From 73532be993f78a6d2e4fd4c471db927fc4478400 Mon Sep 17 00:00:00 2001 From: fOuttaMyPaint Date: Sun, 14 Jun 2026 21:06:29 -0400 Subject: [PATCH] fix(scaffold): mcp-server docs match tag-only release; npm dependabot with held majors [skip version] Future mcp-server borns were inheriting the abandoned conventional-commit auto-bump language and shipped without an npm dependabot config. Align the template with the tag-only model that actually ships: - AGENTS.md.j2 (branching + code-conventions), CONTRIBUTING.md.j2, and cursorrules.j2 mcp-server branches: 'CI auto-bumps / never edit the version' -> 'bump the version in your PR; CI tags and publishes it'. cursor-plugin branches keep their auto-bump wording (release-doc-sync still auto-bumps). - dependabot.yml.j2: mcp-server repos now get an npm ecosystem with the same held-major ignores baked in (zod semver-major, typescript semver-major, @types/node >=23) so a fresh born does not spawn that backlog on day one. The mcp-server template emits no src/ skeleton, so there is no hardcoded server-version literal to fix in the template (that fix applied to the already-born local-ai-mcp). No STANDARDS_VERSION/VERSION change. Signed-off-by: fOuttaMyPaint --- scaffold/templates/AGENTS.md.j2 | 9 ++++++++- scaffold/templates/CONTRIBUTING.md.j2 | 2 +- scaffold/templates/cursorrules.j2 | 2 +- scaffold/templates/dependabot.yml.j2 | 19 +++++++++++++++++++ 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/scaffold/templates/AGENTS.md.j2 b/scaffold/templates/AGENTS.md.j2 index 4533744..0a52e25 100644 --- a/scaffold/templates/AGENTS.md.j2 +++ b/scaffold/templates/AGENTS.md.j2 @@ -32,10 +32,17 @@ This is an MCP server. It contains: ## Branching and commit model - **Single branch**: `main` only. No develop/release branches. +{% if type == 'cursor-plugin' %} - **Conventional commits** are required. The release workflow parses them: - `feat:` or `feat(scope):` -- triggers a **minor** version bump - `feat!:` or `BREAKING CHANGE` -- triggers a **major** version bump - Everything else (`fix:`, `chore:`, `docs:`, etc.) -- triggers a **patch** bump +{% else %} +- **Conventional commits** are required. Use them to decide your version bump, then apply it in your PR (`npm version --no-git-tag-version`); `release.yml` tags and publishes that version on merge, and CI never writes to `main`: + - `feat:` or `feat(scope):` -- bump the **minor** version + - `feat!:` or a `BREAKING CHANGE` trailer -- bump the **major** version + - everything else (`fix:`, `chore:`, `docs:`, etc.) -- bump the **patch** version +{% endif %} - Commit messages should be concise and describe the "why", not the "what". ## CI/CD workflows @@ -121,7 +128,7 @@ Keeps repository labels in sync. - Rules use `.mdc` extension with frontmatter. {% else %} - No hardcoded credentials -- CI scans for password/token/api_key patterns. -- Conventional commits; never hand-edit the version. +- Conventional commits; bump the version deliberately in your PR (CI tags and publishes it). - Keep `mcp-tools.json` in sync with the tools registered in `src/tools/`. {% endif %} diff --git a/scaffold/templates/CONTRIBUTING.md.j2 b/scaffold/templates/CONTRIBUTING.md.j2 index 52523f7..0e940c7 100644 --- a/scaffold/templates/CONTRIBUTING.md.j2 +++ b/scaffold/templates/CONTRIBUTING.md.j2 @@ -57,7 +57,7 @@ Use [Conventional Commits](https://www.conventionalcommits.org/): - Add it to `mcp-tools.json` - Add vitest tests -Never hand-edit the version; CI auto-bumps `package.json`. +Bump the version in `package.json` in your PR (e.g. `npm version --no-git-tag-version`); CI tags and publishes it on merge. ## Pull Request Process diff --git a/scaffold/templates/cursorrules.j2 b/scaffold/templates/cursorrules.j2 index 28aa268..7d45651 100644 --- a/scaffold/templates/cursorrules.j2 +++ b/scaffold/templates/cursorrules.j2 @@ -26,7 +26,7 @@ This is a {{ type }} repository for {{ name | replace(' Developer Tools', '') | - Rules need frontmatter: description, globs, alwaysApply {% else %} - Use conventional commits (feat:, fix:, chore:, docs:) -- Never manually edit the version -- CI auto-bumps package.json +- Bump the version in package.json in your PR; CI tags and publishes it - Keep mcp-tools.json in sync with the registered tools - Provider adapters live in src/providers/; tools live in src/tools/ {% endif %} diff --git a/scaffold/templates/dependabot.yml.j2 b/scaffold/templates/dependabot.yml.j2 index 6c994cf..b7a8f3b 100644 --- a/scaffold/templates/dependabot.yml.j2 +++ b/scaffold/templates/dependabot.yml.j2 @@ -4,6 +4,25 @@ updates: directory: "/" schedule: interval: "weekly" +{% if type == 'mcp-server' %} + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + ignore: + # zod 3 -> 4 is a deliberate, manual upgrade: the MCP SDK turns these + # schemas into each tool's inputSchema JSON, so a major bump can change + # the emitted schema without failing the test suite. + - dependency-name: "zod" + update-types: ["version-update:semver-major"] + # Hold the TypeScript 5.x line; 6.x is a transitional major. + - dependency-name: "typescript" + update-types: ["version-update:semver-major"] + # engines is >=20 and CI runs Node 20/22; do not pull @types/node ahead + # of the supported runtimes. + - dependency-name: "@types/node" + versions: [">=23"] +{% endif %} {% if has_mcp %} - package-ecosystem: "pip" directory: "/mcp-server"