AgentHub
Documentation

Release Checklist

Use this checklist before publishing AgentHub Home, docs, or public packaging changes. It keeps public docs useful while preventing accidental leakage of private deployment details.

Public repository boundary

Public release notes may describe build outputs and user-visible behavior. Host names beyond the canonical public domains, SSH aliases, web-root paths, rollback commands, private logs, and secrets belong in the private server workspace only.

Scope

Classify the change before release:

Change typeMinimum evidence
Copy or docs onlyzh/en parity, local build, public-surface files updated
Docs route addedMDX page, navigation, metadata, sitemap, llms.txt, search index
Visual changeDesktop and mobile screenshots for changed routes
OIDC/login copyTokenDance ID boundary reviewed
Feishu/Lark docsCollaboration-entry wording, no product-login claim
Runtime/API docsStatus language says preview, in development, or stable accurately

Documentation Gate

  • Every new English docs slug has a Chinese page with the same slug.
  • src/lib/docs-data.ts includes navigation labels and TOC headings.
  • src/lib/search-index.ts describes the same product state as the MDX pages.
  • README and AGENTS mention the new route or governance rule when it affects contributors.
  • The changelog records public docs structure changes.

Public Surface Gate

Check:

  • public/robots.txt;
  • public/sitemap.xml;
  • public/llms.txt;
  • page metadata, canonical URLs, and hreflang alternates;
  • footer/docs links and route labels.

Public routes should stay extensionless, for example /zh/docs/.... Generated static files may still use .html as build artifacts; treat those as filesystem checks, not as public URL style.

Visual QA Gate

For docs work, capture at least:

  • /zh/docs desktop and mobile;
  • /en/docs desktop;
  • every changed docs page on desktop;
  • at least one changed docs page on mobile.

For homepage or product UI mock work, also capture /zh and /en first viewports. Check that tables render as tables, code blocks do not overflow, and the docs sidebar remains usable.

Security Gate

Search the changed files for:

  • model API keys and token-like strings;
  • private host paths, SSH aliases, backup paths, and rollback commands;
  • direct GitHub/Google/Feishu login claims inside AgentHub;
  • TokenDance API key wording that implies browser login;
  • Web bypassing Hub to access Local Edge or local files.

Known dependency advisories should be recorded separately from release-blocking security findings. Do not run force-downgrade fixes just to silence an advisory.

Deployment Gate

Before claiming a deployment:

  1. Confirm local tests, typecheck, and build passed.
  2. Confirm the CI build passed on the merged commit.
  3. Confirm deploy credentials are available to the deployment workflow or approved private deployment path.
  4. Verify live pages with cache-busting query strings.
  5. Save screenshots or a machine-readable QA report outside the public docs if it contains local paths.

If the deploy step fails because private credentials are missing, treat the code/docs work as merged but not deployed.

Typecheck evidence

The current static-export configuration keeps typescript.ignoreBuildErrors enabled, so pnpm build is not enough to prove type safety. A release note may claim typecheck only when a separate typecheck command or CI job has run successfully. If no typecheck script exists for the package, record that as a technical-debt gap instead of implying it passed.

Recommended Commands

Inside the site repository:

powershell
pnpm build
pnpm test
pnpm lint

If a test or lint script does not exist in the current package, say so in the release note instead of implying it ran. After the static export, check:

powershell
# Build artifact checks; public routes remain extensionless.
Test-Path .\out\zh\index.html
Test-Path .\out\zh\docs\index.html
Test-Path .\out\en\docs\index.html
Test-Path .\out\zh\docs\desktop.html
Test-Path .\out\en\docs\operations-runbook.html
Test-Path .\out\sitemap.xml
Test-Path .\out\llms.txt

From the TokenDance workspace root:

powershell
.\scripts\verify-public-surfaces.ps1
.\scripts\verify-i18n-parity.ps1
.\scripts\verify-design-tokens.ps1
.\scripts\verify-doc-freshness.ps1
.\scripts\verify-governance.ps1 -SkipDiffCheck

Do not package public releases from dirty main worktrees. Use the clean release worktree registered in the root governance docs, then smoke-test the deployment with cache-busting URLs.