11name : Publish Packages
22
3- # Workforce npm-provenance-publisher profile consumption:
4- # Consumed via @agentworkforce/workload-router (resolvePersona('npm-provenance')).
5- # The workflow orchestration layer uses the workload-router programmatically.
6- # This YAML implements the persona's concrete technical requirements directly
7- # (YAML cannot import npm packages) with source attribution to the persona.
8- # See: @agentworkforce/workload-router — npm-provenance intent.
3+ # Publish workflow for the initial public Agent Assistant SDK package wave.
4+ # This workflow implements the npm provenance requirements directly in YAML.
5+ # It intentionally avoids runtime dependency on @agentworkforce/workload-router
6+ # so publish remains deterministic in a clean GitHub Actions environment.
97
108on :
119 workflow_dispatch :
@@ -56,7 +54,6 @@ concurrency:
5654 cancel-in-progress : false
5755
5856# Required for npm OIDC provenance attestation.
59- # Source: @agentworkforce/workload-router — resolvePersona('npm-provenance')
6057# TARGET STATE: Full OIDC with no NPM_TOKEN, pending trusted publisher registration
6158# on npmjs.com for each package (manual step).
6259# Until trusted publisher registration is complete, NODE_AUTH_TOKEN is used as bridge.
@@ -88,16 +85,10 @@ jobs:
8885
8986 - run : npm ci
9087
91- - name : Resolve publish persona via workload-router
88+ - name : Confirm publish strategy
9289 run : |
93- node --input-type=module <<'EOF'
94- import { resolvePersona } from '@agentworkforce/workload-router';
95- const selection = resolvePersona('npm-provenance');
96- if (selection.personaId !== 'npm-provenance-publisher') {
97- throw new Error(`Unexpected persona: ${selection.personaId}`);
98- }
99- console.log(`Using persona ${selection.personaId} via ${selection.rationale.profileId}`);
100- EOF
90+ echo "Publishing the initial public Agent Assistant SDK wave with npm provenance enabled."
91+ echo "Packages: traits, core, sessions, surfaces, policy, proactive, sdk"
10192
10293name : Run tests — traits
10394 working-directory : packages/traits
@@ -111,6 +102,12 @@ jobs:
111102 - name : Run tests — surfaces
112103 working-directory : packages/surfaces
113104 run : npx vitest run
105+ - name : Run tests — policy
106+ working-directory : packages/policy
107+ run : npx vitest run
108+ - name : Run tests — proactive
109+ working-directory : packages/proactive
110+ run : npx vitest run
114111
115112 - name : Typecheck — traits
116113 working-directory : packages/traits
@@ -124,6 +121,15 @@ jobs:
124121 - name : Typecheck — surfaces
125122 working-directory : packages/surfaces
126123 run : npx tsc --noEmit -p tsconfig.json
124+ - name : Typecheck — policy
125+ working-directory : packages/policy
126+ run : npx tsc --noEmit -p tsconfig.json
127+ - name : Typecheck — proactive
128+ working-directory : packages/proactive
129+ run : npx tsc --noEmit -p tsconfig.json
130+ - name : Typecheck — sdk
131+ working-directory : packages/sdk
132+ run : npx tsc --noEmit -p tsconfig.json
127133
128134 - name : Build — traits
129135 working-directory : packages/traits
@@ -137,11 +143,20 @@ jobs:
137143 - name : Build — surfaces
138144 working-directory : packages/surfaces
139145 run : npm run build
146+ - name : Build — policy
147+ working-directory : packages/policy
148+ run : npm run build
149+ - name : Build — proactive
150+ working-directory : packages/proactive
151+ run : npm run build
152+ - name : Build — sdk
153+ working-directory : packages/sdk
154+ run : npm run build
140155
141156 - name : Verify no test artifacts in dist
142157 run : |
143158 FAIL=0
144- for pkg in traits core sessions surfaces; do
159+ for pkg in traits core sessions surfaces policy proactive sdk ; do
145160 if find "packages/$pkg/dist" -name '*.test.*' 2>/dev/null | grep -q .; then
146161 echo "ERROR: test artifacts found in packages/$pkg/dist/"
147162 find "packages/$pkg/dist" -name '*.test.*'
@@ -153,7 +168,7 @@ jobs:
153168
154169name : Set publish matrix
155170 id : packages
156- run : echo 'matrix=["traits","core","sessions","surfaces"]' >> "$GITHUB_OUTPUT"
171+ run : echo 'matrix=["traits","core","sessions","surfaces","policy","proactive","sdk" ]' >> "$GITHUB_OUTPUT"
157172
158173 - name : Version all publishable packages
159174 id : version
@@ -174,7 +189,7 @@ jobs:
174189 echo "new_version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
175190 cd ../..
