contentstack
diff --git a/‎.cursor/rules/README.md‎
Lines changed: 5 additions & 0 deletions b/‎.cursor/rules/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/check-version-bump.yml‎
Lines changed: 79 additions & 0 deletions b/‎.github/workflows/check-version-bump.yml‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 42 additions & 55 deletions b/‎.github/workflows/release.yml‎
Lines changed: 42 additions & 55 deletions
diff --git a/‎.husky/post-checkout‎
Lines changed: 40 additions & 0 deletions b/‎.husky/post-checkout‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎.talismanrc‎
Lines changed: 9 additions & 5 deletions b/‎.talismanrc‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 47 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 1 addition & 1 deletion b/‎package-lock.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎skills/README.md‎
Lines changed: 15 additions & 0 deletions b/‎skills/README.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎skills/code-review/SKILL.md‎
Lines changed: 56 additions & 0 deletions b/‎skills/code-review/SKILL.md‎
Lines changed: 56 additions & 0 deletions
@@ -0,0 +1,5 @@
+# Cursor (optional)
+
+*Cursor* users: start at *[AGENTS.md](../../AGENTS.md)*. All conventions live in **skills/*/SKILL.md**.
+
+This folder only points contributors to *AGENTS.md* so editor-specific config does not duplicate the canonical docs.
@@ -0,0 +1,79 @@
+# Catches when developers forget to bump package.json for release-affecting changes.
+# App code changes (app.js, bin/, config/, routes/, views/, etc.) require a version bump vs latest tag.
+# Skips for: test-only, docs, .github (workflows/config), dependency-only bumps without app edits.
+name: Check Version Bump
+
+on:
+  pull_request:
+
+jobs:
+  version-bump:
+    name: Version bump
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect changed files and version bump
+        id: detect
+        run: |
+          if git rev-parse HEAD^2 >/dev/null 2>&1; then
+            FILES=$(git diff --name-only HEAD^1 HEAD^2)
+          else
+            FILES=$(git diff --name-only HEAD~1 HEAD)
+          fi
+          VERSION_FILES_CHANGED=false
+          echo "$FILES" | grep -qx 'package.json' && VERSION_FILES_CHANGED=true
+          echo "version_files_changed=$VERSION_FILES_CHANGED" >> $GITHUB_OUTPUT
+          # App source paths for this boilerplate (no lib/webpack/dist); .github/ and test/ do not count
+          CODE_CHANGED=false
+          echo "$FILES" | grep -qE '^app\.js$|^bin/|^config/|^middlewares/|^models/|^public/|^routes/|^views/|^schemaNentries/' && CODE_CHANGED=true
+          echo "$FILES" | grep -qx 'package.json' && CODE_CHANGED=true
+          echo "code_changed=$CODE_CHANGED" >> $GITHUB_OUTPUT
+
+      - name: Skip when only test/docs/.github changed
+        if: steps.detect.outputs.code_changed != 'true'
+        run: |
+          echo "No release-affecting files changed (e.g. only test/docs/.github). Skipping version-bump check."
+          exit 0
+
+      - name: Fail when version bump was missed
+        if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed != 'true'
+        run: |
+          echo "::error::This PR has code changes but no version bump. Please bump the version in package.json."
+          exit 1
+
+      - name: Setup Node
+        if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.x'
+
+      - name: Check version bump
+        if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed == 'true'
+        run: |
+          set -e
+          PKG_VERSION=$(node -p "require('./package.json').version.replace(/^v/, '')")
+          if [ -z "$PKG_VERSION" ]; then
+            echo "::error::Could not read version from package.json"
+            exit 1
+          fi
+          git fetch --tags --force 2>/dev/null || true
+          LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || true)
+          if [ -z "$LATEST_TAG" ]; then
+            echo "No existing tags found. Skipping version-bump check (first release)."
+            exit 0
+          fi
+          LATEST_VERSION="${LATEST_TAG#v}"
+          LATEST_VERSION="${LATEST_VERSION%%-*}"
+          if [ "$(printf '%s\n' "$LATEST_VERSION" "$PKG_VERSION" | sort -V | tail -1)" != "$PKG_VERSION" ]; then
+            echo "::error::Version bump required: package.json version ($PKG_VERSION) is not greater than latest tag ($LATEST_TAG). Please bump the version in package.json."
+            exit 1
+          fi
+          if [ "$PKG_VERSION" = "$LATEST_VERSION" ]; then
+            echo "::error::Version bump required: package.json version ($PKG_VERSION) equals latest tag ($LATEST_TAG). Please bump the version in package.json."
