fix(ci): include delivery in package publish

[khaliqgant]

Summary

• add the delivery package to the lockstep publish target list
• include delivery in release-note package ordering

Validation

• ruby -e "require 'yaml'; YAML.load_file('.github/workflows/publish.yml'); puts 'yaml ok'"
• pnpm --filter @agentworkforce/delivery pack --pack-destination
• inspected packed package.json: @agentworkforce/runtime is rewritten to 4.1.9, not workspace:*

Context

@agentworkforce/delivery was published once as 0.1.0 with a workspace:* dependency, so npm install fails for external consumers. The package was not part of publish.yml, so the lockstep publish workflow never republished it with pnpm pack's workspace dependency rewrite.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 59 minutes and 45 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ff9d96b2-3b89-4bdb-b653-c690cbc48d98

📥 Commits

Reviewing files that changed from the base of the PR and between 4338351 and 2e40d85.

📒 Files selected for processing (1)

• .github/workflows/publish.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/publish-delivery-package

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

Working tree is clean — I made no edits (none were needed). The build artifacts (dist/) are gitignored, confirmed by clean status.

Review Summary

PR #251 — fix(ci): publish delivery package

The PR adds @agentworkforce/delivery to the publish pipeline in .github/workflows/publish.yml in two places:

1. The packages= list in the "Resolve target packages" step (publish.yml:99)
2. The packageOrder array in the release-notes builder (publish.yml:711)
3. A comment documenting delivery's position in the topological order (publish.yml:91)

Verification performed

• Dependency graph is correct. delivery depends only on @agentworkforce/runtime (workspace:*), and runtime publishes before it. No package depends on delivery, so its insertion point (after runtime, before workload-router) is topologically valid. The comment "consumed by external agents" matches reality — there are no internal consumers.
• Both lists stay consistent. The publish-order list and the release-notes packageOrder array now agree with each other and with the actual package.json deps.
• Package is publishable. packages/delivery/package.json has "private": false, a proper name, files, exports, and publishConfig.access: public. The lockfile already contains delivery and its external dep @relayfile/relay-helpers, so pnpm install --frozen-lockfile and pnpm --filter @agentworkforce/delivery pack will resolve.
• Version skew is handled. delivery is at 0.1.0 vs the lockstep baseline 4.1.9; the workflow's "Heal local versions to lockstep baseline" step pulls it up before bump — by design.
• CI is green on the current checkout. Ran the canonical commands with the repo-pinned pnpm@10.17.1: pnpm -r run build, pnpm run lint, pnpm run typecheck, pnpm -r run test — all exit 0, including packages/delivery build: Done. The PR changes no source, so it cannot regress CI.
• YAML is valid.

No mechanical fixes were needed; the working tree is unchanged.

Addressed comments

• No bot or human review comments were present in .workforce/context.json or the provided PR metadata, so there were none to reconcile.

Advisory Notes

• verify-publish.yml choice list omits delivery (.github/workflows/verify-publish.yml:16-20). The manually-triggered Verify Publish workflow's package input only lists cli, agentworkforce, workload-router, and persona-kit — it already omits runtime, deploy, mcp-workforce, and daytona-runner. Adding @agentworkforce/delivery there would let maintainers smoke-test the published delivery artifact, but that's a separate workflow outside this PR's purpose (publish ordering) and not breakage caused by this diff. Recorded as advisory; left unchanged.

The PR is correct, scoped, and CI passes. The remaining step is a human merge decision.