chore: fix pre-release CI

[Crunchyman-ralph]

What type of PR is this?

• 🐛 Bug fix
• ✨ Feature
• 🔌 Integration
• 📝 Docs
• 🧹 Refactor
• Other:

Description

Related Issues

How to Test This

# Example commands or steps

Expected result:

Contributor Checklist

• Created changeset: npm run changeset
• Tests pass: npm test
• Format check passes: npm run format-check (or npm run format to fix)
• Addressed CodeRabbit comments (if any)
• Linked related issues (if any)
• Manually tested the changes

Changelog Entry

---

For Maintainers

• PR title follows conventional commits
• Target branch correct
• Labels added
• Milestone assigned (if applicable)

Summary by CodeRabbit

• Chores

  • Run package build and formatting during pre-release and release; build failures now block releases.
  • Marked select packages private and aligned package versions across the monorepo.

• Changesets

  • Updated changeset configuration and added new changeset entries to drive RC publishing.

• Documentation

  • Added @tm/cli changelog entry for v1.1.0-rc.0 and updated extension manifest to v0.25.0-rc.0.

• Bug Fixes

  • CLI: display full brief IDs in selection lists instead of abbreviated IDs.

[changeset-bot]

🦋 Changeset detected

Latest commit: 5cb033e

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Adds formatting and build steps to pre-release and release GitHub workflows, updates changeset configuration and adds two changesets, adjusts package metadata/versions (including marking some packages private), updates a CLI choice label, and changes a Supabase task query to use case-insensitive display_id matching.

Changes

Cohort / File(s)	Summary
CI workflows ​.github/workflows/pre-release.yml, ​.github/workflows/release.yml	Insert steps to run formatting (npm run format with FORCE_COLOR=1) and build packages (npm run turbo:build with NODE_ENV=production and FORCE_COLOR=1) into pre-release and release workflows, positioned before publish/PR steps.
Changeset config & entries ​.changeset/config.json, ​.changeset/moody-oranges-slide.md, ​.changeset/odd-otters-tan.md	Toggle .changeset/config.json commit true→false, set linked to [[ "task-master-ai", "@tm/cli", "@tm/core" ]], remove updateInternalDependencies; add two new changeset markdown files for minor bumps.
Package metadata apps/cli/package.json, apps/extension/package.json, packages/tm-core/package.json, packages/build-config/package.json	Bump/alter package fields: apps/cli version 1.0.0→0.26.0 and add "private": true; packages/tm-core version 1.0.0→0.26.0; packages/build-config add "private": true; apps/extension version 0.24.2→0.25.0-rc.0 and change dependency task-master-ai 0.26.0→*.
Changelog apps/cli/CHANGELOG.md	Add 1.1.0-rc.0 entry referencing RC test PR/commit.
CLI UX change apps/cli/src/commands/context.command.ts	Choice labels for selecting a brief changed from abbreviated brief.id.slice(0, 8) to full brief.id.
Supabase repository query packages/tm-core/src/repositories/supabase-task-repository.ts	Change task lookup predicate from .eq('id', taskId) (numeric id) to case-insensitive .ilike('display_id', taskId).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant GH as GitHub Actions (Pre-Release)
  participant Repo as Repository
  participant NPM as npm Registry

  Dev->>GH: workflow_dispatch (Pre-Release RC)
  GH->>Repo: Checkout
  GH->>GH: Version RC packages
  GH->>GH: Run format (npm run format)
  GH->>GH: Build packages (npm run turbo:build)
  alt Publish path
    GH->>NPM: Publish RC to npm
  else PR path
    GH->>Repo: Create RC Pull Request
  end

Loading

sequenceDiagram
  autonumber
  participant GH as GitHub Actions (Release)
  participant Repo as Repository
  participant NPM as npm Registry

  GH->>Repo: On release trigger
  GH->>GH: Check pre-release mode
  GH->>GH: Build packages (npm run turbo:build)
  alt Publish path
    GH->>NPM: Publish to npm
  else PR path
    GH->>Repo: Create Release Pull Request
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• chore: remove pre-release CI for extension, too much work and doesn't make sense for us #1129 — Modifies the same pre-release workflow; likely overlaps in workflow step ordering.
• chore: improve release check for release-check and release flow #1095 — Alters the release workflow where this PR adds a build step; related to release flow changes.
• chore: improve pre-release CI to just use dropdown #1080 — Also edits the pre-release workflow; may overlap with added format/build steps.

Suggested reviewers

• eyaltoledano

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: fix pre-release CI" is concise and accurately highlights the primary intent to update CI workflows (notably .github/workflows/pre-release.yml and release.yml adding format and build steps). The changeset also includes package/version bumps, changesets, changelog updates, and a functional change in packages/tm-core, so the title only partially describes the full diff. Because PR titles are meant to be brief and highlight the main change, this title is acceptable as a pass but is not fully comprehensive.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ralph/chore/fix.ci.release

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1a3a528 and f239569.

📒 Files selected for processing (2)

• .github/workflows/pre-release.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Test
• GitHub Check: rc

🔇 Additional comments (3)

.github/workflows/release.yml (2)

44-49: Good gate: build before publish.

Placing the build ahead of the Changesets publish ensures we fail fast on broken packages.

---

44-49: turbo:build exists in root package.json — resolved.
package.json contains "turbo:build": "turbo build" (line 17).

.github/workflows/pre-release.yml (1)

68-73: Right move: build RCs before creating/publishing the candidate.

This catches build breakages early in the RC flow.

[coderabbitai]

🧹 Nitpick

Add a timeout to avoid stuck RC builds.

Mirror the release workflow with a sensible timeout.

       - name: Build packages
         run: npm run turbo:build
         env:
           NODE_ENV: production
           FORCE_COLOR: 1
+        timeout-minutes: 15

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build packages
	run: npm run turbo:build
	env:
	NODE_ENV: production
	FORCE_COLOR: 1
	- name: Build packages
	run: npm run turbo:build
	env:
	NODE_ENV: production
	FORCE_COLOR: 1
	timeout-minutes: 15

🤖 Prompt for AI Agents

.github/workflows/pre-release.yml around lines 68 to 73: the "Build packages"
step lacks a timeout which can cause RC builds to hang; mirror the release
workflow by adding a timeout (timeout-minutes) to this job or to the specific
step — e.g., set timeout-minutes: 30 on the job or add a timeout property for
the step to ensure the build is terminated after a sensible period and prevent
stuck RC builds.

---

⚠️ Potential issue

🧩 Analysis chain

Confirm turbo:build is present and consistent across workspaces.

Helps ensure RC branches don’t miss the script.