+            exit 1
+          fi
+          echo "Version bump check passed: package.json is at $PKG_VERSION (latest tag: $LATEST_TAG)."
@@ -1,70 +1,57 @@
-name: Release datasync manager
+name: Release
+
 on:
-  push:
-    branches: [master]
+  release:
+    types: [created]
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      # Checkout the repository
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Setup Node.js environment
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
         with:
           node-version: "22.x"
-# The below action will see the existing tags and will bump the current ones and this is only used to check whether the given tag already exists or not
-# We will be using the previous tag to compare with the current tag in the package.json 
-# If both match then no new release would be triggered
-# Else New release will be created
-      - name: Bump version and push tag
-        id: tag_version
-        uses: mathieudutour/github-tag-action@v6.1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_bump: false
-# Getting the version info from package.json
-      - name: get-npm-version
-        id: package-version
-        uses: martinbeentjes/npm-get-version-action@v1.3.1
-# Here we are checking whether this is the first release or not and then checking if it is release or not
-      - name: check-first-release
-        env:
-          First_Release: ${{steps.tag_version.outputs.previous_tag=='v0.0.0'}}
-        run: |
-          if ${First_Release} == true; then
-            echo "fr=true" >> $GITHUB_ENV
-            echo "flag set to true"
-          else
-            echo "fr=false" >> $GITHUB_ENV
-            echo "flag set to false"
-          fi
-      - name: check-release-version
-        if: ${{env.fr=='false'}}
-        env:
-          old_version: ${{steps.tag_version.outputs.previous_tag}}
-          new_version: v${{steps.package-version.outputs.current-version}}
-        run: |
-          echo ${old_version}
-          echo ${new_version}
-          echo ${{env.old_version==env.new_version}}
-          if ${{env.old_version!=env.new_version}}; then
-            echo "fr=true" >> $GITHUB_ENV
-            echo "flag set to true"
-          else
-            echo "fr=false" >> $GITHUB_ENV
-            echo "flag set to false"
-          fi
-      - name: Installing dependencies
+
+      # Install dependencies
+      - name: Install dependencies
         run: npm install
+
+      # Build (dist/ is published per package.json "files")
       - name: Build
         run: npm run build-ts
-      - name: Publishing datasync manager
-        id: publish-core
+
+      # Fetch package details (name and version)
+      - name: Get package details
+        id: package
+        uses: codex-team/action-nodejs-package-info@v1.1
+
+      # Pack the package into a .tgz archive (@contentstack/datasync-manager → contentstack-datasync-manager-<version>.tgz)
+      - name: Pack the npm package
+        run: npm pack
+
+      # Publish the package to npm
+      - name: Publish to npm
+        id: publish_npm
         uses: JS-DevTools/npm-publish@v3
-        if: ${{env.fr=='true'}}
         with:
           token: ${{ secrets.NPM_TOKEN }}
-      - name: Create Release
-        id: create_release
-        if: ${{env.fr=='true'}}
+          # access: public # Uncomment if you need to publish a scoped package as public for the first time
+
+      # Upload the packaged .tgz to the release that triggered this workflow
+      - name: Upload Release Asset
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh release create v${{ steps.publish-core.outputs.version }} --title "Release ${{ steps.publish-core.outputs.version }}" --generate-notes
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: "./contentstack-datasync-manager-${{ steps.package.outputs.version }}.tgz"
+          asset_name: "contentstack-datasync-manager-${{ steps.package.outputs.version }}.tgz"
+          asset_content_type: application/tgz
@@ -0,0 +1,40 @@
+#!/usr/bin/env sh
+# When switching to a branch that doesn't exist on remote (e.g. newly created),
+# pull and merge origin/main or origin/master into current branch. Does not push.
+
+# Only run on branch checkout (not file checkout)
+if [ "$3" != "1" ]; then
+  exit 0
+fi
+
+# Skip if we don't have a remote
+if ! git rev-parse --verify origin 2>/dev/null; then
+  exit 0
+fi
+
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+
+# Skip main/master - no need to merge base into these
+case "$CURRENT_BRANCH" in
+  main|master) exit 0 ;;
+esac
+
+# Only run when current branch does not exist on origin (treat as new local branch)
+if git ls-remote --heads origin "$CURRENT_BRANCH" 2>/dev/null | grep -q .; then
+  echo "post-checkout: $CURRENT_BRANCH exists on origin, skipping merge."
