docs(release): add dependency pinning policy and update check step

Release process now checks for sqlite-vec, node-llama-cpp, and better-sqlite3 updates before cutting a release. All deps must be pinned to exact versions.
2026-04-05 18:17:13 -04:00 · 2026-04-05 18:17:13 -04:00 · 79a53f856e
commit 79a53f856e
parent 9c0d100a09
1 changed files with 13 additions and 0 deletions
--- a/skills/release/SKILL.md
+++ b/skills/release/SKILL.md
@ -46,8 +46,21 @@ When the user triggers `/release <version>`:
   ```
   The agent will be notified when CI completes and should report the result.

+7. **Check dependency updates** — before cutting the release, check for
+   updates to `sqlite-vec` (and platform packages), `node-llama-cpp`,
+   and `better-sqlite3`. Run `pnpm outdated` and report any available
+   updates for these packages. If updates exist, bump them (pinned, no
+   `^` ranges) and re-run tests before proceeding.
+
 If any step fails, stop and explain. Never force-push or skip validation.

+## Dependency Policy
+
+All dependencies must be pinned to exact versions (no `^` or `~` ranges).
+The lockfile ensures reproducible installs. When adding or updating any
+dependency, always use the exact version string (e.g. `"3.18.1"` not
+`"^3.18.1"`).
+
 ## Changelog Standard

 The changelog lives in `CHANGELOG.md` and follows [Keep a Changelog](https://keepachangelog.com/) conventions.