---

🏁 Script executed:

#!/bin/bash
# Root script presence
rg -nP '"turbo:build"\s*:' package.json

# Consistency across packages
fd package.json -t f | xargs -I{} rg -nP -nC2 '"turbo:build"\s*:' {}

# Optional: show the actual command wired to turbo:build for visibility
jq -r '.scripts["turbo:build"] // empty' package.json 2>/dev/null || true

Length of output: 2584

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning repository for package.json files (excluding node_modules/.git)..."
mapfile -t files < <(find . -name 'package.json' -not -path '*/node_modules/*' -not -path './.git/*' -print)

if [ ${#files[@]} -eq 0 ]; then
  echo "No package.json files found."
  exit 0
fi

echo
echo "Root package.json turbo:build (if present):"
if [ -f package.json ]; then
  jq -r '.scripts["turbo:build"] // "__MISSING__"' package.json || echo "__INVALID_JSON__"
else
  echo "No root package.json"
fi

echo
echo "Workspaces / all package.json files:"
for f in "${files[@]}"; do
  val=$(jq -r '.scripts["turbo:build"] // "__MISSING__"' "$f" 2>/dev/null || echo "__INVALID_JSON__")
  if [ "$val" = "__MISSING__" ]; then
    printf "%s: MISSING\n" "$f"
  elif [ "$val" = "__INVALID_JSON__" ]; then
    printf "%s: INVALID_JSON\n" "$f"
  else
    printf "%s: %s\n" "$f" "$val"
  fi
done

Length of output: 132

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Checking root package.json..."
if [ -f package.json ]; then
  root_val=$(jq -r '.scripts["turbo:build"] // "__MISSING__"' package.json 2>/dev/null || echo "__INVALID_JSON__")
  printf "root package.json: %s\n" "$root_val"
else
  echo "root package.json: MISSING"
fi

echo
echo "Scanning repository for package.json files (excluding node_modules and .git)..."
find . -name 'package.json' -not -path '*/node_modules/*' -not -path './.git/*' -print0 | \
  xargs -0 -I{} bash -c 'val=$(jq -r ".scripts[\"turbo:build\"] // \"__MISSING__\"" "$1" 2>/dev/null || echo "__INVALID_JSON__"); printf "%s: %s\n" "$1" "$val"' bash {}

Length of output: 382

---

Add turbo:build to missing workspace package.json files

Root package.json defines "turbo:build" ("turbo build"); the following workspace package.json files are missing it:
./apps/docs/package.json
./apps/extension/package.json
./apps/cli/package.json
./packages/build-config/package.json
./packages/tm-core/package.json

Add "turbo:build": "turbo build" to the listed package.json files or update .github/workflows/pre-release.yml (lines 68–73) to run the build from the root instead.

🤖 Prompt for AI Agents

.github/workflows/pre-release.yml lines 68-73: the workflow calls npm run
turbo:build but several workspace package.json files lack that script; add
"turbo:build": "turbo build" to each of these package.json files
(./apps/docs/package.json, ./apps/extension/package.json,
./apps/cli/package.json, ./packages/build-config/package.json,
./packages/tm-core/package.json) by inserting the script into the "scripts"
section, or alternatively modify the workflow to run the build from the repo
root (ensure the job runs in the root working-directory or invoke npm --prefix .
run turbo:build) so that the existing root script is used.

[Crunchyman-ralph]

they don't all need a build

[coderabbitai]

🧩 Analysis chain

@Crunchyman-ralph, that makes perfect sense! Not all packages in a monorepo need build steps.

Since the root package.json already has the turbo:build script, the workflow should work as-is when running from the repository root. The issue I flagged might not actually be a problem if the workflow is executing in the correct working directory.

Let me verify the workflow behavior:

🐰
∩___∩
( ◕ ◕ ) Ah, got it!
_) (_/
learning

---

🏁 Script executed:

#!/bin/bash
# Check if the workflow runs in the root directory by default
# and verify the turbo:build command in root package.json
echo "Root package.json turbo:build script:"
jq -r '.scripts["turbo:build"]' package.json

echo -e "\nChecking if this resolves to actual turbo commands:"
# Show what turbo build would target
if [ -f turbo.json ]; then
  echo "Found turbo.json configuration"
  jq -r '.pipeline // .tasks // empty' turbo.json | head -10
fi

Length of output: 263

---

Perfect! The workflow is actually correct as written. Here's what's happening:

1. Root script exists: "turbo:build": "turbo build" ✅
2. Turborepo configuration: The turbo.json shows a proper build task with dependency management
3. Selective building: Turborepo will only build packages that have a build script in their individual package.json files

The workflow runs from the repository root by default, so npm run turbo:build correctly finds the root script. Turborepo then intelligently builds only the packages that need building (those with build scripts), respecting the dependency graph with "dependsOn": ["^build"].

My original suggestion about adding turbo:build to all workspace packages was incorrect - that's not how Turborepo is designed to work. The current setup is the right approach!

So the workflow change looks good as-is, and my timeout suggestion from the first comment still applies for preventing stuck builds.

🐰
∩___∩
( ◉ ◉ ) Oops, my mistake!
_) (_/ Thanks for the clarification!

---

✏️ Learnings added

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1213
File: .github/workflows/pre-release.yml:68-73
Timestamp: 2025-09-17T20:26:17.257Z
Learning: User Crunchyman-ralph clarified that not all packages in the monorepo need build steps, so adding turbo:build scripts to every workspace package.json is unnecessary and incorrect.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

[coderabbitai]

🧹 Nitpick

Add a timeout to prevent hung builds from blocking releases.

Recommend a reasonable cap (e.g., 15 minutes).

       - name: Build packages
         run: npm run turbo:build
         env:
           NODE_ENV: production
           FORCE_COLOR: 1
+        timeout-minutes: 15

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build packages
	run: npm run turbo:build
	env:
	NODE_ENV: production
	FORCE_COLOR: 1
	- name: Build packages
	run: npm run turbo:build
	env:
	NODE_ENV: production
	FORCE_COLOR: 1
	timeout-minutes: 15

🤖 Prompt for AI Agents

.github/workflows/release.yml lines 44-49: the "Build packages" job step lacks a
timeout and can hang, blocking releases; add a timeout to the step by specifying
a reasonable cap (e.g., timeout-minutes: 15) for the job or the specific step so
the workflow will fail after the timeout instead of hanging, and keep
environment variables and run command unchanged.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33259cc and cd90b4d.

📒 Files selected for processing (2)

• .changeset/config.json (1 hunks)
• .changeset/odd-otters-tan.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

.changeset/*.md

📄 CodeRabbit inference engine (.cursor/rules/changeset.mdc)

.changeset/*.md: When running npm run changeset or npx changeset add, provide a concise summary of the changes for the CHANGELOG.md in imperative mood, typically a single line, and not a detailed Git commit message.
The changeset summary should be user-facing, describing what changed in the released version that is relevant to users or consumers of the package.
Do not use your detailed Git commit message body as the changeset summary.

