Stats
Actions
Tags
From gh-toolkit
Use when the user wants to publish a package or deploy a site and asks for the release runbook, the publish steps, or how to ship to npm / Vercel. Triggers on "publish to npm", "npm publish", "release this package", "deploy to vercel", "vercel --prod", "ship it", "cut a release", "publish runbook", "how do I release", "push the new version live". Lays out the exact credentialed steps — one bypass-2FA npm automation token in ~/.npmrc, per-repo publish --access public with npx verify, vercel --prod with a token, and the GitHub release check — then chains to gh-launch-post. NEVER runs the credentialed steps itself; it documents them for the human to run.
How this skill is triggered — by the user, by Claude, or both
Slash command
/gh-toolkit:gh-publishThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The release runbook for shipping a package to npm and/or a site to Vercel. **This skill writes and
The release runbook for shipping a package to npm and/or a site to Vercel. This skill writes and explains the commands; it does not run any credentialed step. Publishing, deploying, and anything touching a real token is the human's to execute.
Never run a credentialed command. Print it, explain it, and hand it to the human.
That covers npm publish, vercel --prod, writing real tokens to ~/.npmrc, and any login. If
asked to "just publish it", decline the credentialed action and provide the runbook instead.
npm publish succeed.~/.npmrc (never to the repo):
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
${NPM_TOKEN} env-var form so the literal token never lands on disk in plaintext.
Export NPM_TOKEN in the shell/session that runs the publish. Do not commit .npmrc.For each package being released:
git status clean, on the release commit/tag.npm run build / tests green.npm pack --dry-run (or pnpm pack) — inspect the tarball file list; confirm no secrets,
no junk, correct files/exports.version in package.json is bumped and unpublished.pnpm publish --access public # or: npm publish --access public
--access public is required for scoped packages so they publish publicly.npx <package-name>@latest --version
npx pulls the just-published version fresh from the registry, proving it installs
and runs for a real user — not just locally.vercel --prod --token "$VERCEL_TOKEN"
Use a $VERCEL_TOKEN env var; never inline or commit the token. After deploy, the agent may
safely curl/visit the production URL to confirm it returns 200.
Confirm the release exists and matches the tag:
gh release view v<X> --json tagName,name,isDraft
gh release view is read-only, so the agent may run it. If the release is missing, the human
creates it (this is a credentialed step) — the agent prints the command and never runs it:
gh release create v<X> --notes-file <notes>
Once the package/site is live and verified, hand off to gh-launch-post to produce the X
thread, single tweet, and Show HN — using only the real numbers from this release (version,
verified install command, benchmark facts). Respect the 3-posts/day cadence.
~/.npmrc (env-var form), .npmrc not committed.pack --dry-run clean).publish --access public (human-run).npx <pkg>@latest verifies from registry.vercel --prod with token (human-run), prod URL returns 200.gh release view v<X> confirms the release.gh-launch-post with real numbers only.npx claudepluginhub aymandakir-gh/gh-claude-toolkit --plugin gh-toolkitCreates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.