## Summary
Switches the project's package-manager surface from a mix of `npm` /
`pnpm` / `bun` (different commands in different files) to a single tool:
[aube](https://aube.en.dev), en.dev's pnpm-compat package manager
(native Rust, fast, drops cleanly into pnpm/npm-compatible workflows).
| | Before | After |
|---|---|---|
| Workflows install step | `npm ci` | `aube ci` |
| Workflows run scripts | `npm run X` | `aubr X` (`aubr` is the `aube
run` shorthand) |
| `mise.toml` tasks | mixed `npm run` / `bun run` | `aubr X` |
| Lockfile | `package-lock.json` | `package-lock.json` (unchanged — aube
reads it directly) |
The `aubr` binary ships alongside `aube` in the same install — it's the
script-runner shorthand (`aubr <script>` ≡ `aube run <script>`). Saves a
word in every workflow / mise.toml line.
## What didn't change
- **`package-lock.json`** stays as the canonical lockfile. aube reads it
directly; no `aube-lock.yaml` is generated. Running `npm install` still
works for any dev who hasn't switched to aube yet.
- **`package.json` scripts** still use `npm run X` for nested
invocations (e.g. `"all": "npm run format:write && …"`). The literal
`npm` works for both callers — aube's shell exec finds `npm` in PATH,
the inner invocation re-runs the same package.json script. Keeping these
PM-agnostic avoids a forced cutover for downstream contributors.
- **`dist/`** is byte-identical after `aubr all` — parity with the
npm-built bundle verified locally.
## New project files
- **`.npmrc`** — single line: `node-linker=hoisted`. Forces a flat,
npm-style `node_modules` layout instead of aube's default
symlink/virtual-store. Required because `rollup --configPlugin
@rollup/plugin-typescript` resolves the plugin from cwd's node_modules,
and the isolated layout puts rollup under `node_modules/.aube/...` where
standard module resolution can't reach back to the project root for the
plugin. npm reads `.npmrc` but ignores `node-linker` (npm always
installs flat), so the file is safe for both PMs.
- **`pnpm-workspace.yaml`** — generated by aube 1.4 to record
build-script approvals (`unrs-resolver: false`). Project-level config;
commits like a `package.json` companion.
Pinned `aube = '1.4'` in `mise.toml`'s tools so `mise install`
provisions the right binary locally.
## Why aube
Single tool replacing three. Less context-switching for contributors,
fewer places to run `npm audit` / `bun upgrade` / `pnpm dedupe`. aube's
cold-cache install for this repo's deps is ~3s vs `npm ci` at ~10s.
## Test plan
- [x] `aube install` from clean — succeeds, all 441 packages link
cleanly
- [x] `aubr all` (format + lint + package) — succeeds, `dist/`
byte-identical to checked-in version
- [x] `aubr format:check` — clean
- [x] `aubr lint` — clean
- [x] `aubr package` — produces `dist/index.js`, `dist/index.js.map`,
`dist/licenses.txt` matching what's checked in
- [ ] Workflows: `Continuous Integration` / `autofix.ci` / `Check dist/`
/ `test` all pass on this PR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Mostly CI/build-system plumbing; risk is workflow or packaging
breakage (dependency install layout, rollup config) that could prevent
`dist/` from rebuilding or CI from running, but it doesn’t change
runtime action logic.
>
> **Overview**
> Switches GitHub Actions workflows to install tooling via
`jdx/mise-action` and run installs/scripts with `aube`/`aubr` instead of
`actions/setup-node` + `npm ci`/`npm run`.
>
> Pins `aube` (`1.4`) in `mise.toml`, updates `mise` tasks and developer
docs (`CLAUDE.md`) to use `aube`/`aubr`, and adds `.npmrc`
(`node-linker=hoisted`) plus a `.gitignore` entry to avoid committing
`aube`’s generated `pnpm-workspace.yaml`.
>
> Adjusts the packaging script to use `rollup.config.mjs` (replacing the
previous TS config invocation).
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
fd6530d89f. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- Add communique tool to mise.toml
- Add `enhance-release` job to release workflow that runs after release
creation to generate AI-enhanced release notes
## Test plan
- [ ] Verify next release triggers the enhance-release job
- [ ] Confirm ANTHROPIC_API_KEY secret is configured in repo settings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Adds a new post-release GitHub Actions job that uses an external AI
API and an elevated token to modify GitHub release notes; failures or
misconfigured secrets can break the release workflow and token scope
matters.
>
> **Overview**
> After the `release` job completes, the workflow now runs a new
`enhance-release` job that computes the tag from `package.json` and
calls `communique generate ... --github-release` to update the GitHub
release notes.
>
> The PR also adds `communique` to `mise.toml` so the tool is available
in CI, and wires in `ANTHROPIC_API_KEY` plus a dedicated
`RELEASE_PLZ_GITHUB_TOKEN` for the release-note update step.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d2335f661c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