Files:

• .changeset/odd-otters-tan.md

.changeset/*

📄 CodeRabbit inference engine (.cursor/rules/new_features.mdc)

Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Files:

• .changeset/odd-otters-tan.md
• .changeset/config.json

🧠 Learnings (5)

📓 Common learnings

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

📚 Learning: 2025-07-18T17:12:57.903Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/new_features.mdc:0-0
Timestamp: 2025-07-18T17:12:57.903Z
Learning: Applies to .changeset/* : Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Applied to files:

• .changeset/odd-otters-tan.md

📚 Learning: 2025-07-18T17:07:53.100Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-07-18T17:07:53.100Z
Learning: Applies to .changeset/*.md : The changeset summary should be user-facing, describing what changed in the released version that is relevant to users or consumers of the package.

Applied to files:

• .changeset/odd-otters-tan.md

📚 Learning: 2025-07-18T17:10:53.657Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/glossary.mdc:0-0
Timestamp: 2025-07-18T17:10:53.657Z
Learning: Guidelines for using Changesets (npm run changeset) to manage versioning and changelogs (changeset.mdc).

Applied to files:

• .changeset/odd-otters-tan.md

📚 Learning: 2025-07-18T17:07:53.100Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-07-18T17:07:53.100Z
Learning: Applies to .changeset/*.md : When running `npm run changeset` or `npx changeset add`, provide a concise summary of the changes for the `CHANGELOG.md` in imperative mood, typically a single line, and not a detailed Git commit message.

Applied to files:

• .changeset/odd-otters-tan.md

🪛 markdownlint-cli2 (0.17.2)

.changeset/odd-otters-tan.md

5-5: First line in a file should be a top-level heading

(MD041, first-line-heading, first-line-h1)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Test
• GitHub Check: rc

🔇 Additional comments (2)

.changeset/config.json (1)

15-15: Confirm baseBranch in .changeset/config.json matches your release branch

Workflows reference both main and next — if releases/pre-releases are based on next, update the changeset; otherwise keep main and ensure PR-creating workflows target main.

File: .changeset/config.json

-  "baseBranch": "main",
+  "baseBranch": "next",

.changeset/odd-otters-tan.md (1)

2-2: Do not assume CI-only — confirm bump level.

This changeset sets @tm/cli to "minor", but this PR modifies apps/cli source (apps/cli/src/**) and apps/cli/package.json (private: true). Keep "minor" if public/API or behavior changes were made; switch to "patch" only if the edits are purely internal/CI fixes.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue

Re-enable commit: true or pass --commit in workflows; false will break version PR creation.

With commit: false, changeset version writes but doesn’t commit, causing empty or failing Release PRs.

Apply this diff (preferred):

-  "commit": false,
+  "commit": true,

Alternatively, keep false and update CI steps to run changeset version --commit.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"commit": false,
	"commit": true,

🤖 Prompt for AI Agents

.changeset/config.json around line 9: the config sets "commit": false which
prevents changeset version from committing version changes and causes empty or
failing release PRs; either set "commit": true in this file to have changeset
version commit and push version changes, or keep it false but update CI workflow
steps to run changeset version --commit (or pass --commit) so the versioning
step performs a commit and enables proper release PR creation.

[coderabbitai]

⚠️ Potential issue

🧩 Analysis chain

Verify the linked group membership; avoid linking non-publishable apps with published packages.

Linking "task-master-ai" (if private/non-publishable) with @tm/cli and @tm/core will force unnecessary bumps and synced versions.

If task-master-ai isn’t a published package, remove it from the linked set:

-  "linked": [
-    ["task-master-ai", "@tm/cli", "@tm/core"]
-  ],
+  "linked": [
+    ["@tm/cli", "@tm/core"]
+  ],

Run this script to confirm package names and privacy:

---

🏁 Script executed:

#!/bin/bash
# List all package names and private flags; highlight linked entries.
jq -r '
  . as $cfg |
  (["PKG_PATH","NAME","PRIVATE","IN_LINKED"] | @tsv),
  ( [inputs] | .[] )' \
  <(cat .changeset/config.json) \
  < <(fd -H -a --full-path 'package.json' | sed 's/.*/"&"/' | xargs -I{} sh -c 'jq -r "[\"{}\", .name, (.private // false), (if .name as $n | (input|.linked|flatten|index($n)) then true else false end)] | @tsv" {} .changeset/config.json')

Length of output: 2398

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

cfg='.changeset/config.json'
if [ ! -f "$cfg" ]; then
  echo "ERROR: $cfg not found"
  exit 1
fi

echo "CONFIG: $cfg"
echo "--- linked entries ---"
jq -r 'if .linked then .linked[][] else empty end' "$cfg" || true

echo
echo "Finding package.json files..."
if command -v fd >/dev/null 2>&1; then
  readarray -t pkg_files < <(fd -H -a --full-path 'package.json' || true)
else
  readarray -t pkg_files < <(find . -type f -name package.json)
fi

if [ "${#pkg_files[@]}" -eq 0 ]; then
  echo "No package.json files found."
  exit 0
fi

printf "%-80s %-40s %-8s\n" "PATH" "NAME" "PRIVATE"
declare -A name_to_private
declare -A name_to_path
for f in "${pkg_files[@]}"; do
  name=$(jq -r '.name // empty' "$f" || echo "")
  private=$(jq -r 'if .private then "true" else "false" end' "$f" || echo "unknown")
  printf "%-80s %-40s %-8s\n" "$f" "$name" "$private"
  if [ -n "$name" ]; then
    name_to_private["$name"]="$private"
    name_to_path["$name"]="$f"
  fi
done

echo
echo "Linked names presence and privacy:"
while read -r name; do
  if [ -z "$name" ]; then continue; fi
  if [ -n "${name_to_private[$name]:-}" ]; then
    printf "%-40s FOUND  private=%s  path=%s\n" "$name" "${name_to_private[$name]}" "${name_to_path[$name]}"
  else
    printf "%-40s NOT FOUND\n" "$name"
  fi
done < <(jq -r 'if .linked then .linked[][] else empty end' "$cfg")