+  exit 0
+fi
+
+# Prefer main, fallback to master
+if git rev-parse --verify origin/main 2>/dev/null; then
+  BASE=origin/main
+elif git rev-parse --verify origin/master 2>/dev/null; then
+  BASE=origin/master
+else
+  exit 0
+fi
+
+echo "New branch detected: merging latest $BASE into $CURRENT_BRANCH (local only, not pushing)..."
+git fetch origin
+git merge "$BASE" --no-edit --no-ff
+echo "Done. Merge is local only; push when ready."
@@ -2,8 +2,12 @@ fileignoreconfig:
 - filename: .github/workflows/secrets-scan.yml
   ignore_detectors:
     - filecontent
-- filename: package-lock.json
-  checksum: 9cafb0c285094b2aa863df712fce85e5701a2d508d0d6ecf52ea49b40dcb0c29
-- filename: .husky/pre-commit
-  checksum: 1b9367d219802de2e3a8af9c5c698e0c255c00af89339d73bdbb8acf5275079f
-version: ""
+- filename: .github/workflows/check-version-bump.yml
+  ignore_detectors:
+- filename: skills/dev-workflow/SKILL.md
+  checksum: c9fa42c57463f3d00aa34ab6c8b4e58b984cd6a3a5878d25596e6e66abb4a129
+- filename: skills/contentstack-datasync/SKILL.md
+  checksum: 62cf62a46c4dcdd9603b1e6ef910e0d77dfa39d2350db992a6a45d3a2791eaee
+- filename: skills/testing/SKILL.md
+  checksum: ab1f82b284189e2779570d4fd5edcde93494c1ee01110da9f0be6f1f5cf5177b
+version: "1.0"
@@ -0,0 +1,47 @@
+# @contentstack/datasync-manager – Agent guide
+
+*Universal entry point* for contributors and AI agents. Detailed conventions live in **skills/*/SKILL.md**.
+
+## What this repo is
+
+| Field | Detail |
+|-------|--------|
+| *Name:* | [`@contentstack/datasync-manager`](https://github.com/contentstack/datasync-manager) |
+| *Purpose:* | Primary Node.js module for [Contentstack DataSync](https://www.contentstack.com/docs/guide/synchronization/contentstack-datasync): coordinates content stores, asset stores, and a listener (webhooks), and pulls stack changes via the **Contentstack Sync API** with a **delivery token**. |
+| *Out of scope (if any):* | Not the standalone CDA or CMA client SDKs; not a generic HTTP client library—sync orchestration and Node **`https`** to the Sync API only. Say **DataSync** / **Sync API**, not “CMA”, for this package’s main behavior. |
+
+## Tech stack (at a glance)
+
+| Area | Details |
+|------|---------|
+| Language | TypeScript **4.9.x** → ES6, CommonJS (`tsconfig.json`); Node **>= 8** (`package.json` `engines`) |
+| Build | `tsc` → `dist/`; `types` → `typings` (`package.json`) |
+| Tests | **Jest** **29** + **ts-jest**; patterns in `jest.config.js`; tests under `test/**/*.ts` |
+| Lint / coverage | **ESLint** (`npm run lint`); legacy **TSLint** (`tslint.json`, `npm run tslint`); Jest coverage to `coverage/` |
+| Other | HTTP via Node **`https`**; logging via **`debug`** + `src/util/logger`; pre-commit **Talisman** + **Snyk** (`.husky/pre-commit`) |
+
+## Commands (quick reference)
+
+| Command type | Command |
+|--------------|---------|
+| Build | `npm run compile` or `npm run build-ts` (`clean` + `tsc`) |
+| Test | `npm test` (`PLUGIN_PATH=./test/dummy` + Jest, coverage, verbose) |
+| Lint | `npm run lint` / `npm run tslint` |
+
+CI: [.github/workflows/check-version-bump.yml](.github/workflows/check-version-bump.yml) (version bump checks on PRs when applicable).
+
+## Where the documentation lives: skills
+
+| Skill | Path | What it covers |
+|-------|------|----------------|
+| Development workflow | [skills/dev-workflow/SKILL.md](skills/dev-workflow/SKILL.md) | Branches (`development` / `master`), release flow, build/test/lint, PR expectations, versioning |
+| TypeScript conventions | [skills/typescript/SKILL.md](skills/typescript/SKILL.md) | `src/` layout, compiler settings, logging, lint |
+| DataSync & Sync API | [skills/contentstack-datasync/SKILL.md](skills/contentstack-datasync/SKILL.md) | Public API, config, HTTP client, retries, tokens, core sync—**not** CMA |
+| Testing | [skills/testing/SKILL.md](skills/testing/SKILL.md) | Jest, nock, `PLUGIN_PATH`, fixtures, credentials policy |
+| Code review | [skills/code-review/SKILL.md](skills/code-review/SKILL.md) | PR checklist, severity (Blocker / Major / Minor) |
+
+An index with “when to use” hints is in [skills/README.md](skills/README.md).
