Fix server package publishing

[khaliqgant]

Summary

• Add server as a workflow dispatch publish option while keeping types and sdk
• Build and upload types, server, and sdk artifacts for publish jobs
• Publish types, server, and sdk from the all path, and support each package in single-package dispatch
• Update release notes and summary workflow linting

Tests

• npm run build --workspace=packages/types
• npm run build --workspace=packages/server
• npm run build --workspace=packages/sdk
• ruby -e "require 'yaml'; YAML.load_file('.github/workflows/publish.yml'); puts 'YAML OK'"
• actionlint .github/workflows/publish.yml

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 4 additional findings in Devin Review.

[devin-ai-integration]

🔴 Committing stale package-lock.json because version sync script doesn't regenerate it

The PR adds package-lock.json to both the artifact upload (line 159) and the git add (line 297). However, during the build job, after npm version updates the root version in both package.json and package-lock.json, the Node script (lines 120-144) updates all workspace package.json versions but does not regenerate the lockfile. This means the committed lockfile will have stale workspace package versions.

For example, if the current version is 0.1.1 and a patch bump runs: root lockfile entry becomes 0.1.2, workspace package.json files become 0.1.2, but workspace entries in package-lock.json remain at 0.1.1. Anyone checking out the release commit and running npm ci will get an error because package.json and package-lock.json are out of sync.

Fix: regenerate lockfile after version sync

Add npm install --package-lock-only after the version sync node script (after line 145) to update the lockfile to match the new workspace versions.

Prompt for agents

The version sync script at lines 120-144 updates workspace package.json files to the new version, but does not regenerate the package-lock.json. Since package-lock.json is now included in both the artifact upload (line 159) and the git commit (line 297), it will be committed with stale workspace package versions, causing npm ci failures on checkout.

Fix: Add a step after the version sync node script (after line 145, before the Build packages step) to regenerate the lockfile. For example, add:
  npm install --package-lock-only

This updates the lockfile to match the modified package.json files without actually installing node_modules. This ensures the committed lockfile is consistent with all package versions.

---

Was this helpful? React with 👍 or 👎 to provide feedback.