fix(ci): sync package-lock.json — add @swc/helpers override + regenerate lock

All 3 CI workflows (CI, npm-publish, docker-publish) were failing with:
  'Missing: @swc/helpers@0.5.19 from lock file'

Root cause: npm version bump ran without npm install, causing the lock file
to be out of sync with CI's npm resolver (which resolves @swc/helpers@0.5.19
while local npm 10.9.4 resolves 0.5.15).

Fix: added 'overrides': { '@swc/helpers': '^0.5.19' } to package.json and
regenerated package-lock.json with npm install.

Also updated .agents/workflows/generate-release.md to enforce:
- Always use 'npm version patch --no-git-tag-version' (never minor/major)
- Always run 'npm install' after bumping to keep lock file in sync
- Version threshold: 2.x.10 → 2.(x+1).0 (manual)

.agents/workflows/generate-release.md

@@ -6,61 +6,79 @@ description: Create a new release, bump version up to 1.x.10 threshold, update c
 
 Bump version, finalize CHANGELOG, commit, tag, push, publish to npm, and create GitHub release.
 
+> **VERSION RULE: Always use PATCH bumps (2.x.y → 2.x.y+1)**
+> NEVER use `npm version minor` or `npm version major`.
+> Always use: `npm version patch --no-git-tag-version`
+> The threshold rule: when `y` reaches 10, bump to `2.(x+1).0` — e.g. `2.1.10` → `2.2.0`.
+
 ## Steps
 
 ### 1. Determine new version
 
-Check current version in `package.json` and increment the patch number:
+Check current version in `package.json` and increment the **patch** number only:
 
 ```bash
 grep '"version"' package.json
 ```
 
-Version format: `1.x.y` — increment `y` for patch, `x` for minor (threshold: y=10 triggers x+1).
+Version format: `2.x.y` — examples:
 
-### 2. Finalize CHANGELOG.md
-
-Replace `[Unreleased]` header with the new version and date:
-
-```markdown
-## [1.x.y] — YYYY-MM-DD
-```
-
-### 3. Bump version in package.json
+- `2.1.2` → `2.1.3` (patch)
+- `2.1.9` → `2.1.10` (patch)
+- `2.1.10` → `2.2.0` (minor threshold — do manually with `sed`)
 
 ```bash
-sed -i 's/"version": "OLD"/"version": "NEW"/' package.json
+# ALWAYS use patch:
+npm version patch --no-git-tag-version
 ```
 
-### 4. Stage, commit, and tag
+### 2. Regenerate lock file (REQUIRED after version bump)
+
+**Mandatory** — skipping causes `@swc/helpers` lock mismatch and CI failures:
+
+```bash
+npm install
+```
+
+### 3. Finalize CHANGELOG.md
+
+Replace `[Unreleased]` header with the new version and date.
+Keep an empty `## [Unreleased]` section above it.
+
+```markdown
+## [Unreleased]
+
+---
+
+## [2.x.y] — YYYY-MM-DD
+```
+
+### 4. Update openapi.yaml version
+
+```bash
+sed -i 's/version: OLD/version: NEW/' docs/openapi.yaml
+```
+
+### 5. Stage, commit, and tag
 
 // turbo-all
 
 ```bash
-git add -A
-git commit -m "feat(release): vX.Y.Z — summary of changes"
-git tag -a vX.Y.Z -m "Release vX.Y.Z — summary"
+git add package.json package-lock.json CHANGELOG.md docs/openapi.yaml
+git commit -m "chore(release): v2.x.y — summary of changes"
+git tag -a v2.x.y -m "Release v2.x.y"
 ```
 
-### 5. Push to GitHub
+### 6. Push to GitHub
 
 ```bash
-git push origin main
-git push origin vX.Y.Z
+git push origin main --tags
 ```
 
-### 6. Publish to npm
-
-```bash
-npm publish
-```
-
-Wait for completion (prepublishOnly runs `npm run build:cli` automatically).
-
 ### 7. Create GitHub release
 
 ```bash
-gh release create vX.Y.Z --title "Release vX.Y.Z" --notes-file /tmp/release_notes.md
+gh release create v2.x.y --title "v2.x.y — summary" --notes "..."
 ```
 
 ### 8. Deploy to VPS (if requested)
@@ -68,7 +86,7 @@ gh release create vX.Y.Z --title "Release vX.Y.Z" --notes-file /tmp/release_note
 See `/deploy-vps` workflow for Akamai VPS or use npm for local VPS:
 
 ```bash
-ssh root@<VPS_IP> "npm install -g omniroute@X.Y.Z && pm2 restart omniroute"
+ssh root@<VPS_IP> "npm install -g omniroute@2.x.y && pm2 restart omniroute"
 ```
 
 ## Notes
@@ -76,3 +94,4 @@ ssh root@<VPS_IP> "npm install -g omniroute@X.Y.Z && pm2 restart omniroute"
 - Always run `/update-docs` BEFORE this workflow (ensures CHANGELOG and README are current)
 - The `prepublishOnly` script runs `npm run build:cli` automatically during `npm publish`
 - After npm publish, verify with `npm info omniroute version`
+- Lock file sync errors are caused by skipping `npm install` after version bump

package-lock.json

@@ -2985,9 +2985,9 @@
       "license": "Apache-2.0"
     },
     "node_modules/@swc/helpers": {
-      "version": "0.5.15",
-      "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.15.tgz",
-      "integrity": "sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==",
+      "version": "0.5.19",
+      "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.19.tgz",
+      "integrity": "sha512-QamiFeIK3txNjgUTNppE6MiG3p7TdninpZu0E0PbqVh1a9FNLT2FRhisaa4NcaX52XVhA5l7Pk58Ft7Sqi/2sA==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": "^2.8.0"
@@ -6864,6 +6864,7 @@
       "version": "2.3.2",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
       "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
       "optional": true,

package.json

@@ -138,5 +138,8 @@
     "*.{json,md,yml,yaml,css}": [
       "prettier --write"
     ]
+  },
+  "overrides": {
+    "@swc/helpers": "^0.5.19"
   }
 }