fix: release config script validation and broken postbump

[carlos-alm]

Summary

• Remove broken postbump script from .versionrc.json that referenced non-existent sync-native-versions.js (only .ts exists). The npm version lifecycle in package.json already handles native version syncing correctly via node-ts.js, making this entry both redundant and broken
• Add Step 7b to the /release skill that validates all script references in .versionrc.json and package.json lifecycle hooks point to files that actually exist, preventing this class of issue from recurring
• Fix .js → .ts reference in the release skill docs

Closes #823

Test plan

• npm run release:dry-run succeeds without the removed postbump
• Verify package.json version lifecycle still syncs native versions correctly
• Step 7b validation catches broken script paths when running /release

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #825: fix: release config script validation and broken postbump

Todo List

• Read and analyze changed files
• Phase 1: Root cause analysis
• Phase 2: Configuration change detection
• Phase 3: Test integrity check
• Phase 4: Code quality review
• Phase 5: Backlog compliance assessment
• Provide final rating and recommendation

Root Cause Analysis

Problem Being Solved: The .versionrc.json file contained a broken postbump script that referenced scripts/sync-native-versions.js, but only scripts/sync-native-versions.ts exists. This causes silent failures during npm run release.

Why This Approach: The fix is correct — removing the broken/redundant script and adding validation to prevent future occurrences. The package.json version lifecycle already handles native version syncing via node scripts/node-ts.js scripts/sync-native-versions.ts, so the postbump was redundant.

Risk Assessment: Low risk. This is removing a broken feature, not introducing new logic. The validation step is defensive and preventive.

Backlog Compliance

• Zero-dep: ✅ — No new dependencies, purely configuration and documentation changes
• Foundation-aligned: ✅ — Improves tooling reliability without violating any principles
• Problem-fit: 3 — Useful reliability improvement but doesn't directly address the core "lost AI" problem
• Breaking: No — Purely removes broken functionality, no API/behavior changes
• Tier: 1 (zero-dep ✅ + foundation-aligned ✅)

Critical Concerns

None. This is a clean, well-motivated fix.

Code Quality Assessment

Positive aspects:

• Root cause correctly identified: The postbump script referenced a non-existent .js file when only .ts exists
• Proper redundancy elimination: The postbump was duplicating what package.json version lifecycle already handles
• Defensive validation added: Step 7b provides regex-based validation to catch similar issues in future releases
• Documentation consistency: Fixed the .js → .ts reference in the skill docs
• Clear test plan: Includes verification steps in the PR description

Technical review:

• .versionrc.json: Clean removal of the broken scripts section at .versionrc.json:17-19
• Validation logic in .claude/skills/release/SKILL.md:182-194 is well-designed:
  • Uses grep -oP for precise script path extraction
  • Handles both .versionrc.json and package.json lifecycle hooks
  • Provides clear error messages with file context
  • Includes common failure patterns in documentation

No concerns with:

• Security (pure configuration cleanup)
• Performance (no runtime impact)
• Test coverage (validation is thoroughly documented with examples)

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is a solid maintenance fix that addresses a real issue (broken script reference), implements proper defensive measures (validation step), and follows good engineering practices. The approach is minimal, targeted, and well-documented. Minor deduction only because it's a maintenance fix rather than user-facing improvement.

The PR correctly identifies that sync-native-versions.js doesn't exist (only .ts), removes the broken reference, and adds validation to prevent recurrence. The existing package.json version lifecycle handles syncing correctly, making this change both safe and beneficial.

---

[greptile-apps]

Greptile Summary

This PR adds a Step 7b validation block to the /release skill that checks all node <runner> <script> references in .versionrc.json and package.json lifecycle hooks against the filesystem, and fixes a stale .js → .ts reference in the docs. The previous reviewer concern about forwarded script arguments being silently skipped has been addressed — both the runner and the target .ts file are now validated with separate grep passes.

Confidence Score: 5/5

Safe to merge — documentation-only change with no runtime code affected.

All changes are in a skill documentation file. The previously raised P1 about forwarded script validation has been addressed. The grep patterns correctly extract and validate both the runner and the forwarded argument. No logic or runtime code is modified.

No files require special attention.

Important Files Changed

Filename	Overview
.claude/skills/release/SKILL.md	Adds Step 7b validation block for broken script references in release config, fixes a .js → .ts doc typo, and correctly validates both the runner and forwarded script argument for both .versionrc.json and package.json.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Step 7b: Validate release config scripts] --> B[Scan .versionrc.json for node references]
    B --> C[Extract runner argument]
    C --> D[Extract forwarded script argument]
    D --> E{Both files exist?}
    E -- no --> F[Print ERROR and stop]
    E -- yes --> G[Scan package.json version lifecycle hooks]
    G --> H[Extract runner argument]
    H --> I[Extract forwarded script argument]
    I --> J{Both files exist?}
    J -- no --> K[Print ERROR and stop]
    J -- yes --> L[All refs valid - proceed to Step 8]

Loading

_{Reviews (2): Last reviewed commit: "fix(skills): validate forwarded script a..." | Re-trigger Greptile}

[greptile-apps]

Step 7b only validates the runner, not the target script

Both grep patterns extract only the first token after node (e.g. scripts/node-ts.js), so the actual .ts file passed as the second argument (scripts/sync-native-versions.ts) is never checked. A broken reference like node scripts/node-ts.js scripts/non-existent.ts would pass the validation silently because node-ts.js exists.

To also validate the forwarded script, extend the capture to the second argument when the runner is node-ts.js:

# package.json — check version/preversion/postversion lifecycle hooks
grep -E '"(pre)?version"|"postversion"' package.json | grep -oP 'node \K[^ "&]+' | while read script; do
  [ ! -f "$script" ] && echo "ERROR: package.json lifecycle references '$script' but it does not exist"
  # Also check the forwarded script when using node-ts.js
  if [[ "$script" == *node-ts.js* ]]; then
    forwarded=$(grep -oP "$script \K[^ \"&]+" package.json 2>/dev/null | head -1)
    [ -n "$forwarded" ] && [ ! -f "$forwarded" ] && echo "ERROR: package.json lifecycle references '$forwarded' but it does not exist"
  fi
done

[carlos-alm]

Fixed — added a second grep pass for both .versionrc.json and package.json that extracts the forwarded script argument (the second token after node <runner>). Now node scripts/node-ts.js scripts/non-existent.ts would be caught because both scripts/node-ts.js and scripts/non-existent.ts are validated independently.

[carlos-alm]

@greptileai