ash-library-hotfix

Handles emergency hotfix process for critical bugs in ash_cookie_consent library including branch creation, minimal fixes, testing, and rapid release. Use when user asks to "create hotfix", "emergency fix", "patch critical bug", or "hotfix for version".

16 stars

bydiegosouzapw

View on GitHub Installation ↓

Best use case

ash-library-hotfix is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using ash-library-hotfix should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/ash-library-hotfix/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/development/ash-library-hotfix/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/ash-library-hotfix/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How ash-library-hotfix Compares

Feature / Agent	ash-library-hotfix	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# AshCookieConsent Emergency Hotfix

This skill guides you through creating and releasing an emergency hotfix for critical bugs.

## When to Use This Skill

Activate when user requests:
- "Create hotfix for vX.Y.Z"
- "Emergency fix for critical bug"
- "Patch version X.Y.Z"
- "Hotfix for security issue"

## Hotfix Criteria

Only use hotfix process for:
- **Critical bugs** affecting production users
- **Security vulnerabilities** requiring immediate patch
- **Data loss/corruption** issues
- **Application crashes** or unavailability

For non-critical bugs, use normal release process.

## Hotfix Workflow

### Step 1: Verify Critical Nature

Ask user to confirm:
- What is the bug?
- Who is affected?
- What is the impact?
- Is this truly critical?

If not critical, recommend normal release process instead.

### Step 2: Create Hotfix Branch

```bash
# Get the version to hotfix
git fetch --tags

# Create hotfix branch from the tag
git checkout -b hotfix/X.Y.Z vX.Y.Z

# Example: git checkout -b hotfix/0.1.1 v0.1.0
```

### Step 3: Make Minimal Fix

**Guidelines**:
- Fix ONLY the critical issue
- No refactoring or cleanup
- No unrelated changes
- Add regression test to prevent recurrence

**Update CHANGELOG.md**:
```markdown
## [X.Y.Z+1] - YYYY-MM-DD

### Fixed
- **CRITICAL**: Description of bug and fix (#issue)
```

### Step 4: Bump PATCH Version

Edit `mix.exs`:
```elixir
@version "X.Y.Z+1"  # Increment patch number
```

### Step 5: Test Thoroughly

```bash
# Run full test suite
mix test

# Verify the specific bug is fixed
# Add manual verification steps here

# Run quality checks (if time permits)
mix credo
mix dialyzer
```

**Minimum requirement**: Tests must pass. Other checks optional if time-critical.

### Step 6: Commit and Tag

```bash
git add .
git commit -m "Fix critical bug: [brief description] (#issue)"

git tag -a vX.Y.Z+1 -m "Hotfix vX.Y.Z+1"
```

### Step 7: Merge to Main

```bash
git checkout main
git merge hotfix/X.Y.Z+1 --no-ff

# Resolve conflicts if any (prioritize hotfix changes)

git push origin main
git push origin vX.Y.Z+1
```

### Step 8: Publish Immediately

```bash
mix hex.build
mix hex.publish
```

Confirm with `y` when prompted.

### Step 9: Retire Vulnerable Version (If Security Issue)

```bash
mix hex.retire ash_cookie_consent X.Y.Z \
  --reason security \
  --message "Security vulnerability fixed in vX.Y.Z+1. Please upgrade immediately."
```

### Step 10: Create GitHub Release

```bash
gh release create vX.Y.Z+1 \
  --title "vX.Y.Z+1 - HOTFIX: Brief Description" \
  --notes "**Critical hotfix for vX.Y.Z**

🚨 This release fixes a critical bug affecting [description].

### Fixed
- [Description of fix] (#issue)

### Upgrade Instructions
Update your mix.exs:
\`\`\`elixir
{:ash_cookie_consent, \"~> X.Y.Z+1\"}
\`\`\`

See [CHANGELOG](link) for full details."
```

### Step 11: Notify Users

**Immediate notification for**:
- Security vulnerabilities
- Data loss issues
- Breaking bugs

**Notification channels**:
1. Update Hex.pm package page (automatic)
2. Post on Elixir Forum if widely used
3. Update GitHub README with notice
4. Email known users if contact list exists
5. Post on Ash Discord

**Template**:
```markdown
🚨 **Hotfix Released: v X.Y.Z+1**

A critical bug was discovered in v X.Y.Z: [description]

**Impact**: [Who is affected and how]

**Fix**: Upgrade to v X.Y.Z+1 immediately

**Update command**:
\`\`\`bash
mix deps.update ash_cookie_consent
\`\`\`

See [release notes](link) for details.
```

## Post-Hotfix Cleanup

After releasing hotfix:

1. **Delete hotfix branch** (optional):
   ```bash
   git branch -d hotfix/X.Y.Z+1
   ```

