Release preparation workflow - security audit → E2E tests → review → changelog → docs
release follows the SKILL.md standard. Use the install command to add it to your agent stack.
--- name: release description: Release preparation workflow - security audit → E2E tests → review → changelog → docs --- # /release - Release Workflow Structured release preparation to ship with confidence. ## When to Use - "Prepare a release" - "Ship version X" - "Release to production" - "Cut a release" - "Ready to deploy" - Before any production deployment ## Workflow Overview ``` ┌─────────┐ ┌─────────┐ ┌──────────────┐ ┌──────────┐ ┌─────────┐ │ aegis │───▶│ atlas │───▶│ review-agent │───▶│ herald │───▶│ scribe │ │ │ │ │ │ │ │ │ │ │ └─────────┘ └─────────┘ └──────────────┘ └──────────┘ └─────────┘ Security E2E Final Version Release audit tests review bump notes ``` ## Agent Sequence | # | Agent | Role | Output | |---|-------|------|--------| | 1 | **aegis** | Security vulnerability scan | Security report | | 2 | **atlas** | Run full E2E test suite | Test report | | 3 | **review-agent** | Final release review | Release approval | | 4 | **herald** | Version bump, changelog generation | Updated version files | | 5 | **scribe** | Release notes, documentation | RELEASE.md, docs | ## Why This Order? 1. **Security first**: Catch vulnerabilities before they ship 2. **E2E tests**: Verify full system works end-to-end 3. **Final review**: Human-in-the-loop approval 4. **Version bump**: Only after approval 5. **Documentation**: Ship with proper release notes ## Execution ### Phase 1: Security Audit ``` Task( subagent_type="aegis", prompt=""" Security audit for release: [VERSION] Scan for: - Dependency vulnerabilities (npm audit, pip audit) - Hardcoded secrets/credentials - SQL injection, XSS, CSRF risks - Authentication/authorization issues - Insecure configurations Output: Security report with severity levels """ ) ``` ### Phase 2: E2E Tests ``` Task( subagent_type="atlas", prompt=""" Run E2E tests for release: [VERSION] Execute: - Full E2E test suite - Critical path tests - Integration tests - Performance benchmarks (if applicable) Output: Test report with pass/fail counts """ ) ``` ### Phase 3: Final Review ``` Task( subagent_type="review-agent", prompt=""" Final release review: [VERSION] Review: - Security audit results - E2E test results - Changes since last release (git log) - Breaking changes - Migration requirements Output: RELEASE_APPROVED or RELEASE_BLOCKED with reasons """ ) ``` ### Phase 4: Version Bump & Changelog ``` Task( subagent_type="herald", prompt=""" Prepare release: [VERSION] Tasks: - Bump version in package.json/pyproject.toml - Generate CHANGELOG.md entry - Update version constants in code - Tag commit (don't push yet) Follow semantic versioning. """ ) ``` ### Phase 5: Release Notes ``` Task( subagent_type="scribe", prompt=""" Write release notes: [VERSION] Include: - Summary of changes - New features - Bug fixes - Breaking changes - Migration guide (if needed) - Contributors Output: RELEASE.md or update docs """ ) ``` ## Release Types ### Major Release (Breaking Changes) ``` /release --major → Full workflow with migration guide ``` ### Minor Release (New Features) ``` /release --minor → Full workflow, lighter security review ``` ### Patch Release (Bug Fixes) ``` /release --patch → Security + tests + quick review ``` ### Hotfix ``` /release --hotfix → Expedited: aegis → atlas → herald ``` ## Example ``` User: /release v2.0.0 Claude: Starting /release workflow for v2.0.0... Phase 1: Security audit... [Spawns aegis] ✅ No critical vulnerabilities ⚠️ 2 low-severity issues (documented) Phase 2: E2E tests... [Spawns atlas] ✅ 156/156 E2E tests passing Phase 3: Final review... [Spawns review-agent] ✅ RELEASE_APPROVED - 47 commits since v1.9.0 - 3 new features - 12 bug fixes - No breaking changes Phase 4: Version bump... [Spawns herald] ✅ Version bumped to 2.0.0 ✅ CHANGELOG.md updated ✅ Git tag created Phase 5: Release notes... [Spawns scribe] ✅ RELEASE-v2.0.0.md created ┌─────────────────────────────────────────┐ │ Release v2.0.0 Ready │ ├─────────────────────────────────────────┤ │ Security: ✅ Passed │ │ Tests: ✅ 156/156 │ │ Review: ✅ Approved │ │ │ │ Next steps: │ │ 1. git push origin v2.0.0 │ │ 2. Create GitHub release │ │ 3. Deploy to production │ └─────────────────────────────────────────┘ ``` ## Blockers The workflow stops if: - Critical security vulnerability found - E2E tests failing - Review verdict is RELEASE_BLOCKED ``` Phase 1: Security audit... ❌ CRITICAL: SQL injection in user.py:45 Release blocked. Fix critical issues before proceeding. ``` ## Flags - `--major/--minor/--patch`: Semantic version type - `--hotfix`: Expedited release path - `--skip-security`: Skip security audit (not recommended) - `--dry-run`: Run checks without bumping version