release-please-protection

# Release-Please Protection

Automatically detects and prevents manual edits to release-please managed files across all projects.

## Overview

This skill provides proactive detection and warnings for files managed by Google's release-please automation tool. It helps prevent merge conflicts and workflow disruptions by identifying problematic edit attempts before they occur.

## When This Skill Activates

The skill automatically activates in these scenarios:

1. **Direct edit requests** to protected files
2. **User mentions** of version bumps, releases, or changelog updates
3. **Broad refactoring** that might touch version-controlled files
4. **Documentation updates** that could include CHANGELOG.md
5. **"Fix all issues"** or similar sweeping requests

## Protected Files

### Hard Protection (Permission System)
These files are **completely blocked** from editing by Claude Code's permission system:

- `**/CHANGELOG.md` - All changelog files in any location

**Operations blocked:** Edit, Write, MultiEdit
**Operations allowed:** Read (for analysis and context)

### Soft Protection (Skill Detection)
These files trigger **warnings and suggestions** before edits:

#### Package Manager Manifests (Version Fields)
- `package.json` → `"version": "x.y.z"` (npm/Node.js)
- `pyproject.toml` → `version = "x.y.z"` (Python/uv)
- `Cargo.toml` → `version = "x.y.z"` (Rust/cargo)
- `.claude-plugin/plugin.json` → `"version": "x.y.z"` (Claude Code plugins)
- `pom.xml` → `<version>x.y.z</version>` (Maven/Java)
- `build.gradle` → `version = 'x.y.z'` (Gradle)
- `pubspec.yaml` → `version: x.y.z` (Dart/Flutter)

**Why soft protection?** Claude Code's permission system operates at the file level, not field level. Blocking entire manifest files would prevent legitimate dependency updates via automated tools (npm, cargo, uv, etc.).

## Detection Logic

Before attempting any edit, the skill checks:

### 1. File Path Analysis
```
if file_path ends with "CHANGELOG.md":
    → Inform user of hard permi