+
+## Using Cursor (optional)
+
+If you use *Cursor*, [.cursor/rules/README.md](.cursor/rules/README.md) only points to *AGENTS.md*—same docs as everyone else.
@@ -8,7 +8,7 @@
     "@braintree/sanitize-url": "^7.1.2",
     "debug": "^4.4.3",
     "dns-socket": "^4.2.2",
-    "lodash": "^4.17.23",
+    "lodash": "^4.18.1",
     "marked": "^17.0.5",
     "write-file-atomic": "7.0.1"
   },
 
@@ -0,0 +1,15 @@
+# Skills – @contentstack/datasync-manager
+
+Source of truth for detailed guidance. Read [AGENTS.md](../AGENTS.md) first, then open the skill that matches your task.
+
+## When to use which skill
+
+| Skill folder | Use when |
+|--------------|----------|
+| [dev-workflow](dev-workflow/SKILL.md) | Branching, releases, local build/test/lint, PR expectations, semantic-release |
+| [typescript](typescript/SKILL.md) | Editing `src/**/*.ts`—layout, `tsconfig`, `debug`/logger, ESLint/TSLint |
+| [contentstack-datasync](contentstack-datasync/SKILL.md) | Sync API, delivery token, `src/api.ts` / `src/config.ts` / `src/core/`, public API |
+| [testing](testing/SKILL.md) | Jest, nock, `test/dummy`, adding or debugging tests |
+| [code-review](code-review/SKILL.md) | Reviewing or preparing a PR—terminology, security, tests, severity |
+
+Each folder contains **SKILL.md** with YAML frontmatter (`name`, `description`).
@@ -0,0 +1,56 @@
+---
+name: code-review
+description: PR review checklist for DataSync Manager—Sync API terminology, security, tests, optional severity labels
+---
+
+# Code review – @contentstack/datasync-manager
+
+## When to use
+
+- Reviewing a pull request or preparing one for review.
+- You need a consistent checklist for **DataSync** / **Sync API** changes (not CMA).
+
+## Instructions
+
+### Scope and naming
+
+- **DataSync Manager** uses the **Contentstack Sync API** and a **delivery token**. It is **not** the CMA SDK; do not describe it as “management” or “CMA” unless the code path actually uses Management APIs (rare here).
+
+### Public surface
+
+- **`src/index.ts`**: JSDoc for new or changed exports, matching existing style.
+- **Config**: Document new `contentstack` / `syncManager` options when behavior is user-visible.
+
+### Correctness
+
+- **Queues and notifications**: `push` / `unshift` / `pop` and `notifications` events (`publish`, `unpublish`, `delete`, `error`) must stay consistent for integrators.
+- **Token lifecycle**: `.tokens`, `.ledger`, `.checkpoint` and **Error 141** recovery in `src/api.ts`—verify edge cases and no infinite loops.
+- **Webhook + fallback polling** (`src/index.ts`): no timer leaks or duplicate `poke()` calls.
+
+### Security
+
+- HTTPS path/query handling must remain safe from SSRF (`src/api.ts`).
+- No secrets in logs; **Talisman** / **Snyk** expectations stay satisfied.
+
+### Dependencies
+
+- Prefer minimal, audited dependencies per team policy.
+
+### Tests
+
+- Add or update **Jest** tests with **nock** for HTTP; follow `test/dummy` patterns.
+- Run **`npm test`** before approving risky changes.
+
+### Severity (optional labels)
+
+| Label | Examples |
+|-------|----------|
+| **Blocker** | Security regression, data loss risk, infinite retries, broken public API contract |
+| **Major** | Wrong Sync API semantics, missing tests for critical paths, breaking change without version strategy |
+| **Minor** | Style, logging, non-user-facing refactors, doc-only gaps |
+
+## References
+
+- [contentstack-datasync/SKILL.md](../contentstack-datasync/SKILL.md) — intended semantics.
+- [testing/SKILL.md](../testing/SKILL.md) — test expectations.
+- [AGENTS.md](../../AGENTS.md) — project entry point.