release
Release preparation workflow - security audit → E2E tests → review → changelog → docs
Best use case
release is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Release preparation workflow - security audit → E2E tests → review → changelog → docs
Teams using release should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/release/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How release Compares
| Feature / Agent | release | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Release preparation workflow - security audit → E2E tests → review → changelog → docs
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# /release - Release Workflow Structured release preparation to ship with confidence. ## When to Use - "Prepare a release" - "Ship version X" - "Release to production" - "Cut a release" - "Ready to deploy" - Before any production deployment ## Workflow Overview ``` ┌─────────┐ ┌─────────┐ ┌──────────────┐ ┌──────────┐ ┌─────────┐ │ aegis │───▶│ atlas │───▶│ review-agent │───▶│ herald │───▶│ scribe │ │ │ │ │ │ │ │ │ │ │ └─────────┘ └─────────┘ └──────────────┘ └──────────┘ └─────────┘ Security E2E Final Version Release audit tests review bump notes ``` ## Agent Sequence | # | Agent | Role | Output | |---|-------|------|--------| | 1 | **aegis** | Security vulnerability scan | Security report | | 2 | **atlas** | Run full E2E test suite | Test report | | 3 | **review-agent** | Final release review | Release approval | | 4 | **herald** | Version bump, changelog generation | Updated version files | | 5 | **scribe** | Release notes, documentation | RELEASE.md, docs | ## Why This Order? 1. **Security first**: Catch vulnerabilities before they ship 2. **E2E tests**: Verify full system works end-to-end 3. **Final review**: Human-in-the-loop approval 4. **Version bump**: Only after approval 5. **Documentation**: Ship with proper release notes ## Execution ### Phase 1: Security Audit ``` Task( subagent_type="aegis", prompt=""" Security audit for release: [VERSION] Scan for: - Dependency vulnerabilities (npm audit, pip audit) - Hardcoded secrets/credentials - SQL injection, XSS, CSRF risks - Authentication/authorization issues - Insecure configurations Output: Security report with severity levels """ ) ``` ### Phase 2: E2E Tests ``` Task( subagent_type="atlas", prompt=""" Run E2E tests for release: [VERSION] Execute: - Full E2E test suite - Critical path tests - Integration tests - Performance benchmarks (if applicable) Output: Test report with pass/fail counts """ ) ``` ### Phase 3: Final Review ``` Task( subagent_type="review-agent", prompt=""" Final release review: [VERSION] Review: - Security audit results - E2E test results - Changes since last release (git log) - Breaking changes - Migration requirements Output: RELEASE_APPROVED or RELEASE_BLOCKED with reasons """ ) ``` ### Phase 4: Version Bump & Changelog ``` Task( subagent_type="herald", prompt=""" Prepare release: [VERSION] Tasks: - Bump version in package.json/pyproject.toml - Generate CHANGELOG.md entry - Update version constants in code - Tag commit (don't push yet) Follow semantic versioning. """ ) ``` ### Phase 5: Release Notes ``` Task( subagent_type="scribe", prompt=""" Write release notes: [VERSION] Include: - Summary of changes - New features - Bug fixes - Breaking changes - Migration guide (if needed) - Contributors Output: RELEASE.md or update docs """ ) ``` ## Release Types ### Major Release (Breaking Changes) ``` /release --major → Full workflow with migration guide ``` ### Minor Release (New Features) ``` /release --minor → Full workflow, lighter security review ``` ### Patch Release (Bug Fixes) ``` /release --patch → Security + tests + quick review ``` ### Hotfix ``` /release --hotfix → Expedited: aegis → atlas → herald ``` ## Example ``` User: /release v2.0.0 Claude: Starting /release workflow for v2.0.0... Phase 1: Security audit... [Spawns aegis] ✅ No critical vulnerabilities ⚠️ 2 low-severity issues (documented) Phase 2: E2E tests... [Spawns atlas] ✅ 156/156 E2E tests passing Phase 3: Final review... [Spawns review-agent] ✅ RELEASE_APPROVED - 47 commits since v1.9.0 - 3 new features - 12 bug fixes - No breaking changes Phase 4: Version bump... [Spawns herald] ✅ Version bumped to 2.0.0 ✅ CHANGELOG.md updated ✅ Git tag created Phase 5: Release notes... [Spawns scribe] ✅ RELEASE-v2.0.0.md created ┌─────────────────────────────────────────┐ │ Release v2.0.0 Ready │ ├─────────────────────────────────────────┤ │ Security: ✅ Passed │ │ Tests: ✅ 156/156 │ │ Review: ✅ Approved │ │ │ │ Next steps: │ │ 1. git push origin v2.0.0 │ │ 2. Create GitHub release │ │ 3. Deploy to production │ └─────────────────────────────────────────┘ ``` ## Blockers The workflow stops if: - Critical security vulnerability found - E2E tests failing - Review verdict is RELEASE_BLOCKED ``` Phase 1: Security audit... ❌ CRITICAL: SQL injection in user.py:45 Release blocked. Fix critical issues before proceeding. ``` ## Flags - `--major/--minor/--patch`: Semantic version type - `--hotfix`: Expedited release path - `--skip-security`: Skip security audit (not recommended) - `--dry-run`: Run checks without bumping version
Related Skills
workflow-router
Goal-based workflow orchestration - routes tasks to specialist agents based on user goals
wiring
Wiring Verification
websocket-patterns
Connection management, room patterns, reconnection strategies, message buffering, and binary protocol design.
visual-verdict
Screenshot comparison QA for frontend development. Takes a screenshot of the current implementation, scores it across multiple visual dimensions, and returns a structured PASS/REVISE/FAIL verdict with concrete fixes. Use when implementing UI from a design reference or verifying visual correctness.
verification-loop
Comprehensive verification system covering build, types, lint, tests, security, and diff review before a PR.
vector-db-patterns
Embedding strategies, ANN algorithms, hybrid search, RAG chunking strategies, and reranking for semantic search and retrieval.
variant-analysis
Find similar vulnerabilities across a codebase after discovering one instance. Uses pattern matching, AST search, Semgrep/CodeQL queries, and manual tracing to propagate findings. Adapted from Trail of Bits. Use after finding a bug to check if the same pattern exists elsewhere.
validate-agent
Validation agent that validates plan tech choices against current best practices
tracing-patterns
OpenTelemetry setup, span context propagation, sampling strategies, Jaeger queries
tour
Friendly onboarding tour of Claude Code capabilities for users asking what it can do.
tldr-stats
Show full session token usage, costs, TLDR savings, and hook activity
tldr-router
Map code questions to the optimal tldr command by detecting intent and routing to the right analysis layer.