Agents Playbook

Agents Playbook

Matrix Glossary llms.txt Bundle Welcome Getting started The matrix — pillars × phases

Pillars

SDLC Phases

Phase 05 — Ship

Resources

ADR-NNNN — <Short Title>

AGENTS.md template

CLAUDE.md template

PR Intent Manifest

RFC-NNNN — <Short Title>

Reusable prompts

Slash Command — /clear

Slash Command — /goal

Slash Command — /loop

Slash Command — /review

Slash Command — /sanity

Slash Command — /ship

Sub-agent Recipe — Code Explorer

Sub-agent Recipe — Code Reviewer

Sub-agent Recipe — Explore

Sub-agent Recipe — Plan

System Prompt — Architect

System Prompt — Implementer

System Prompt — Reviewer

System Prompt — Security Reviewer

Reference gate scripts

SDLC Phases/05 ship

Phase 05 — Ship

How to turn a green main into a release without surprising consumers.

Phase 05 — Ship

How to turn a green main into a release without surprising consumers.

TL;DR (human)

Tests green is not enough. A release-gate checklist runs structural gates + sanity + cold prod-build walk + changesets + security review. Versions bump per semver. Artifacts get signed. Rollback plan is written before, not after.

For agents

Pre-release outputs

pnpm check:all — full pre-release sweep green.
Sanity report CLEAN — no metric regressions vs last release baseline.
Release-blockers empty — no open issue tagged release-blocker.
Changesets generated — every consumer-visible PR has one; aggregated into the release notes.
Cold prod-build walk — operator-driven; literal demo script; recorded.
Security sweep — pending advisories triaged; threat model reviewed for new surfaces.
Signed artifacts — binaries / installers signed; SHA / GPG attested.
Rollback plan — how to revert; who pushes; on-call assigned.

Per pillar — Ship-phase discipline

Architecture

Peer-dep compat matrix updated.
Public API diff produced; breaking changes called out.
ADRs for this release tagged with the release version.

Security

Dependency vulnerability triage (CVE list).
Threat model walked: new surfaces, new mitigations, new residuals.
Key rotation review (any keys past their rotation date?).
Audit ledger verification job green.

UI-UX

Per-locale parity verified.
Brand-kit matrix tested (default + test brand both render cleanly).
A11y full sweep on changed screens.
Demo walk-through script executed on cold prod build.

Quality

check:all green.
Mutation pass scheduled (or last result acceptable).
Coverage at threshold per package.
No flaky-tests baseline regressions.

Governance

Changesets present per consumer-visible PR.
Tombstones applied to retired plans.
Release notes drafted (user-facing + internal).

AI-collaboration

Memory groomed: facts that are now release-stable promoted to CLAUDE.md / AGENTS.md.
Sub-agent recipe updates rolled out (if any).

Cold prod-build walk (non-skippable)

CI green is not "demo reachable". A green build can hide:

Route-gating bugs that prod-only conditions trigger.
Bundler-mode differences (dev vs prod).
SSR vs CSR boundary mistakes.
Environment-variable misses.

Therefore:

Build a production artefact from main on a clean checkout.
Walk the literal demo script: every step a customer / investor would take.
Record outcome. Screenshots / video.
Any unhandled state → SHIP-BLOCK. File issue; fix; redo walk.

This is operator-driven. Agents cannot self-verify a cold walk because they cannot click. They prepare the artefact and the script; the operator runs it.

Investor / customer percent claims

The percent-ready number you state externally comes from the cold walk, not from CI. CI-derived percentages are a sanity check; they are not the truth. Reading too much into "tests pass" produces overclaims that hurt at demo time.

Versioning

Semver per package. Conventions:

patch (x.y.Z+1) — internal fixes, no consumer-visible API change.
minor (x.Y+1.0) — additive changes; new method, new field with default.
major (X+1.0.0) — breaking change. Requires RFC + migration plan + deprecation window honoured.

Aggregate the changesets; verify each PR's classification matches its diff.

Rollback plan

Per release:

What changed: list of consumer-visible changes.
Smoke tests post-release: which surfaces / flows to verify within N minutes.
Rollback procedure: exact commands; expected duration.
Rollback authority: who can trigger; under what condition.
Comms plan: who tells users; via which channel.

The plan exists before the release tag. Writing it post-release is too late.

Common failure modes

"Investor-ready 90% because tests pass." Overclaim; demo crashes. → Cold walk dictates the number.
Release with no changesets. Consumers cannot see what changed. → Per-PR changeset; aggregate at release.
Auto-publish from CI on tag. Rollback path unclear if it goes wrong. → Manual trigger; explicit on-call.
Tombstones not applied. Release ships with retired plans claiming work that is done. → Sweep tombstones at release branch.

Exit criteria (release tag)

You can tag a release when:

All checkboxes above ticked.
Cold walk complete with no blockers.
Rollback plan signed off.
Release notes published (or queued for publish at tag).

See also

../../pillars/quality/sanity-pattern.md
../../pillars/governance/tombstone-pattern.md
../../prompts/slash-ship.md — orchestrator slash command for this checklist.

Phase 04 — Test

How 'tests pass' stops being a feeling and starts being a contract.

Phase 06 — Operate

What 'running it' looks like after agents have shipped the first release.

On this page

Phase 05 — Ship

Pre-release outputs

Per pillar — Ship-phase discipline

Cold prod-build walk (non-skippable)

Investor / customer percent claims

Common failure modes

Exit criteria (release tag)