Length of output: 174

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

cfg='.changeset/config.json'
if [ ! -f "$cfg" ]; then
  echo "ERROR: $cfg not found" >&2
  exit 1
fi

echo "CONFIG: $cfg"
echo "--- linked entries ---"
jq -r 'if .linked then .linked[][] else empty end' "$cfg" || true

echo
echo "Finding package.json files..."
tmp=$(mktemp)
trap 'rm -f "$tmp"' EXIT

if command -v fd >/dev/null 2>&1; then
  fd -H -a --full-path 'package.json' > "$tmp" || true
else
  find . -type f -name package.json > "$tmp"
fi

if [ ! -s "$tmp" ]; then
  echo "No package.json files found."
  exit 0
fi

printf "%-80s %-40s %-8s\n" "PATH" "NAME" "PRIVATE"
declare -A name_to_private
declare -A name_to_path

while IFS= read -r f; do
  name=$(jq -r '.name // empty' "$f" 2>/dev/null || echo "")
  private=$(jq -r 'if .private then "true" else "false" end' "$f" 2>/dev/null || echo "unknown")
  printf "%-80s %-40s %-8s\n" "$f" "$name" "$private"
  if [ -n "$name" ]; then
    name_to_private["$name"]="$private"
    name_to_path["$name"]="$f"
  fi
done < "$tmp"

echo
echo "Linked names presence and privacy:"
linked_names=$(jq -r 'if .linked then .linked[][] else empty end' "$cfg" || true)
while IFS= read -r name; do
  [ -n "$name" ] || continue
  if [ -n "${name_to_private[$name]:-}" ]; then
    printf "%-40s FOUND  private=%s  path=%s\n" "$name" "${name_to_private[$name]}" "${name_to_path[$name]}"
  else
    printf "%-40s NOT FOUND\n" "$name"
  fi
done <<< "$linked_names"

Length of output: 1393

---

Don't link the public package with private packages in .changeset/config.json

repo root package.json (task-master-ai) is private=false; apps/cli/package.json (@tm/cli) and packages/tm-core/package.json (@tm/core) are private=true. Linking them will cause private-package changes to bump/release the public package.
Action: remove @tm/cli and @tm/core from the linked group in .changeset/config.json, or move them into their own linked group so only publishable packages are linked together.

🤖 Prompt for AI Agents

In .changeset/config.json around lines 11 to 13, the linked group currently
pairs the public root package (task-master-ai) with private packages (@tm/cli
and @tm/core), which will cause private-package changes to trigger
bumps/releases of the public package; remove @tm/cli and @tm/core from that
linked group or move them into a separate linked group containing only private
packages so that only publishable packages are linked together and the public
package is not affected by private package changes.

[coderabbitai]

🧹 Nitpick

Ignore MD041 for .changeset files or scope markdownlint.

Frontmatter-first is standard for Changesets; suppress MD041 for this folder to avoid false positives.

Option A: add a markdownlint config override to ignore .changeset/**. Option B: disable MD041 for this path.

🤖 Prompt for AI Agents

In .changeset/odd-otters-tan.md around lines 1 to 3, markdownlint rule MD041 is
triggering on frontmatter-first changeset files; update the repo markdownlint
config to ignore this path by adding an override for ".changeset/**" that
disables MD041 or add a rule-specific disable for MD041 for that folder (e.g.,
in the root markdownlint config add an overrides entry for ".changeset/**" with
MD041 set to false) so changeset frontmatter is allowed without linter errors.

[coderabbitai]

🧹 Nitpick

Replace non–user-facing prose with an imperative, user-facing summary.

Current text reads like an experiment note, not a changelog entry.

Apply this diff:

-testing this stuff out to see how the release candidate works with monorepo
+Refine release-candidate build for the monorepo; no runtime changes to the CLI app.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	testing this stuff out to see how the release candidate works with monorepo
	Refine release-candidate build for the monorepo; no runtime changes to the CLI app.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

5-5: First line in a file should be a top-level heading

(MD041, first-line-heading, first-line-h1)

🤖 Prompt for AI Agents

In .changeset/odd-otters-tan.md around line 5, replace the non-user-facing note
"testing this stuff out to see how the release candidate works with monorepo"
with a concise, imperative, user-facing changelog summary (e.g., "Test release
candidate compatibility with monorepo" or "Verify release candidate works in
monorepo"). Ensure the sentence is present-tense, imperative, and describes the
user-visible change or action.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/cli/package.json (1)

29-36: Use workspace range for internal deps during development

"@tm/core": "*" aligns with the monorepo preference. If you decide to publish @tm/cli, this can stay * (resolved by workspace) or be workspace:*. No action needed.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd90b4d and 4200d78.

📒 Files selected for processing (7)

• .changeset/pre.json (1 hunks)
• CHANGELOG.md (1 hunks)
• apps/cli/CHANGELOG.md (1 hunks)
• apps/cli/package.json (2 hunks)
• apps/extension/CHANGELOG.md (1 hunks)
• apps/extension/package.json (4 hunks)
• package.json (4 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

package.json

📄 CodeRabbit inference engine (.cursor/rules/test_workflow.mdc)

Add and update test scripts in package.json to include test, test:watch, test:coverage, test:unit, test:integration, test:e2e, and test:ci

Files:

• package.json

.changeset/*

📄 CodeRabbit inference engine (.cursor/rules/new_features.mdc)

Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Files:

• .changeset/pre.json

🧠 Learnings (22)

📓 Common learnings

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

📚 Learning: 2025-08-11T12:30:23.843Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-11T12:30:23.843Z
Learning: Import Task Master's development workflow commands and guidelines; treat the contents of ./.taskmaster/CLAUDE.md as if included in the main CLAUDE.md

Applied to files:

• CHANGELOG.md
• apps/cli/CHANGELOG.md
• package.json

📚 Learning: 2025-08-07T13:00:22.966Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1090
File: apps/extension/package.json:241-243
Timestamp: 2025-08-07T13:00:22.966Z
Learning: In monorepos, local packages should use "*" as the version constraint in package.json dependencies, as recommended by npm. This ensures the local version from within the same workspace is always used, rather than attempting to resolve from external registries. This applies to packages like task-master-ai within the eyaltoledano/claude-task-master monorepo.

Applied to files:

• apps/cli/CHANGELOG.md
• package.json
• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-09-03T12:16:15.866Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/package.json:13-64
Timestamp: 2025-09-03T12:16:15.866Z
Learning: For internal packages in the claude-task-master project, Crunchyman-ralph prefers pointing package.json "types" entries to src .ts files rather than dist .d.ts files for better developer experience (DX), as the packages are not being exported as SDKs.

Applied to files:

• apps/cli/CHANGELOG.md
• package.json
• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-07-18T17:10:53.657Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/glossary.mdc:0-0
Timestamp: 2025-07-18T17:10:53.657Z
Learning: Guidelines for implementing and maintaining tests for Task Master CLI (tests.mdc).

Applied to files:

• apps/cli/CHANGELOG.md

📚 Learning: 2025-07-18T17:10:12.881Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/dev_workflow.mdc:0-0
Timestamp: 2025-07-18T17:10:12.881Z
Learning: For CLI usage, install Taskmaster globally with `npm install -g task-master-ai` or use locally via `npx task-master-ai ...`.

