chore: migrate to @mondaycom npm scope + manual release workflow#1
chore: migrate to @mondaycom npm scope + manual release workflow#1regevguym merged 7 commits intomondaycom:mainfrom
Conversation
Transfer the npm package namespace from @sensei to @mondaycom to align with the monorepo's new home under the mondaycom GitHub organization. Package renames: @sensei/engine → @mondaycom/sensei-engine @sensei/sdk → @mondaycom/sensei-sdk @sensei/cli → @mondaycom/sensei-cli Manifest changes: - packages/engine/package.json: renamed "name" to @mondaycom/sensei-engine - packages/sdk/package.json: renamed "name" to @mondaycom/sensei-sdk; updated "@sensei/engine" peer dep to "@mondaycom/sensei-engine" - packages/cli/package.json: renamed "name" to @mondaycom/sensei-cli; updated "@sensei/engine" dep to "@mondaycom/sensei-engine" - package.json (root): updated repository.url from nymeria-ai/sensei to mondaycom/sensei - .changeset/config.json: updated "repo" field to "mondaycom/sensei" - package-lock.json: regenerated via `npm install`; workspace symlink entries updated from @sensei/* to @mondaycom/sensei-* Source import changes (no logic changes, identifier rename only): - packages/sdk/src/index.ts: @sensei/engine → @mondaycom/sensei-engine; JSDoc comment @sensei/sdk → @mondaycom/sensei-sdk - packages/sdk/src/builder.ts: @sensei/engine → @mondaycom/sensei-engine - packages/sdk/src/result-utils.ts: @sensei/engine → @mondaycom/sensei-engine - packages/sdk/tests/sdk.test.ts: @sensei/engine → @mondaycom/sensei-engine - packages/engine/src/scorer.ts: error message referencing @sensei/sdk updated to @mondaycom/sensei-sdk - packages/cli/src/commands/run.ts: @sensei/engine → @mondaycom/sensei-engine - packages/cli/src/commands/report.ts: @sensei/engine → @mondaycom/sensei-engine - packages/cli/src/format.ts: @sensei/engine → @mondaycom/sensei-engine - packages/cli/src/html-report.ts: @sensei/engine → @mondaycom/sensei-engine - packages/cli/src/index.ts: JSDoc @sensei/cli → @mondaycom/sensei-cli - packages/cli/src/loader.ts: @sensei/engine → @mondaycom/sensei-engine - packages/cli/tests/html-report.test.ts: @sensei/engine → @mondaycom/sensei-engine No functional changes — pure identifier rename throughout. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Update every documentation reference to reflect the GitHub organization move (nymeria-ai → mondaycom) and the npm package rename (@sensei/* → @mondaycom/sensei-*) from the previous commit. README.md: - CI badge URL: github.com/nymeria-ai/sensei → github.com/mondaycom/sensei - npm badge: /npm/v/@sensei/engine → /npm/v/@mondaycom/sensei-engine - Install commands: npm install @sensei/engine → @mondaycom/sensei-engine; npm install -g @sensei/cli → @mondaycom/sensei-cli - Programmatic usage code block: @sensei/engine → @mondaycom/sensei-engine - SDK usage code block: @sensei/sdk → @mondaycom/sensei-sdk - Packages table: all three @sensei/* entries updated ARCHITECTURE.md: - Tech stack section: package names updated in inline description - All section headers referencing @sensei/* updated - Source code examples updated - Directory tree comments updated (e.g. "# @sensei/engine" annotations) CHANGELOG.md: - All historical entries updated so package names in the changelog remain consistent with the published package names on npm; affects v0.1.0 entry bullet points for Engine Core, CLI, SDK, and Monorepo sections CONTRIBUTING.md: - Clone URL updated: github.com/nymeria-ai/sensei → github.com/mondaycom/sensei - Release workflow description updated to reflect the new manual workflow_dispatch process: removed the changesets "Version Packages PR" description and replaced with a note that releases are triggered manually via the GitHub Actions Release workflow docs/flow-diagram.md: - Import examples in the "Integration Code" section updated from @sensei/engine to @mondaycom/sensei-engine Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
…atch
Replace the previous changesets-based release system — which triggered
automatically on every push to main and opened "Version Packages" PRs —
with a manual workflow_dispatch workflow modeled after the HATCHA repo's
release process. This gives explicit, per-release control with per-package
granularity instead of relying on changeset file accumulation.
Deleted: .github/workflows/publish.yml
The old publish workflow fired on GitHub Release creation events and
separately published packages to npm. With the new release.yml handling
publishing inline, keeping publish.yml would cause a race condition
(both workflows would try to publish the same packages on release).
