// Orchestrates a release by chaining quality-scan and security-scan as gates, generating a changelog, bumping the version, and offering to publish. Use when preparing a release, cutting a new version, or when `/release-changelog` is invoked.
Scans the codebase for bugs, logic errors, cache races, workflow problems, insecure defaults, security regressions in the diff, and variant analysis on prior findings. Spawns specialized Task agents per scan type, deduplicates findings, and produces an A-F prioritized report. Use when preparing a release, investigating quality issues, running pre-merge checks, or whenever a recent diff touches security-sensitive code.
Executes the GitHub Actions SHA pin cascade when a socket-registry action or workflow changes. Creates PRs in dependency order, waits for merges, and propagates the final SHA to all consuming repos. Use when workflow files or actions change, or when asked to update workflows or cascade SHAs.
Bumps git submodules declared in `.gitmodules` to their latest stable upstream tag, for submodules NOT managed by an lockstep `version-pin` row. Reads the `# <name>-<version>` comment above each submodule as the current pin, finds the latest stable tag (excluding pre-releases), checks out, updates the comment, commits atomically. Invoked by the `updating` umbrella skill; can also be invoked standalone.
| name | release |
| description | Orchestrates a release by chaining quality-scan and security-scan as gates, generating a changelog, bumping the version, and offering to publish. Use when preparing a release, cutting a new version, or when `/release-changelog` is invoked. |
Orchestrates a release by chaining quality-scan and security-scan as gates, then generating a changelog and version bump.
/release-changelog command is invoked (delegates here)Run the /quality-scan skill with all scan types enabled.
Gate condition: zero CRITICAL findings. If any CRITICAL findings exist, abort the release and report them.
Read the HANDOFF block from quality-scan to check:
Findings: {critical: N, ...}
If critical > 0: stop, report findings, do not proceed.
Update queue: current_phase: quality-gate
Run the /security-scan skill.
Gate condition: grade B or above. If grade is C, D, or F, abort the release and report findings.
Read the HANDOFF block from security-scan to check:
Grade: {A-F}
If grade is C or worse: stop, report findings, do not proceed.
Update queue: current_phase: security-gate
Generate changelog entry following CLAUDE.md ยง "Changelog Management":
CHANGELOG.md to get the last released version (if it doesn't exist, create it with the Keep a Changelog header)git log --oneline <last-tag>..HEADUpdate queue: current_phase: changelog
Determine version bump from commit types:
feat commits โ minor bumpfix commits only โ patch bumpUpdate version in package.json.
Present the version change for approval. Commit changelog + version bump together:
chore(release): X.Y.Z
Update queue: status: done
After the release commit is merged:
git tag vX.Y.Z && git push origin vX.Y.Z