SylphxAI · shtse8 · Jun 21, 2026 · Jun 21, 2026 · Jun 22, 2026 · Jun 22, 2026
diff --git a/.doctrine/project.json b/.doctrine/project.json
@@ -0,0 +1,165 @@
+{
+  "schemaVersion": 1,
+  "project": {
+    "repo": "SylphxAI/bump",
+    "name": "SylphxAI Bump",
+    "lifecycle": "production",
+    "layer": "tooling",
+    "policyPool": "agent-tool",
+    "summary": "Bun-based semantic release, changelog, and package publishing tool with a CLI and composite GitHub Action.",
+    "goals": [
+      "Provide the @sylphx/bump CLI for semantic versioning, changelog generation, release PRs, and package publishing.",
+      "Provide the composite GitHub Action surface used by repositories that want bump-driven release automation.",
+      "Support monorepo package detection, workspace dependency resolution, bump files, prereleases, GitHub releases, and npm publication."
+    ],
+    "nonGoals": [
+      "Own the products or packages that consume bump.",
+      "Own organization-wide branch protection, release approval policy, npm token rotation, or package registry operations.",
+      "Own enterprise engineering doctrine, standards, or project manifest schema."
+    ]
+  },
+  "boundaries": {
+    "owns": [
+      {
+        "name": "bump-cli",
+        "description": "The CLI entry point, commands, release engine, changelog generation, package detection, and npm/GitHub integration code under src."
+      },
+      {
+        "name": "bump-github-action",
+        "description": "The composite action.yml and detect/action.yml surfaces used by consuming repositories."
+      },
+      {
+        "name": "bump-validation",
+        "description": "Bun-based tests, lint/typecheck/build scripts, workflow examples, and release workflow for this package."
+      }
+    ],
+    "doesNotOwn": [
+      "Release eligibility, branch protection, secrets, package contents, or deployment outcomes in consuming repositories.",
+      "Organization-wide package registry administration, npm token rotation, or release approval policy.",
+      "Enterprise doctrine and manifest schema owned by SylphxAI/doctrine."
+    ],
+    "publicSurfaces": [
+      {
+        "type": "documentation",
+        "name": "CLI and package README",
+        "location": "README.md"
+      },
+      {
+        "type": "manifest",
+        "name": "Package manifest and scripts",
+        "location": "package.json"
+      },
+      {
+        "type": "cli",
+        "name": "Bump CLI entry point",
+        "location": "src/cli.ts"
+      },
+      {
+        "type": "api",
+        "name": "Release core",
+        "location": "src/core/"
+      },
+      {
+        "type": "api",
+        "name": "GitHub adapter",
+        "location": "src/adapters/github.ts"
+      },
+      {
+        "type": "workflow",
+        "name": "Composite GitHub Action",
+        "location": "action.yml"
+      },
+      {
+        "type": "workflow",
+        "name": "CI and release workflows",
+        "location": ".github/workflows/"
+      },
+      {
+        "type": "test",
+        "name": "Bun test suite",
+        "location": "tests/"
+      }
+    ],
+    "allowedDependencies": [
+      {
+        "repo": "SylphxAI/doctrine",
+        "surface": "project manifest schema and engineering doctrine",
+        "direction": "peer-public"
+      }
+    ],
+    "forbiddenCouplings": [
+      "Do not encode a consuming repository's product release policy as bump core behavior.",
+      "Do not store registry credentials or organization release approvals in this package.",
+      "Do not fork doctrine standards into this repository."
+    ]
+  },
+  "documentation": {
+    "adr": {
+      "path": "docs/adr/",
+      "status": "planned"
+    },
+    "specs": {
+      "path": "README.md",
+      "status": "present"
+    },
+    "catalog": {
+      "path": ".doctrine/project.json",
+      "status": "present"
+    },
+    "runbooks": {
+      "path": "docs/runbooks/",
+      "status": "planned"
+    },
+    "generatedReferences": {
+      "path": "CHANGELOG.md",
+      "status": "present"
+    }
+  },
+  "delivery": {
+    "ciModel": "legacy-ci",
+    "deployable": false,
+    "requiredContexts": [],
+    "deployPath": "Main-branch Release workflow builds the package and dogfoods the local composite action to create release PRs or publish with NPM_TOKEN.",
+    "productionProof": "Passing bun run lint, bun run typecheck, bun test, bun run build, and successful release workflow or registry readback for published versions.",
+    "recoveryClass": "forward-fix-only",
+    "packageRelease": {
+      "publishesPackages": true,
+      "ecosystems": [
+        "npm",
+        "github-release",
+        "github-action"
+      ],
+      "releaseIntent": "Bump files and conventional commits are this repository's Changesets-equivalent release intent, as documented in README.md.",
+      "versionPr": "Current release workflow dogfoods the local composite action to create release PRs; ADR-59 target is bot/GitHub App-owned version PRs through sylphx-release-bot before ratchet.",
+      "publisher": "Protected GitHub Actions release workflow publishes with NPM_TOKEN as a bounded token fallback until npm OIDC/trusted publishing and provenance are adopted.",
+      "requiredContexts": [
+        "CI / test",
+        "release evidence / registry readback"
+      ],
+      "publishProof": "npm registry readback for @sylphx/bump, GitHub release or tag readback, and provenance or attestation evidence when trusted publishing is adopted."