2. **Verify fix in production**:
   - Monitor for new reports
   - Check Hex.pm download stats
   - Watch GitHub issues

3. **Update roadmap** (if needed):
   - Adjust next release timeline
   - Document lessons learned

4. **Follow-up tasks**:
   - Add to regression test suite
   - Review related code for similar issues
   - Update documentation if needed

## Time Targets

**For critical security issues**:
- Fix: < 4 hours
- Release: < 6 hours
- Notification: < 8 hours

**For critical bugs**:
- Fix: < 24 hours
- Release: < 36 hours
- Notification: < 48 hours

## Verification Checklist

Before publishing hotfix:

- [ ] Bug confirmed fixed
- [ ] Tests pass (minimum: related tests)
- [ ] No new bugs introduced
- [ ] Version bumped (PATCH only)
- [ ] CHANGELOG updated
- [ ] Commit message clear
- [ ] Git tag created
- [ ] Merged to main

## Common Hotfix Scenarios

### Security Vulnerability

```markdown
## [0.1.1] - 2025-11-XX

### Security
- **CRITICAL**: Fix XSS vulnerability in consent modal (#42)
  - Escape user-provided cookie group names
  - Add Content-Security-Policy headers
```

### Data Loss Bug

```markdown
## [0.1.1] - 2025-11-XX

### Fixed
- **CRITICAL**: Fix consent data being lost on browser restart (#43)
  - Correct cookie max-age calculation
  - Add migration for existing cookies
```

### Application Crash

```markdown
## [0.1.1] - 2025-11-XX

### Fixed
- **CRITICAL**: Fix crash when consent data malformed (#44)
  - Add validation and error handling
  - Gracefully handle legacy cookie format
```

## When NOT to Use Hotfix

Use normal release process instead if:
- Bug is not critical (doesn't affect production)
- Fix requires significant changes
- No users reported the issue yet
- Fix can wait for next planned release

## Reference

Full details: `.claude/MAINTAINER_GUIDE.md` - "Hotfix Process" section

Related Skills

Analyzing AgentScope Library

from diegosouzapw/awesome-omni-skill

This skill provides a way to retrieve information from the AgentScope library for analysis and decision-making.

Advanced Modular Library Design

from diegosouzapw/awesome-omni-skill

Design modular libraries with clear package boundaries, feature-first organization, and clean API surfaces. Use when structuring monorepos, defining module boundaries, or designing library APIs.

bgo

from diegosouzapw/awesome-omni-skill

Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.

Coding & Development

atlas

from diegosouzapw/awesome-omni-skill

macOS-only AppleScript control for the ChatGPT Atlas desktop app. Use only when the user explicitly asks to control Atlas tabs/bookmarks/history on macOS and the "ChatGPT Atlas" app is installed; do not trigger for general browser tasks or non-macOS environments.

atlan-sql-connector-patterns

from diegosouzapw/awesome-omni-skill

Select and apply the correct SQL connector implementation pattern (SDK-default minimal or source-specific custom). Use when building or extending SQL metadata/query extraction connectors.

athena-pr-reviewer

from diegosouzapw/awesome-omni-skill

PROACTIVELY USED when reviewing a PR, branch, or Jira story. Handles code review against requirements and provides actionable feedback.

athena-framework

from diegosouzapw/awesome-omni-skill

Use this skill when working with Athena Framework for Crystal. Athena is a modular ecosystem of independent, reusable components including: Framework (ATH) for web apps, DependencyInjection (ADI) for IoC containers, Routing (ART) for HTTP routing, Serializer (ASR) for object serialization, Validator (AVD) for validation, Console (ACON) for CLI tools, EventDispatcher (AED) for event-driven architecture, and more. Use for building Crystal web applications, REST APIs, CLI tools, or integrating individual components.

atft-code-quality

from diegosouzapw/awesome-omni-skill

Enforce lint, formatting, typing, testing, and security hygiene across the ATFT-GAT-FAN codebase.

atcoder-client

from diegosouzapw/awesome-omni-skill

Interface with AtCoder for Japanese competitive programming contests

asyncredux-connector-pattern

from diegosouzapw/awesome-omni-skill

Implement the Connector pattern for separating smart and dumb widgets. Covers creating StoreConnector widgets, implementing VmFactory and Vm classes, building view-models, and optimizing rebuilds with view-model equality.

Asyncio Programming

from diegosouzapw/awesome-omni-skill

Master asynchronous programming with asyncio, async/await, concurrent operations, and async frameworks

asyncio-concurrency-patterns

from diegosouzapw/awesome-omni-skill

Complete guide for asyncio concurrency patterns including event loops, coroutines, tasks, futures, async context managers, and performance optimization