Applied to files:

• package.json
• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use the global `task-master` CLI command instead of directly invoking `node scripts/dev.js` for all task management operations.

Applied to files:

• package.json
• apps/cli/package.json

📚 Learning: 2025-08-03T12:13:33.875Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/test_workflow.mdc:0-0
Timestamp: 2025-08-03T12:13:33.875Z
Learning: Applies to package.json : Add and update test scripts in package.json to include test, test:watch, test:coverage, test:unit, test:integration, test:e2e, and test:ci

Applied to files:

• package.json

📚 Learning: 2025-07-18T17:18:17.759Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/utilities.mdc:0-0
Timestamp: 2025-07-18T17:18:17.759Z
Learning: Applies to mcp-server/src/{core/utils,tools}/**/*.js : Place utilities specifically designed to support the MCP server implementation into the appropriate subdirectories within `mcp-server/src/` (e.g., path/core logic helpers in `mcp-server/src/core/utils/`, tool execution/response helpers in `mcp-server/src/tools/utils.js`).

Applied to files:

• package.json

📚 Learning: 2025-08-06T21:12:20.981Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1091
File: assets/claude/agents/task-executor.md:1-6
Timestamp: 2025-08-06T21:12:20.981Z
Learning: In the eyaltoledano/claude-task-master repository, agent files in assets/claude/agents/ are intended for distribution to users (for copying), while identical files in .claude/agents/ are for internal project use. This intentional duplication serves different purposes and is not a DRY violation.

Applied to files:

• package.json

📚 Learning: 2025-09-09T19:13:55.652Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1194
File: .github/workflows/ci.yml:31-35
Timestamp: 2025-09-09T19:13:55.652Z
Learning: The claude-task-master project has only one package-lock.json file in the entire workspace (at the root level), so cache-dependency-path configuration is unnecessary for the npm cache in GitHub Actions.

Applied to files:

• package.json

📚 Learning: 2025-09-17T19:09:08.882Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1211
File: jest.resolver.cjs:8-15
Timestamp: 2025-09-17T19:09:08.882Z
Learning: In the eyaltoledano/claude-task-master project, the team only uses .ts files and does not plan to use .tsx or .mts extensions, so Jest resolver and build tooling should focus on .js → .ts mapping only.

Applied to files:

• package.json
• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-08-06T21:12:43.715Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1091
File: assets/claude/agents/task-orchestrator.md:1-6
Timestamp: 2025-08-06T21:12:43.715Z
Learning: In the eyaltoledano/claude-task-master repository, agent files are intentionally duplicated between `.claude/agents/` (for internal project use) and `assets/claude/agents/` (as template files for users to copy). This duplication serves different purposes and should be maintained to support both internal development and user distribution needs.

Applied to files:

• package.json

📚 Learning: 2025-07-31T20:49:04.638Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#997
File: apps/extension/package.publish.json:2-8
Timestamp: 2025-07-31T20:49:04.638Z
Learning: In the eyaltoledano/claude-task-master repository, the VS Code extension uses a 3-file packaging system where package.json (with name "extension") is for development within the monorepo, while package.publish.json (with name "task-master-hamster") contains the clean manifest for VS Code marketplace publishing. The different names are intentional and serve distinct purposes in the build and publishing workflow.

Applied to files:

• package.json
• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-07-18T17:12:57.903Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/new_features.mdc:0-0
Timestamp: 2025-07-18T17:12:57.903Z
Learning: Applies to .changeset/* : Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Applied to files:

• .changeset/pre.json

📚 Learning: 2025-07-18T17:10:53.657Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/glossary.mdc:0-0
Timestamp: 2025-07-18T17:10:53.657Z
Learning: Guidelines for using Changesets (npm run changeset) to manage versioning and changelogs (changeset.mdc).

Applied to files:

• .changeset/pre.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master validate-dependencies` to check for and identify invalid dependencies in tasks.json and task files.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master fix-dependencies` to find and fix all invalid dependencies in tasks.json and task files.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Start new projects by running `task-master init` or `node scripts/dev.js parse-prd --input=<prd-file.txt>` to generate the initial tasks.json.

Applied to files:

• apps/extension/package.json
• apps/cli/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master add-task` to add a new task to tasks.json using AI.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-09-03T12:15:03.208Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: apps/cli/src/commands/auth.command.ts:222-224
Timestamp: 2025-09-03T12:15:03.208Z
Learning: The CLI can be invoked using both "task-master" and "tm" as aliases - both forms are valid and acceptable in help text, documentation, and examples.

Applied to files:

• apps/cli/package.json

📚 Learning: 2025-07-18T17:10:12.881Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/dev_workflow.mdc:0-0
Timestamp: 2025-07-18T17:10:12.881Z
Learning: Applies to tasks.json : Use the `tasks.json` file (generated by Taskmaster) to store the project's task list, including tags and task structures.

Applied to files:

• apps/cli/package.json

🔇 Additional comments (14)

apps/cli/CHANGELOG.md (1)

7-7: Changelog entry OK

Entry is clear and tied to PR/commit. No action.

apps/extension/CHANGELOG.md (1)

7-7: Changelog content looks consistent

PR/commit refs and dependency bump align with the RC flow.

CHANGELOG.md (1)

3-13: Top-level RC notes are fine

Version/tagging and dependency reference read correctly.

apps/cli/package.json (3)

3-3: RC version bump OK

Matches changelog and pre mode.

---

12-15: Files list OK

Includes dist and README; good for publish.

---

16-27: Test scripts coverage meets guidelines

All required scripts present (test, watch, coverage, unit, integration, e2e, ci).

package.json (3)

3-3: RC version bump OK

Matches pre mode and changelog.

---

12-16: Workspaces layout OK

Including . is acceptable; single root lockfile noted by team.

---

122-127: Files list formatting change only

No issues.

apps/extension/package.json (4)

6-6: RC version bump OK

Matches extension changelog.

---

12-17: No-op formatting

Categories formatting change is fine.

---

19-22: Activation event glob may be overly broad

workspaceContains:.taskmaster/** can trigger on any file under .taskmaster. Consider a cheaper check like .taskmaster/config.json for faster activation.
[suggest_minor_issue]

-  "activationEvents": [
-    "onStartupFinished",
-    "workspaceContains:.taskmaster/**"
-  ],
+  "activationEvents": [
+    "onStartupFinished",
+    "workspaceContains:.taskmaster/config.json"
+  ],

---

150-155: Enums formatting only

No issues.

