ci(publish): publish @agent-relay/fleet in the release pipeline

[willwashburn]

Problem

The Publish Package workflow (run 27600505024) failed twice in Publish Main Package:

Waiting for npm registry propagation: @agent-relay/fleet@8.8.0
...
Timed out waiting for CLI @agent-relay/* dependencies:
  - @agent-relay/fleet@8.8.0

The root agent-relay CLI now depends on @agent-relay/fleet, so publish-main's "Wait for CLI internal dependencies" step (which derives its list from packages/cli/package.json's @agent-relay/* deps) blocks on @agent-relay/fleet@<bumped version>. But fleet was never added to the publish workflow, so on the all-package release nothing publishes it → the wait loop (12×10s) times out.

Note: the Build & Version job (which runs the test suite) passed this time — the earlier mock fix (#1135) is working. This is a separate, downstream gap.

Fix

Add a publish-fleet job that:

• runs after publish-harnesses — fleet pins @agent-relay/{harnesses,harness-driver,sdk} by exact version, so it must land after harnesses to avoid the same install-resolution race the broker/sdk/harnesses ordering already guards against;
• is gated if: package == 'all' (mirrors publish-harnesses);
• skips if the version already exists, and publishes with --provenance like every other package.

Wire it into publish-main's needs + if so the root tarball is only published once fleet is on the registry.

⚠️ Manual step required before the next release

@agent-relay/fleet@8.7.2 was a manual token publish (no provenance attestations), so the package has no npm Trusted Publisher configured. This workflow publishes via OIDC (id-token: write + --provenance, no NODE_AUTH_TOKEN anywhere), so the new publish-fleet job will fail auth until the Trusted Publisher for @agent-relay/fleet is added on npmjs.com → Package settings → Trusted Publishing → GitHub Actions → repo AgentWorkforce/relay, workflow publish.yml.

Validation

• actionlint clean (no new findings).
• Job graph verified: publish-fleet defined, referenced in publish-main needs + if.
• npm publish --dry-run for packages/fleet packs cleanly (6 files: dist/ + README + package.json).

Follow-up (not in this PR)

The main / cli-prerelease release path (publish-main-runtime-deps) also doesn't publish fleet (or its harnesses dep). It's a less-common path and was already incomplete for fleet; worth covering separately if those paths are used.

🤖 Generated with Claude Code

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 46c63270-5af7-4b8d-b619-7e33b82191a2

📥 Commits

Reviewing files that changed from the base of the PR and between e2fc988 and 06bf919.

📒 Files selected for processing (1)

• .github/workflows/publish.yml

---

📝 Walkthrough

Walkthrough

A new publish-fleet CI job is added to .github/workflows/publish.yml to publish the packages/fleet npm package with dry-run, OIDC provenance, and version-exists skip support. publish-main is updated to list publish-fleet as a dependency and its gating condition now requires publish-fleet to be success or skipped.

Changes

publish-fleet job and publish-main gating

Layer / File(s)	Summary
publish-fleet job definition and publish-main wiring .github/workflows/publish.yml	Adds the publish-fleet job (lines 1024–1072) with dry-run, OIDC npm, and skip-if-version-exists logic; adds publish-fleet to publish-main's needs list and extends its if: condition to require publish-fleet to be success or skipped.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 A fleet sets sail on the npm sea,
With OIDC flags waving proud and free,
If the version exists, we skip with grace,
And main waits patiently to take its place,
Hop hop hooray — the pipeline's complete! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding a publish-fleet job to the CI/CD release pipeline.
Description check	✅ Passed	The description provides comprehensive context (problem statement, fix details, validation steps) but deviates from the repository's template structure by not using the required Summary/Test Plan sections.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/publish-fleet-package

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}