New: .github/workflows/release.yml (full rewrite)
Trigger:
workflow_dispatch with inputs:
- bump: choice of patch / minor / major (default: patch)
- release_engine: boolean checkbox (default: true)
- release_sdk: boolean checkbox (default: true)
- release_cli: boolean checkbox (default: true)
Permissions:
contents: write — to push version bump commits and tags
id-token: write — required for npm provenance via GitHub OIDC
Concurrency:
group: "release", cancel-in-progress: false
Prevents two release runs from interleaving version bumps.
Steps (in order):
1. Checkout with GITHUB_TOKEN (allows pushing back to the repo)
2. Setup Node 20 + npm cache + registry-url for npm auth
3. npm install (restore dependencies)
4. Validate selection — fails with a clear error if:
- No packages are selected at all
- sdk or cli is selected without engine (cross-package deps require
engine to be released first to keep version references coherent)
5. Bump versions — for each selected package, runs:
npm version $BUMP --no-git-tag-version | sed 's/^v//'
The `sed` is necessary because `npm version` outputs "v0.1.1" with a
leading "v"; stripping it ensures tags are "@mondaycom/sensei-engine@0.1.1"
rather than "@mondaycom/sensei-engine@v0.1.1". Each new version is
captured in a step output via GITHUB_OUTPUT.
6. Update lockfile — re-runs `npm install` to update package-lock.json
with the bumped version numbers in the workspace manifests.
7. Build — `npm run build` (runs all workspace builds via --workspaces)
8. Test — `npx vitest run` instead of `npm test` to bypass the pretest
lifecycle hook, which would trigger another full build and cause a
double-build (the root package.json has "pretest": "npm run build").
9. Publish (per package, conditional on input checkbox):
npm publish --workspace packages/<name> --access public --provenance
`--provenance` attaches a signed SLSA provenance attestation via the
GitHub OIDC token (requires id-token: write permission).
Condition uses `inputs.release_* == true` (not just `inputs.release_*`)
because workflow_dispatch boolean inputs arrive as the string "false",
which is truthy in a bare `if:` expression — the comparison is required
to correctly gate publish on the actual boolean value.
10. Commit and tag — configures git bot identity, stages all bumped
package.json files and the updated lockfile, builds a commit message
and tag list from whichever versions were bumped, commits, creates
annotated tags in the format "@mondaycom/sensei-engine@0.1.1", then
pushes with:
git push origin HEAD:main --tags --atomic
HEAD:main is explicit to avoid ambiguity in the detached-HEAD state
that actions/checkout@v4 creates by default. --atomic ensures the
commit and all tags land together or not at all.
11. Create GitHub Releases — uses `gh release create` for each released
package with --generate-notes. All but the last are created with
--latest=false; the final release is then edited to --latest so the
repo's "Latest" badge always points to the most recently released
package.
12. Summary (if: always()) — writes a markdown table of package→version
pairs to GITHUB_STEP_SUMMARY. Runs unconditionally so a failed
publish still shows what was attempted.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Scoped npm packages (e.g. @mondaycom/*) are private by default. Without this, `npm publish` fails with a 402 Payment Required error unless --access public is passed explicitly every time. Adding publishConfig.access = "public" to each package manifest makes the intent permanent and self-documenting, independent of the publish command flags used. The release workflow already passes --access public, but this ensures correctness even if the packages are published manually or via a different tool. Affects: packages/engine/package.json packages/sdk/package.json packages/cli/package.json Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Initial pre-release version for first publish under the @mondaycom scope. @mondaycom/sensei-engine: 0.1.1 → 0.0.1 @mondaycom/sensei-sdk: 0.1.0 → 0.0.1 @mondaycom/sensei-cli: 0.1.0 → 0.0.1 Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
The --version assertion was hardcoded to '0.1.0'. Updated to match the version reset in the previous commit. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
🔴 Bug — CONTRIBUTING.md still references changesetsThe changeset instructions block is still there telling contributors to run npx changeset . Since the release workflow is now manual workflow_dispatch , this section should be removed or rewritten to match the new flow (Actions → Release → Run workflow). 🟡 LICENSE copyright not updatedThe transfer plan included updating the LICENSE copyright holder. This PR does not touch LICENSE — worth checking what it currently says and updating if needed (e.g. "WorkDraft.ai" → "monday.com"). 🟡 Branch protection may block workflow pushThe release workflow uses GITHUB_TOKEN to git push origin HEAD:main --tags --atomic . If the mondaycom org has branch protection on main (which is likely), GITHUB_TOKEN cannot bypass it. First real release will fail at the commit+tag step. Fix: use a PAT with bypass permissions, or a GitHub App token, or add a branch protection bypass rule for github-actions[bot] . 🟢 Minor — .changeset/ directory is now dead weightThe old changesets-based release flow was removed, but .changeset/config.json was updated rather than deleted. The whole .changeset/ directory (config + any leftover changeset files) can be removed since it is no longer used. ✅ Everything else looks great• All @sensei/* → @mondaycom/sensei-* ✓ |