.changeset/pre.json (1)

12-16: Verify listed changesets exist and target the right packages

All three changesets in .changeset/pre.json exist and target these packages:

• moody-oranges-slide → "task-master-ai": minor
• odd-otters-tan → "@tm/cli": minor
• wild-ears-look → "extension": minor

[coderabbitai]

⚠️ Potential issue

🧩 Analysis chain

Blocking: depends on @tm/cli@1.1.0-rc.0 while @tm/cli is private

As-is, publishing task-master-ai will produce installs that attempt to fetch @tm/cli@1.1.0-rc.0 from npm, but the package is private in this PR. Decide one:

• Option A (publish @tm/cli): remove private in apps/cli/package.json and set its exports to built JS (see suggested diff there). Keep this exact semver here.
• Option B (keep @tm/cli private): remove @tm/cli from dependencies here and inline or refactor usage so runtime doesn’t require it.

Please confirm the intended path.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
echo "=== rg search for @tm/cli ==="
rg -n --hidden -S '"@tm/cli"' || true

echo
echo "=== Matches with context ==="
rg -n -C2 --hidden -S '"@tm/cli"' || true

echo
echo "=== Files containing '@tm/cli' ==="
rg -l --hidden -S '"@tm/cli"' || true

echo
echo "=== Show apps/cli/package.json (if present) ==="
if [ -f "apps/cli/package.json" ]; then
  echo "---- apps/cli/package.json ----"
  jq '.name, .version, .private, .exports, .dependencies' apps/cli/package.json || sed -n '1,200p' apps/cli/package.json
else
  echo "apps/cli/package.json not found"
fi

echo
echo "=== Show package.json files under repo (limit output) ==="
find . -type f -name "package.json" -not -path "./node_modules/*" -print0 | xargs -0 -n1 -I{} bash -c 'echo "---- {} ----"; sed -n "1,200p" "{}"; echo'

Length of output: 16674

---

Blocking: root depends on private @tm/cli@1.1.0-rc.0

apps/cli/package.json has "private": true and "exports" → "./src/index.ts"; root package.json depends on "@tm/cli": "1.1.0-rc.0". Publishing task-master-ai will make installs try to fetch @tm/cli from the registry.

• Option A — Publish @tm/cli: set apps/cli/package.json "private": false and update exports to point to built JS (e.g. "./dist/index.js"); keep dependency version "1.1.0-rc.0" in root.
• Option B — Keep @tm/cli private: remove "@tm/cli" from root dependencies (or refactor/inline its runtime usage) so the published package has no registry dependency on it.

Files: package.json (root), apps/cli/package.json. Confirm chosen path.

🤖 Prompt for AI Agents

In package.json around line 72, the root package depends on a private package
"@tm/cli": "1.1.0-rc.0" which will break publishing; choose one fix and apply
it: Option A — make apps/cli/package.json publishable by setting "private":
false, change "exports" to point to the built JS entry (e.g. "./dist/index.js"),
ensure build output and update any build/publish scripts so the published
package contains dist, keep the root dependency as-is; OR Option B — keep
apps/cli private and remove "@tm/cli" from root dependencies (or refactor/inline
its runtime usage into the root package), update any imports/usages accordingly
so the root package has no registry dependency; update package.json files and
CI/publish configs accordingly and state which option you chose in the PR.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (4)

apps/cli/package.json (1)

9-11: Exports should resolve to built JS (not TS sources) if this package is ever published.

Node honors "exports" over "main". Point to dist to avoid runtime failures; keep "types" → src for DX (team preference).

-  "exports": {
-    ".": "./src/index.ts"
-  },
+  "exports": {
+    ".": "./dist/index.js"
+  },

apps/extension/package.json (1)

243-244: Good: use "*" for local workspace dep.

Switch to "task-master-ai": "*" matches the monorepo convention and prior guidance.

Quick check to ensure the publish manifest doesn’t ship "*" to the marketplace:

#!/bin/bash
set -euo pipefail
fd -H -a --full-path 'package.publish.json' apps/extension | while read -r f; do
  echo "== Inspecting $f =="
  jq -r '.version, .dependencies["task-master-ai"]' "$f" 2>/dev/null || sed -n '1,120p' "$f"
done

.changeset/config.json (2)

9-9: Re-enable commits from changeset version or pass --commit in CI.

With "commit": false, the Version step won’t commit changes; Release/RC PRs will be empty/broken.

-  "commit": false,
+  "commit": true,

Alternative: keep false but add changeset version --commit in pre-release/release workflows.

---

11-13: Don’t link public package with private packages.

Linking "task-master-ai" (public) with private "@tm/cli" and "@tm/core" will force unnecessary bumps/releases.

-  "linked": [
-    ["task-master-ai", "@tm/cli", "@tm/core"]
-  ],
+  "linked": [
+    ["@tm/cli", "@tm/core"]
+  ],

If all three must be synced, make the private ones publishable or move the public one out of this group.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4200d78 and d48118f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• .changeset/config.json (1 hunks)
• apps/cli/package.json (1 hunks)
• apps/extension/package.json (2 hunks)
• packages/tm-core/package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/*

📄 CodeRabbit inference engine (.cursor/rules/new_features.mdc)

Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Files:

• .changeset/config.json

🧠 Learnings (13)

📓 Common learnings

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/glossary.mdc:0-0
Timestamp: 2025-07-18T17:10:53.657Z
Learning: Guidelines for using Changesets (npm run changeset) to manage versioning and changelogs (changeset.mdc).

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

📚 Learning: 2025-09-03T12:16:15.866Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/package.json:13-64
Timestamp: 2025-09-03T12:16:15.866Z
Learning: For internal packages in the claude-task-master project, Crunchyman-ralph prefers pointing package.json "types" entries to src .ts files rather than dist .d.ts files for better developer experience (DX), as the packages are not being exported as SDKs.

Applied to files:

• packages/tm-core/package.json
• apps/cli/package.json
• apps/extension/package.json

📚 Learning: 2025-07-18T17:10:12.881Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/dev_workflow.mdc:0-0
Timestamp: 2025-07-18T17:10:12.881Z
Learning: For CLI usage, install Taskmaster globally with `npm install -g task-master-ai` or use locally via `npx task-master-ai ...`.

Applied to files:

• apps/cli/package.json
• apps/extension/package.json

📚 Learning: 2025-09-03T12:15:03.208Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: apps/cli/src/commands/auth.command.ts:222-224
Timestamp: 2025-09-03T12:15:03.208Z
Learning: The CLI can be invoked using both "task-master" and "tm" as aliases - both forms are valid and acceptable in help text, documentation, and examples.

Applied to files:

• apps/cli/package.json

📚 Learning: 2025-07-31T20:49:04.638Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#997
File: apps/extension/package.publish.json:2-8
Timestamp: 2025-07-31T20:49:04.638Z
Learning: In the eyaltoledano/claude-task-master repository, the VS Code extension uses a 3-file packaging system where package.json (with name "extension") is for development within the monorepo, while package.publish.json (with name "task-master-hamster") contains the clean manifest for VS Code marketplace publishing. The different names are intentional and serve distinct purposes in the build and publishing workflow.