176191
177- for pkg in core sessions surfaces; do
192+ for pkg in core sessions surfaces policy proactive sdk ; do
178193 cd "packages/$pkg"
179194 npm version "$NEW_VERSION" --no-git-tag-version
180195 cd ../..
@@ -204,6 +219,24 @@ jobs:
204219 name : dist-surfaces
205220 path : packages/surfaces/dist
206221 retention-days : 1
222+ - name : Upload build artifact — policy
223+ uses : actions/upload-artifact@v4
224+ with :
225+ name : dist-policy
226+ path : packages/policy/dist
227+ retention-days : 1
228+ - name : Upload build artifact — proactive
229+ uses : actions/upload-artifact@v4
230+ with :
231+ name : dist-proactive
232+ path : packages/proactive/dist
233+ retention-days : 1
234+ - name : Upload build artifact — sdk
235+ uses : actions/upload-artifact@v4
236+ with :
237+ name : dist-sdk
238+ path : packages/sdk/dist
239+ retention-days : 1
207240
208241 - name : Upload manifest — traits
209242 uses : actions/upload-artifact@v4
@@ -229,6 +262,24 @@ jobs:
229262 name : manifest-surfaces
230263 path : packages/surfaces/package.json
231264 retention-days : 1
265+ - name : Upload manifest — policy
266+ uses : actions/upload-artifact@v4
267+ with :
268+ name : manifest-policy
269+ path : packages/policy/package.json
270+ retention-days : 1
271+ - name : Upload manifest — proactive
272+ uses : actions/upload-artifact@v4
273+ with :
274+ name : manifest-proactive
275+ path : packages/proactive/package.json
276+ retention-days : 1
277+ - name : Upload manifest — sdk
278+ uses : actions/upload-artifact@v4
279+ with :
280+ name : manifest-sdk
281+ path : packages/sdk/package.json
282+ retention-days : 1
232283
233284 publish :
234285 name : Publish ${{ matrix.package }}
@@ -249,8 +300,7 @@ jobs:
249300 registry-url : " https://registry.npmjs.org"
250301 cache : npm
251302
252- # Required by npm-provenance-publisher persona (via @agentworkforce/workload-router):
253- # prevents stale-runner OIDC token failures on self-hosted or outdated runners.
303+ # Update npm to latest to reduce provenance/OIDC issues on stale runners.
254304 - name : Update npm to latest (required for provenance)
255305 run : npm install -g npm@latest
256306
@@ -318,11 +368,26 @@ jobs:
318368 with :
319369 name : manifest-surfaces
320370 path : packages/surfaces
371+ - name : Download manifest — policy
372+ uses : actions/download-artifact@v4
373+ with :
374+ name : manifest-policy
375+ path : packages/policy
376+ - name : Download manifest — proactive
377+ uses : actions/download-artifact@v4
378+ with :
379+ name : manifest-proactive
380+ path : packages/proactive
381+ - name : Download manifest — sdk
382+ uses : actions/download-artifact@v4
383+ with :
384+ name : manifest-sdk
385+ path : packages/sdk
321386
322387 - name : Validate downloaded manifests
323388 run : |
324389 EXPECTED="${{ needs.build.outputs.new_version }}"
325- for pkg in traits core sessions surfaces; do
390+ for pkg in traits core sessions surfaces policy proactive sdk ; do
326391 if [ ! -f "packages/$pkg/package.json" ]; then
327392 echo "ERROR: packages/$pkg/package.json not found after artifact download"
328393 exit 1
@@ -338,7 +403,7 @@ jobs:
338403name : Commit version bump
339404 run : |
340405 NEW_VERSION="${{ needs.build.outputs.new_version }}"
341- git add packages/traits/package.json packages/core/package.json packages/sessions/package.json packages/surfaces/package.json
406+ git add packages/traits/package.json packages/core/package.json packages/sessions/package.json packages/surfaces/package.json packages/policy/package.json packages/proactive/package.json packages/sdk/package.json
342407 git commit -m "chore: bump version to v${NEW_VERSION}" || echo "No changes to commit"
343408 git push
344409
0 commit comments