CONTRIBUTING.md — remove changesets section: The Changesets heading and all instructions (npx changeset, .changeset/ workflow, step 4 in PR process) have been removed. Replaced with a concise "Releases" section explaining the manual workflow_dispatch flow. Changesets is no longer used in this repo. LICENSE — update copyright holder: AgentTalent.ai → monday.com .changeset/ — delete directory: The entire .changeset/ directory (config.json + any leftover changeset markdown files) is removed. It served the old changesets-based release system which has been replaced by the manual workflow_dispatch workflow. Keeping it around was misleading dead weight. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
|
Addressed in 255a92c:
Re: branch protection blocking the workflow push — acknowledged, this is a real issue for the first release run. Fixing it properly requires either a PAT with bypass permissions, a GitHub App token, or adding a branch protection bypass rule for |
|
All review comments addressed ✅ LGTM — ready to merge. One note for first release: the workflow uses GITHUB_TOKEN to push version bump commits + tags back to main . If branch protection is enabled on main (likely in the mondaycom org), that push will fail since GITHUB_TOKEN cannot bypass protection rules. When you're ready to run the first release, either: Not a merge blocker — just something to set up before triggering the first release workflow. |
|
3 participants
Summary
This PR covers four related changes made in preparation for publishing under the
monday.comGitHub organization:@sensei/*to@mondaycom/sensei-*workflow_dispatchworkflowpublishConfig0.0.1for first publish under the new scopePackage Renames
@sensei/engine@mondaycom/sensei-engine@sensei/sdk@mondaycom/sensei-sdk@sensei/cli@mondaycom/sensei-cliFiles changed:
packages/*/package.json—namefields updatedpackages/sdk/package.jsonandpackages/cli/package.json— internal@sensei/enginedependency updatedpackage.json(root) —repository.urlupdated fromnymeria-ai/sensei→mondaycom/sensei.changeset/config.json—repofield updatedpackage-lock.json— regenerated; workspace symlink entries updated@sensei/*— updated to@mondaycom/sensei-*Package Visibility
All three packages are scoped under
@mondaycom/and therefore private by default on npm. Added"publishConfig": { "access": "public" }to each package manifest to explicitly declare them as public.This is intentional redundancy with the
--access publicflag in the release workflow — if someone ever publishes manually or via a different tool, the manifest itself enforces the correct access level rather than relying on remembering the flag.Version Reset
All packages reset to
0.0.1for the first publish under the@mondaycomscope. Previous versions (0.1.x) were published under@sensei/*and are unrelated from npm's perspective — the new scope is a fresh namespace.@mondaycom/sensei-engine@mondaycom/sensei-sdk@mondaycom/sensei-cliRelease Workflow
What was removed
.github/workflows/publish.yml— triggered on GitHub Release creation events and published packages to npm separately. With publishing now handled inline in the release workflow, keeping it would have caused a race condition (both workflows would attempt to publish the same packages simultaneously)..github/workflows/release.yml(old) — used the changesets bot, which required developers to commit changeset files to PRs and triggered automatically on every push tomainto open a "Version Packages" PR. This PR cycle added friction for a small monorepo.What was added
.github/workflows/release.yml(new) — modeled after HATCHA's release workflow, adapted for npm (not pnpm) and sensei's three packages.How to trigger a release
Go to Actions → Release → Run workflow and select:
patch/minor/majorrelease_engine,release_sdk,release_cli)What the workflow does (in order)
npm version $BUMP --no-git-tag-version(strips thevprefix npm adds so tags are@mondaycom/sensei-engine@0.1.1, not@mondaycom/sensei-engine@v0.1.1)package-lock.jsonvianpm installnpm run buildnpx vitest run(bypasses thepretestlifecycle hook, which would trigger a second full build)--access public --provenance(signed SLSA attestation via GitHub OIDC — requiresid-token: writepermission)package.jsonfiles + lockfile, creates git tags, pushes tomainwith--atomicif: always())Bugs caught in code review (fixed before merge)
npm versionoutputsv0.1.1(with leadingv)@mondaycom/sensei-engine@v0.1.1— permanently malformedif: inputs.release_enginetreats the string"false"as truthyif: inputs.release_engine == truenpm testtriggerspretest→npm run buildnpx vitest runto bypass lifecycle hooksgit push origin HEADis ambiguous in detached HEAD stategit push origin HEAD:mainif: always()if: always()Checklist
@sensei/*references replaced — verified withgrep -r '@sensei/' .returning no matchesnymeria-aireferences replaced — verified withgrep -r 'nymeria' .returning no matchespackage-lock.jsonregenerated with new package namespublishConfig.access = "public"added to all three package manifests0.0.1for first publish under@mondaycomscope