Applied to files:

• apps/cli/package.json
• apps/extension/package.json

📚 Learning: 2025-07-18T17:07:53.100Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-07-18T17:07:53.100Z
Learning: Always stage and commit the generated `.changeset/*.md` file along with your relevant code changes.

Applied to files:

• .changeset/config.json

📚 Learning: 2025-07-18T17:06:57.833Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/ai_services.mdc:0-0
Timestamp: 2025-07-18T17:06:57.833Z
Learning: Applies to scripts/modules/task-manager/*.js : Do not initialize AI clients (Anthropic, Perplexity, etc.) directly within core logic (`task-manager/`) or MCP direct functions.

Applied to files:

• .changeset/config.json

📚 Learning: 2025-08-07T13:00:22.966Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1090
File: apps/extension/package.json:241-243
Timestamp: 2025-08-07T13:00:22.966Z
Learning: In monorepos, local packages should use "*" as the version constraint in package.json dependencies, as recommended by npm. This ensures the local version from within the same workspace is always used, rather than attempting to resolve from external registries. This applies to packages like task-master-ai within the eyaltoledano/claude-task-master monorepo.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master validate-dependencies` to check for and identify invalid dependencies in tasks.json and task files.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master fix-dependencies` to find and fix all invalid dependencies in tasks.json and task files.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Start new projects by running `task-master init` or `node scripts/dev.js parse-prd --input=<prd-file.txt>` to generate the initial tasks.json.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-07-18T17:19:27.365Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: assets/.windsurfrules:0-0
Timestamp: 2025-07-18T17:19:27.365Z
Learning: Use `task-master add-task` to add a new task to tasks.json using AI.

Applied to files:

• apps/extension/package.json

📚 Learning: 2025-09-17T19:09:08.882Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1211
File: jest.resolver.cjs:8-15
Timestamp: 2025-09-17T19:09:08.882Z
Learning: In the eyaltoledano/claude-task-master project, the team only uses .ts files and does not plan to use .tsx or .mts extensions, so Jest resolver and build tooling should focus on .js → .ts mapping only.

Applied to files:

• apps/extension/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: typecheck
• GitHub Check: build
• GitHub Check: Test
• GitHub Check: rc

🔇 Additional comments (3)

packages/tm-core/package.json (1)

3-3: LGTM on version alignment.

Version bump to 0.26.0 looks consistent with the RC flow; package remains private and "types" → src matches team DX preference.

If you plan to publish @tm/core later, mirror the CLI note: change exports to dist before flipping private.

apps/extension/package.json (1)

6-6: RC version change OK.

0.25.0-rc.0 for the dev manifest is fine for pre-release builds.

.changeset/config.json (1)

15-15: Confirm changesets baseBranch matches release target.

.changeset/config.json sets "baseBranch": "main" while this PR and several workflows reference/operate on "next" (see .github/workflows/pre-release.yml and .github/workflows/claude-docs-updater.yml which creates PRs with --base next). If RCs/releases should target "next", change .changeset/config.json -> "next" or update the workflows that invoke changesets/action/publish.

[coderabbitai]

⚠️ Potential issue

🧩 Analysis chain

Blocking: @tm/cli is private while the root appears to depend on it (publish will fail).

Pick one:

• Option A (publish @tm/cli): remove "private": true and point exports to built JS.
• Option B (keep private): remove "@tm/cli" as a runtime dep from the publishable root (or gate it behind workspace-only tooling).

Apply (Option A):

-  "private": true,
+  // publishable; required if root depends on @tm/cli

And update exports (see next comment).
Run this to verify current coupling and CI usage:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== root depends on @tm/cli? =="
if [ -f package.json ]; then jq -r '.dependencies["@tm/cli"], .devDependencies["@tm/cli"]' package.json 2>/dev/null; fi

echo "== occurrences of @tm/cli across repo =="
rg -n --hidden --no-ignore-vcs '"@tm/cli"' -g '!**/node_modules/**' || true

echo "== changeset version invocations (should pass --commit if commit:false) =="
rg -n --hidden --no-ignore-vcs -g '!**/node_modules/**' -g '.github/workflows/**' -e 'changeset\s+version' -n -C2 || true

Length of output: 622

---

Blocking: apps/cli is private but root depends on @tm/cli (publish will fail).

Verified: root package.json declares @tm/cli as a dependency (version "*"); apps/cli/package.json contains "private": true (line 6).

Choose one:

• Option A — make @tm/cli publishable: remove "private": true from apps/cli/package.json and update exports to point to the built JS.
• Option B — keep it private: remove @tm/cli from the root's runtime dependencies or make it workspace-only / gated behind workspace tooling.

.github/workflows/pre-release.yml runs npx changeset version so this must be resolved before publishing.

🤖 Prompt for AI Agents

In apps/cli/package.json around line 6, package is marked "private": true while
root package.json depends on @tm/cli, causing publish to fail; either (A) make
@tm/cli publishable by removing "private": true, ensure the package has a proper
"main"/"exports" pointing to the built JS, add build and prepare scripts if
missing and confirm version and license fields before publishing, or (B) keep it
private by removing @tm/cli from the root's runtime dependencies (replace with a
dev/workspace-only reference or gate usage behind workspace tooling), and update
root package.json and any import/usage to use workspace protocol or dev-only
tooling so the package is not required at publish time.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

.github/workflows/pre-release.yml (1)

73-78: Add a timeout to prevent hung builds.

       - name: Build packages
         run: npm run turbo:build
         env:
           NODE_ENV: production
           FORCE_COLOR: 1
+        timeout-minutes: 15

.changeset/config.json (2)

9-9: commit: false breaks RC PR creation; enable commits or pass --commit in CI.

Prefer enabling commits in config:

-  "commit": false,
+  "commit": true,

Alternative (if you must keep false): update the workflow to run npx changeset version --commit and ensure the commit happens before changesets/action@v1.

---

11-13: Don’t link public and private packages together; it forces unnecessary bumps.

If @tm/cli and @tm/core are private, remove them from the public package’s linked set (or make a private-only group):

-  "linked": [
-    ["task-master-ai", "@tm/cli", "@tm/core"]
-  ],
+  "linked": [
+    ["task-master-ai"]
+  ],

If they’re publishable, put only publishable packages in the same group.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d48118f and a8ebd74.

📒 Files selected for processing (2)

• .changeset/config.json (1 hunks)
• .github/workflows/pre-release.yml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/*

📄 CodeRabbit inference engine (.cursor/rules/new_features.mdc)

Create appropriate changesets for new features, use semantic versioning, include tagged system information in release notes, and document breaking changes if any.

