refactor(connectors): make @lobu/connectors private

[buremba]

What

Marks @lobu/connectors private and stops publishing it. Part 2 (final) of the 9.3.0 package re-tiering.

@lobu/connectors (BUSL-1.1 connector implementations) was published to npm but never installed or resolved as a package: nothing depends on it, and it's never require.resolve/import.meta.resolve'd at runtime. The CLI ships its source via build.cjs (../connectors/src → dist/connectors, plus the build-time catalog manifest), entirely from the monorepo — not via npm. So publishing it added a registry entry + trusted-publisher surface for nothing.

Same pattern as the already-private @lobu/pgvector-embedded.

Changes

• private: true on packages/connectors/package.json
• removed from publish-packages.mjs, release-please-config.json extra-files, bump-version.mjs

Why worker + embeddings stay public (revised from the original plan)

Investigation showed both are npm-delivered runtime closures, not bundleable like the pure-TS @lobu/server:

• @lobu/embeddings carries @xenova/transformers (ML runtime); statically imported by connector-worker AND resolved at runtime via import.meta.resolve("@lobu/embeddings/server") (spawned local service).
• @lobu/worker carries pi-coding-agent (+ bun peerDep); spawned via require.resolve("@lobu/worker"), not vendored.

Privatizing either would break npx @lobu/cli in ways CI (running in-monorepo) wouldn't catch. Keeping them public is the correct call.

Validation

• Full make build-packages green (incl. server catalog-manifest + CLI build.cjs) with connectors private.
• Root tsc --noEmit + biome clean (pre-commit).
• CI sdk-e2e exercises a local connector end-to-end.

Net for 9.3.0

11 published → 9: @lobu/sdk folded into @lobu/cli/config (#1026) + @lobu/connectors privatized.

Summary by CodeRabbit

• Chores
  • Marked the connectors package as private and removed it from release and version management processes.
  • Transitioned release configuration to use openclaw-plugin package for versioning and publication management.
  • Added ClawHub distribution configuration for openclaw-plugin package publishing.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR redirects automated release and publishing infrastructure from the packages/connectors package to packages/openclaw-plugin. The connectors package is marked private, release-please stops tracking its version, the version-bump script excludes it, and the publish script redirects to openclaw-plugin with ClawHub publishing metadata.

Changes

Package Publishing Pipeline Migration

Layer / File(s)	Summary
Release and publishing pipeline migration packages/connectors/package.json, release-please-config.json, scripts/bump-version.mjs, scripts/publish-packages.mjs	Connectors package marked private; release-please, version-bump, and publish scripts updated to track and publish openclaw-plugin instead, with clawhub metadata enabling ClawHub publishing integration.

🎯 2 (Simple) | ⏱️ ~8 minutes

🐰 A hop from old to new, connectors bid adieu,
OpenClaw plugin takes the stage with clawhub's debut—
Version bumps and publish flows now point the clearer way,
Private connectors sleep while the pipeline saves the day! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: marking @lobu/connectors as private and removing it from publishing, which is the core objective of the PR.
Description check	✅ Passed	The description provides comprehensive context, rationale, and validation details. It covers the What, Why, Changes, and includes explicit validation results. However, the Test plan section from the template is not explicitly filled out.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/privatize-connectors

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/connectors/package.json (1)

21-23: 💤 Low value

Consider removing the publishConfig block.

The package is now marked private: true, so npm will never publish it regardless of publishConfig. Removing this block would eliminate the apparent contradiction and clarify intent for future maintainers.

♻️ Proposed cleanup

-  "publishConfig": {
-    "access": "public"
-  },
   "repository": {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/connectors/package.json` around lines 21 - 23, Remove the
unnecessary "publishConfig" block from the package.json (the "publishConfig"
object) since the package is already marked "private": true; delete the entire
publishConfig entry to avoid contradiction and clarify intent for maintainers.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/connectors/package.json`:
- Line 4: The package.json in packages/connectors was modified (the "private":
true change) but bun.lock was not regenerated; run the required steps: update
the submodule and regenerate the lockfile with git submodule update --init
packages/owletto && bun install --frozen-lockfile, then stage and commit the
updated bun.lock alongside the package.json change so the lockfile matches the
change to packages/connectors.

---

Nitpick comments:
In `@packages/connectors/package.json`:
- Around line 21-23: Remove the unnecessary "publishConfig" block from the
package.json (the "publishConfig" object) since the package is already marked
"private": true; delete the entire publishConfig entry to avoid contradiction
and clarify intent for maintainers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b4153555-a3c0-49e8-8149-86832cd3c833

📥 Commits

Reviewing files that changed from the base of the PR and between 06f3432 and 11c4278.

📒 Files selected for processing (4)

• packages/connectors/package.json
• release-please-config.json
• scripts/bump-version.mjs
• scripts/publish-packages.mjs

💤 Files with no reviewable changes (3)

• release-please-config.json
• scripts/bump-version.mjs
• scripts/publish-packages.mjs

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if bun.lock was modified in the same commit as package.json changes

# Get the commit SHA for this PR branch
COMMIT=$(git rev-parse HEAD)

# List files changed in the current commit
echo "Files changed in commit $COMMIT:"
git diff-tree --no-commit-id --name-only -r "$COMMIT" | grep -E '(bun\.lock|package\.json)'

# Check if bun.lock was modified
if git diff-tree --no-commit-id --name-only -r "$COMMIT" | grep -q "bun.lock"; then
  echo "✓ bun.lock was modified in this commit"
else
  echo "✗ WARNING: bun.lock was NOT modified in this commit"
  echo "  Coding guidelines require regenerating the lockfile alongside package.json changes"
fi

Repository: lobu-ai/lobu

Length of output: 259

---

Regenerate and commit bun.lock with the package.json change

packages/connectors/package.json was changed, but bun.lock was not modified in the same commit, so the required git submodule update --init packages/owletto && bun install --frozen-lockfile + lockfile commit step is missing.

Run git submodule update --init packages/owletto && bun install --frozen-lockfile and commit the regenerated bun.lock in the same change.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/connectors/package.json` at line 4, The package.json in
packages/connectors was modified (the "private": true change) but bun.lock was
not regenerated; run the required steps: update the submodule and regenerate the
lockfile with git submodule update --init packages/owletto && bun install
--frozen-lockfile, then stage and commit the updated bun.lock alongside the
package.json change so the lockfile matches the change to packages/connectors.