Bundled plugins ship with source but not node_modules. When a bundled plugin is enabled and has external dependencies, the loader now automatically runs npm install on first load. This fixes the issue where plugins like tlon (which depend on @urbit/http-api and @urbit/aura) would fail to load from a fresh npm install because their dependencies weren't installed. Changes: - loader.ts: Add ensureBundledPluginDeps() to install deps before loading - docs/channels/tlon.md: Update to reflect bundled status and auto-install - docs/plugin.md: Add tlon to plugin list, update dep install guidance - docs/reference/RELEASING.md: Clarify bundled vs npm-published plugins
7.7 KiB
| summary | read_when | |||
|---|---|---|---|---|
| Step-by-step release checklist for npm + macOS app |
|
Release Checklist (npm + macOS)
Use pnpm (Node 22+) from the repo root. Keep the working tree clean before tagging/publishing.
Operator trigger
When the operator says “release”, immediately do this preflight (no extra questions unless blocked):
- Read this doc and
docs/platforms/mac/release.md. - Load env from
~/.profileand confirmSPARKLE_PRIVATE_KEY_FILE+ App Store Connect vars are set (SPARKLE_PRIVATE_KEY_FILE should live in~/.profile). - Use Sparkle keys from
~/Library/CloudStorage/Dropbox/Backup/Sparkleif needed.
- Version & metadata
- Bump
package.jsonversion (e.g.,2026.1.25). - Run
pnpm plugins:syncto align extension package versions + changelogs. - Update CLI/version strings:
src/cli/program.tsand the Baileys user agent insrc/provider-web.ts. - Confirm package metadata (name, description, repository, keywords, license) and
binmap points todist/entry.jsforclawdbot. - If dependencies changed, run
pnpm installsopnpm-lock.yamlis current.
- Build & artifacts
- If A2UI inputs changed, run
pnpm canvas:a2ui:bundleand commit any updatedsrc/canvas-host/a2ui/a2ui.bundle.js. pnpm run build(regeneratesdist/).- Verify npm package
filesincludes all requireddist/*folders (notablydist/node-host/**anddist/acp/**for headless node + ACP CLI). - Confirm
dist/build-info.jsonexists and includes the expectedcommithash (CLI banner uses this for npm installs). - Optional:
npm pack --pack-destination /tmpafter the build; inspect the tarball contents and keep it handy for the GitHub release (do not commit it).
- Changelog & docs
- Update
CHANGELOG.mdwith user-facing highlights (create the file if missing); keep entries strictly descending by version. - Ensure README examples/flags match current CLI behavior (notably new commands or options).
- Validation
pnpm lintpnpm test(orpnpm test:coverageif you need coverage output)pnpm run build(last sanity check after tests)pnpm release:check(verifies npm pack contents)CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke(Docker install smoke test, fast path; required before release)- If the immediate previous npm release is known broken, set
CLAWDBOT_INSTALL_SMOKE_PREVIOUS=<last-good-version>orCLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS=1for the preinstall step.
- If the immediate previous npm release is known broken, set
- (Optional) Full installer smoke (adds non-root + CLI coverage):
pnpm test:install:smoke - (Optional) Installer E2E (Docker, runs
curl -fsSL https://clawd.bot/install.sh | bash, onboards, then runs real tool calls):pnpm test:install:e2e:openai(requiresOPENAI_API_KEY)pnpm test:install:e2e:anthropic(requiresANTHROPIC_API_KEY)pnpm test:install:e2e(requires both keys; runs both providers)
- (Optional) Spot-check the web gateway if your changes affect send/receive paths.
- macOS app (Sparkle)
- Build + sign the macOS app, then zip it for distribution.
- Generate the Sparkle appcast (HTML notes via
scripts/make_appcast.sh) and updateappcast.xml. - Keep the app zip (and optional dSYM zip) ready to attach to the GitHub release.
- Follow macOS release for the exact commands and required env vars.
APP_BUILDmust be numeric + monotonic (no-beta) so Sparkle compares versions correctly.- If notarizing, use the
clawdbot-notarykeychain profile created from App Store Connect API env vars (see macOS release).
- Publish (npm)
- Confirm git status is clean; commit and push as needed.
npm login(verify 2FA) if needed.npm publish --access public(use--tag betafor pre-releases).- Verify the registry:
npm view clawdbot version,npm view clawdbot dist-tags, andnpx -y clawdbot@X.Y.Z --version(or--help).
Troubleshooting (notes from 2.0.0-beta2 release)
- npm pack/publish hangs or produces huge tarball: the macOS app bundle in
dist/Clawdbot.app(and release zips) get swept into the package. Fix by whitelisting publish contents viapackage.jsonfiles(include dist subdirs, docs, skills; exclude app bundles). Confirm withnpm pack --dry-runthatdist/Clawdbot.appis not listed. - npm auth web loop for dist-tags: use legacy auth to get an OTP prompt:
NPM_CONFIG_AUTH_TYPE=legacy npm dist-tag add clawdbot@X.Y.Z latest
npxverification fails withECOMPROMISED: Lock compromised: retry with a fresh cache:NPM_CONFIG_CACHE=/tmp/npm-cache-$(date +%s) npx -y clawdbot@X.Y.Z --version
- Tag needs repointing after a late fix: force-update and push the tag, then ensure the GitHub release assets still match:
git tag -f vX.Y.Z && git push -f origin vX.Y.Z
- GitHub release + appcast
- Tag and push:
git tag vX.Y.Z && git push origin vX.Y.Z(orgit push --tags). - Create/refresh the GitHub release for
vX.Y.Zwith titleclawdbot X.Y.Z(not just the tag); body should include the full changelog section for that version (Highlights + Changes + Fixes), inline (no bare links), and must not repeat the title inside the body. - Attach artifacts:
npm packtarball (optional),Clawdbot-X.Y.Z.zip, andClawdbot-X.Y.Z.dSYM.zip(if generated). - Commit the updated
appcast.xmland push it (Sparkle feeds from main). - From a clean temp directory (no
package.json), runnpx -y clawdbot@X.Y.Z send --helpto confirm install/CLI entrypoints work. - Announce/share release notes.
Plugin publish scope (npm)
We publish some plugins to npm under the @clawdbot/* scope for users who prefer
explicit installation. However, all plugins are bundled in extensions/** and
their dependencies are auto-installed on first load when enabled.
Bundled plugins with auto-install
Bundled plugins ship with source code but not node_modules. When a bundled plugin
is enabled and has external dependencies (not clawdbot workspace refs), the loader
automatically runs npm install in the plugin directory on first load.
This means users don't need to manually install plugins or their dependencies—they just enable the plugin in config and restart.
npm-published plugins (optional)
Some plugins are also published to npm for users who prefer explicit installation
via clawdbot plugins install @clawdbot/xxx. This copies the plugin to
~/.clawdbot/extensions/ and runs npm install there.
Current npm plugin list (update as needed):
- @clawdbot/bluebubbles
- @clawdbot/diagnostics-otel
- @clawdbot/discord
- @clawdbot/lobster
- @clawdbot/matrix
- @clawdbot/msteams
- @clawdbot/nextcloud-talk
- @clawdbot/nostr
- @clawdbot/voice-call
- @clawdbot/zalo
- @clawdbot/zalouser
To add a new plugin to npm:
- First-publish manually:
cd extensions/<plugin> && npm publish --access public - Add to the list above
- Future releases will include it automatically
Bundled-only plugins
Some plugins are bundled but not published to npm (e.g., tlon). These work via
the auto-install mechanism—users just enable them in config.
Release notes should call out new bundled plugins so users know they're available.