+    }
+  },
+  "adoption": {
+    "status": "baseline",
+    "gaps": [
+      {
+        "id": "required-contexts-not-recorded",
+        "description": "CI exists for pull requests and merge queue, but required branch protection contexts are not recorded in this manifest baseline.",
+        "owner": "SylphxAI/bump",
+        "target": "central ADR-29 required-context rollout or repo-local branch protection audit"
+      },
+      {
+        "id": "biome-lint-existing-debt",
+        "description": "Current CI fails on existing Biome lint/format diagnostics in source and test files before this documentation-only manifest PR can merge.",
+        "owner": "SylphxAI/bump",
+        "target": "before this repository can accept documentation-only PRs through current CI"
+      },
+      {
+        "id": "release-runbook-missing",
+        "description": "Package publication uses GitHub and npm tokens; add a runbook for failed release PRs, failed publishes, and registry forward fixes.",
+        "owner": "SylphxAI/bump",
+        "target": "before next release workflow change"
+      }
+    ]
+  }
+}
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,11 @@
+# Agent Instructions
+
+This repository consumes the Sylphx engineering doctrine from [SylphxAI/doctrine](https://github.com/SylphxAI/doctrine).
+
+Before changing files here:
+
+- Read [PROJECT.md](./PROJECT.md) and [`.doctrine/project.json`](./.doctrine/project.json) for this repository's goal, lifecycle, boundary, public surfaces, and adoption gaps.
+- Read `SylphxAI/doctrine` `AGENTS.md`, `PRINCIPLES.md`, and `ADR.md`, then load any triggered standards.
+- Keep bump behavior generic to release automation; consuming repository release policy belongs in the consuming repository.
+
+Do not encode product-specific release rules here. This repository owns bump release tooling only.
diff --git a/PROJECT.md b/PROJECT.md
@@ -0,0 +1,41 @@
+# SylphxAI Bump
+
+SylphxAI/bump is a Bun-based semantic release, changelog, and package publishing tool with a CLI and composite GitHub Action.
+
+## Lifecycle
+
+- State: `production`
+- Layer: `tooling`
+- Machine manifest: [`.doctrine/project.json`](./.doctrine/project.json)
+
+## Goals
+
+- Provide the `@sylphx/bump` CLI for semantic versioning, changelog generation, release PRs, and package publishing.
+- Provide the composite GitHub Action surface used by repositories that want bump-driven release automation.
+- Support monorepo package detection, workspace dependency resolution, bump files, prereleases, GitHub releases, and npm publication.
+
+## Non-Goals
+
+- This repository does not own the products or packages that consume bump.
+- This repository does not own organization-wide branch protection, release approval policy, npm token rotation, or package registry operations.
+- This repository does not own enterprise engineering doctrine.
+
+## Boundary
+
+This repository owns bump's CLI, release engine, GitHub Action wrapper, tests, examples, package metadata, and release workflow. Consuming repositories own their release eligibility, secrets, package contents, and deployment outcomes.
+
+## Public Surfaces
+
+- CLI and package README: [`README.md`](./README.md)
+- Package manifest and scripts: [`package.json`](./package.json)
+- CLI entry point: [`src/cli.ts`](./src/cli.ts)
+- Release core: [`src/core/`](./src/core/)
+- GitHub adapter: [`src/adapters/github.ts`](./src/adapters/github.ts)
+- Composite action: [`action.yml`](./action.yml)
+- Detect action: [`detect/action.yml`](./detect/action.yml)
+- Workflow examples: [`examples/`](./examples/)
+- CI and release workflows: [`.github/workflows/`](./.github/workflows/)
+
+## Delivery
+
+The repository has Bun-based CI for pull requests and merge queue, plus a main-branch release workflow that dogfoods the local composite action. Production proof is passing lint/typecheck/tests/build plus release workflow evidence for package publication. This manifest slice is documentation-only and does not change release behavior, package code, CI, or publishing configuration.