Fix: make release guards consume release profile

[flyingrobots]

Summary

• add a typed .continuum/release.yml reader for release profile mechanics
• make scripts/release-guard.sh validate version sources and release docs from the profile instead of duplicated shell arrays
• make scripts/check-docs-topology.sh derive current docs from the profile and topic shelf
• declare yaml directly and test release-profile doc/version drift behavior

Closes #689.
Part of #693.

Validation

• npx vitest run test/unit/scripts/release-profile.test.ts
• npx vitest run test/unit/scripts/release-profile.test.ts test/unit/scripts/source-size-inventory-command.test.ts test/unit/scripts/pre-push-hook.test.ts
• npm run typecheck
• npm run lint
• npm run lint:docs-topology
• npm run release:guard -- --stage prep-pr
• pre-push IRONCLAD gate: passed on push

Summary by CodeRabbit

• New Features
  • Release validation now uses a centralized release profile to determine which documentation must be present and to verify version lockstep across configured version sources.
  • Added enforcement to ensure designated sources remain private during release checks.
• Bug Fixes
  • Improved detection and reporting for missing required release documentation and version mismatches.
• Tests
  • Added unit tests covering release profile loading, required-docs collection, and version lockstep/privateness validation.
• Chores
  • Updated release tooling to include YAML support for the profile parser.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a3bbb758-f3b9-4f5b-8634-0d3dd81df47d

📥 Commits

Reviewing files that changed from the base of the PR and between d9589f2 and 99cebf9.

📒 Files selected for processing (4)

• scripts/check-docs-topology.sh
• scripts/release-guard.sh
• scripts/release-profile.ts
• test/unit/scripts/release-profile.test.ts

🚧 Files skipped from review as they are similar to previous changes (4)

• scripts/check-docs-topology.sh
• test/unit/scripts/release-profile.test.ts
• scripts/release-guard.sh
• scripts/release-profile.ts

---

📝 Walkthrough

Walkthrough

Adds a YAML-backed release-profile CLI, uses it to derive required release-doc paths and version lockstep checks, and routes release-guard and docs-topology scripts through the new commands. Tests cover profile loading, doc paths, and version drift.

Changes

Release profile-driven guards

Layer / File(s)	Summary
Profile loading and doc paths package.json, scripts/release-profile.ts, test/unit/scripts/release-profile.test.ts	Adds YAML parsing support, release-profile validation/load helpers, doc-path collection, and Vitest coverage for profile loading and required-doc enumeration.
Version lockstep validation .continuum/release.yml, scripts/release-profile.ts, scripts/release-guard.sh, test/unit/scripts/release-profile.test.ts	Adds version-source expansion and lockstep failure collection, enforces private: true for workspace sources, and switches the release-guard version gate to the new CLI.
Doc requirement lookup scripts/check-docs-topology.sh, scripts/release-guard.sh	Replaces hardcoded release-doc arrays with required-docs output for docs-topology and release-evidence checks.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• git-stunts/git-warp#679: Also routes release guard and docs-topology checks through scripts/release-profile.ts, overlapping the same required-docs and version-source plumbing.
• git-stunts/git-warp#687: Also updates scripts/release-guard.sh and release-profile-driven release checks, overlapping the same guard integration path.

Poem

I sniffed the YAML by moonlight’s gleam,
And hopped through docs in a tidy stream.
The guard now listens to one shared song,
Where versions stay private and lockstep strong.
Binky! 🐇 The release path sings along.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: release guards now consume the release profile.
Description check	✅ Passed	The description covers the summary, issue reference, and validation steps, but it omits the ADR checklist section.
Linked Issues check	✅ Passed	The changes satisfy #689 by removing hardcoded release facts, reading them from .continuum/release.yml, and adding drift tests.
Out of Scope Changes check	✅ Passed	The added YAML dependency, release profile script, shell updates, and tests all align with the linked issue scope.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch tooling/release-profile-guards

---

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

Release Preflight

• package version: 18.1.2
• prerelease: false
• npm dist-tag on release: latest
• npm pack dry-run: passed
• jsr publish dry-run: passed

If this PR is from a release/* branch and merges to main, Release Autotag will run final preflight and create v18.1.2. A maintainer who is a JSR @git-stunts scope member must then dispatch the Release workflow manually.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/check-docs-topology.sh`:
- Line 5: The REQUIRED_DOCS population in check-docs-topology.sh currently
trusts the output of node scripts/release-profile.ts required-docs without
verifying whether the command succeeded, which can leave the array empty and
skip validation; update the script to check the CLI exit status (or otherwise
fail fast) before using REQUIRED_DOCS, and ensure the topology check aborts with
a clear error if the release-profile command fails.

In `@scripts/release-guard.sh`:
- Around line 391-396: The release-doc check in the `required-docs` loop can
incorrectly pass when `node scripts/release-profile.ts required-docs` fails,
because the process substitution yields no paths and `missing` stays zero.
Update the release guard logic around the `while IFS= read -r path; do ... done`
block to capture the command’s exit status (or otherwise verify generation
succeeded) and fail the script immediately if `required-docs` cannot be
produced, so `REL-DOC-EVIDENCE` does not pass on a broken
`release-profile.ts`/CLI path.

In `@scripts/release-profile.ts`:
- Around line 145-160: The glob handling in expandVersionSourcePaths is still
hardcoded to a single repo-specific pattern, which defeats the profile-driven
design. Update the function to stop special-casing packages/*/package.json and
instead resolve supported version-source globs from the ReleaseVersionSource
data/profile itself, using expandVersionSourcePaths and the ReleaseProfileError
path only for truly unsupported patterns. Keep the directory scanning logic
generic enough that future profile-owned glob changes do not require code edits.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 69a0216b-a7fc-4d19-9251-46215db16abf

📥 Commits

Reviewing files that changed from the base of the PR and between fc4627e and d9589f2.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• .continuum/release.yml
• package.json
• scripts/check-docs-topology.sh
• scripts/release-guard.sh
• scripts/release-profile.ts
• test/unit/scripts/release-profile.test.ts

[github-actions]

Release Preflight

• package version: 18.1.2
• prerelease: false
• npm dist-tag on release: latest
• npm pack dry-run: passed
• jsr publish dry-run: passed

If this PR is from a release/* branch and merges to main, Release Autotag will run final preflight and create v18.1.2. A maintainer who is a JSR @git-stunts scope member must then dispatch the Release workflow manually.