Files:

• .changeset/config.json

🧠 Learnings (7)

📓 Common learnings

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/glossary.mdc:0-0
Timestamp: 2025-07-18T17:10:53.657Z
Learning: Guidelines for using Changesets (npm run changeset) to manage versioning and changelogs (changeset.mdc).

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

📚 Learning: 2025-09-17T20:26:17.257Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1213
File: .github/workflows/pre-release.yml:68-73
Timestamp: 2025-09-17T20:26:17.257Z
Learning: User Crunchyman-ralph clarified that not all packages in the monorepo need build steps, so adding turbo:build scripts to every workspace package.json is unnecessary and incorrect.

Applied to files:

• .github/workflows/pre-release.yml

📚 Learning: 2025-09-17T19:08:57.882Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1211
File: tests/integration/cli/complex-cross-tag-scenarios.test.js:20-22
Timestamp: 2025-09-17T19:08:57.882Z
Learning: The user Crunchyman-ralph confirmed that in their build pipeline, they assume dist/ artifacts are already built by the time tests run, when tests reference dist/task-master.js instead of bin/task-master.js.

Applied to files:

• .github/workflows/pre-release.yml

📚 Learning: 2025-09-03T12:16:15.866Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/package.json:13-64
Timestamp: 2025-09-03T12:16:15.866Z
Learning: For internal packages in the claude-task-master project, Crunchyman-ralph prefers pointing package.json "types" entries to src .ts files rather than dist .d.ts files for better developer experience (DX), as the packages are not being exported as SDKs.

Applied to files:

• .github/workflows/pre-release.yml

📚 Learning: 2025-09-09T19:13:55.652Z

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1194
File: .github/workflows/ci.yml:31-35
Timestamp: 2025-09-09T19:13:55.652Z
Learning: The claude-task-master project has only one package-lock.json file in the entire workspace (at the root level), so cache-dependency-path configuration is unnecessary for the npm cache in GitHub Actions.

Applied to files:

• .github/workflows/pre-release.yml

📚 Learning: 2025-07-18T17:07:53.100Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-07-18T17:07:53.100Z
Learning: Always stage and commit the generated `.changeset/*.md` file along with your relevant code changes.

Applied to files:

• .changeset/config.json

📚 Learning: 2025-07-18T17:06:57.833Z

Learnt from: CR
PR: eyaltoledano/claude-task-master#0
File: .cursor/rules/ai_services.mdc:0-0
Timestamp: 2025-07-18T17:06:57.833Z
Learning: Applies to scripts/modules/task-manager/*.js : Do not initialize AI clients (Anthropic, Perplexity, etc.) directly within core logic (`task-manager/`) or MCP direct functions.

Applied to files:

• .changeset/config.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Test

[coderabbitai]

⚠️ Potential issue

Use a non-mutating formatter in CI (prefer --check) and/or run formatting before versioning.

Running a write-mode formatter here will create additional diffs that later get committed by the workflow. Switch to a check-only command or move formatting before the version step.

-      - name: Run format
-        run: npm run format
+      - name: Run format (check only)
+        run: npm run format:check --if-present || npx prettier --check .
         env:
           FORCE_COLOR: 1

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

.github/workflows/pre-release.yml lines 68-72: the workflow currently runs a
write-mode formatter (npm run format) that mutates the working tree and can
create diffs committed later; change this step to a non-mutating check (e.g.,
run the formatter in --check/--dry-run mode by invoking the npm script with the
appropriate flag) or move the existing format step to run before any
versioning/commit steps so formatting occurs prior to producing release commits;
update the workflow to fail on formatting issues rather than modifying files in
CI.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a8ebd74 and 5cb033e.

📒 Files selected for processing (2)

• apps/cli/src/commands/context.command.ts (1 hunks)
• packages/tm-core/src/repositories/supabase-task-repository.ts (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: Crunchyman-ralph
PR: eyaltoledano/claude-task-master#1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test
• GitHub Check: build
• GitHub Check: typecheck

🔇 Additional comments (1)

apps/cli/src/commands/context.command.ts (1)

329-329: LGTM! The change to show full IDs improves user experience.

This change from displaying abbreviated IDs (brief.id.slice(0, 8)) to full IDs (brief.id) in the brief selection choices aligns well with the related change in the task repository that now uses display_id for case-insensitive matching. Users can now see and select the complete identifier.

[coderabbitai]

⚠️ Potential issue

🧩 Analysis chain

Verify the schema and update dependent queries for consistency.

The change from .eq('id', taskId) to .ilike('display_id', taskId) suggests a shift from exact numeric ID matching to case-insensitive display ID matching. This aligns with the CLI showing full IDs instead of abbreviated ones.

However, there are potential consistency issues:

1. Lines 82 and 88 still use taskId for exact matches on task_id and parent_task_id fields
2. The change assumes display_id contains the same value as the input taskId

---

🏁 Script executed:

#!/bin/bash
# Verify display_id field exists and check for consistency in task ID usage

echo "=== Checking for display_id field in database schema ==="
fd -e sql -e ts | xargs rg -n "display_id" --type-add 'sql:*.sql' -A 2 -B 2

echo -e "\n=== Checking other uses of task_id in queries ==="
rg -n "\.eq\('.*task_id" --type ts -A 1 -B 1

echo -e "\n=== Checking TaskMapper usage with display_id ==="
fd TaskMapper.ts | xargs cat

Length of output: 7363

---

Fix inconsistent use of display_id vs id in supabase-task-repository.ts

• display_id exists (packages/tm-core/src/types/database.types.ts) and TaskMapper sets id = display_id || id (packages/tm-core/src/mappers/TaskMapper.ts:64).
• Current code selects by display_id (.ilike('display_id', taskId) at packages/tm-core/src/repositories/supabase-task-repository.ts:68) but later uses .eq('task_id', taskId) and .eq('parent_task_id', taskId) (lines 82 & 88). Those FK fields reference the primary id column, so passing a display_id string will not match.
• Action (choose one): fetch the task row by display_id and use the returned row.id for subsequent .eq('task_id', ...)/.eq('parent_task_id', ...); or revert to querying by id; or make schema/queries consistently use display_id for FKs. Implement the first option for the smallest, safest change.

🤖 Prompt for AI Agents

In packages/tm-core/src/repositories/supabase-task-repository.ts around line 68
(and the subsequent queries at ~82 and ~88), the code currently queries by
display_id (.ilike('display_id', taskId)) but then uses taskId directly for FK
comparisons (.eq('task_id', taskId) and .eq('parent_task_id', taskId)), which is
incorrect because those FKs reference the primary id. Update the flow to first
fetch the task row by display_id (using the existing .ilike call), extract the
returned row.id (the primary id), and then use that primary id value for the
subsequent .eq('task_id', ...) and .eq('parent_task_id', ...) queries; also
handle the case where no row is found (return or throw appropriate error) before
proceeding.