release instructions ("bump the `version` field in `.claude-plugin/plugin.json` and `package.json`") rely on the releaser remembering both files. The skew was caught by eyeballing during the v0.1.2 release, which is the worst possible mechanism.

This PR replaces eyeballing with a deterministic check at two layers:

  • `scripts/check-versions.mjs`: reads both files, asserts the `version` fields match, exits 1 with a human-readable mismatch report when they don't.
  • `package.json`: adds `pnpm run check:versions`.
  • `lefthook.yml`: pre-commit hook on a glob of `{package.json,.claude-plugin/plugin.json}` blocks the commit on mismatch.
  • `.github/workflows/ci.yml`: `pnpm run check:versions` runs in the `check` job so the gate holds on PRs even when local hooks are bypassed (`--no-verify`) or simply not installed by a contributor.

Test plan

  • `node scripts/check-versions.mjs` against the current matched 0.1.2 / 0.1.2 state → `check-versions: ok (0.1.2)`
  • Manually nudged `.claude-plugin/plugin.json` to 0.1.99, re-ran the script → exits 1 with the mismatch report and the rationale ("released as a single artifact")
  • Lefthook pre-commit on this branch ran the new hook successfully (visible in the commit log)
  • CI on this branch will exercise the new `check:versions` step

🤖 Generated with Claude Code

@walkindude
ci: guard against package.json / plugin.json version skew
0ae6c26 
The plugin manifest at .claude-plugin/plugin.json was silently out of
sync with package.json between v0.1.0 and v0.1.2 (0.1.0 vs 0.1.1)
because the README's release instructions ("bump the version field
in .claude-plugin/plugin.json and package.json") relied on the
releaser remembering both files. The skew was caught by eyeballing,
which is the worst possible mechanism. This commit replaces eyeballing
with a deterministic check.

- scripts/check-versions.mjs: reads both files, asserts the version
  fields match, exits 1 with a human-readable mismatch report when
  they don't.
- package.json: adds the check:versions npm script.
- lefthook.yml: pre-commit hook fires when either file is staged,
  blocking the commit on mismatch (joins the existing lint/typecheck/
  test/format gate).
- .github/workflows/ci.yml: runs check:versions in the check job, so
  the gate holds on PRs even when local hooks are bypassed with
  --no-verify or unconfigured contributors push.

Verified by hand: passes against the current matched 0.1.2 / 0.1.2
state, fails with the expected mismatch report when one file is
nudged off-version.
@walkindude walkindude merged commit e04d51a into master Apr 26, 2026
9 checks passed
@walkindude walkindude deleted the ci/check-version-consistency branch April 26, 2026 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@walkindude