Enforce changeset presence for packages/* code changes in PRs

[Copilot]

Background

PRs modifying source code in packages/* could be merged without a .changeset/*.md file, or with a changeset that didn't list all affected packages. This left releases without proper changelog entries.

Summary

verify-changesets.yml

• Extends path trigger to include packages/** so the workflow fires on package changes, not just changeset file changes
• Collects changed package files as CHANGED_PACKAGE_FILES and passes to the verification script
• Runs the verify step when either changeset files or package files are detected

verify-changesets/index.js

• Adds isCodeFile() — filters to .ts/.tsx/.js/.jsx/.mts/.mjs/.cts/.cjs, excluding test files (*.test.*, *.test-d.ts, *.spec.*) and .md files
• New package coverage check (before the existing version-bump check):
  1. Finds package dirs from changed code files → reads package.json for npm names (skips private packages)
  2. Errors if no .changeset/*.md exists when public packages have code changes
  3. Errors if any changed package is absent from the changeset frontmatter
• Safely handles empty CHANGED_FILES (was previously assumed non-empty)

verify-changesets/test.js

• 8 new tests: matching changeset (plain + quoted scoped names), missing changeset, partial coverage, test-only changes, markdown-only changes, bypass labels, private packages

Manual Verification

Verified via the full test suite for the action:

✔ happy path
✔ package code change with matching changeset
✔ package code change with quoted package name in changeset
✔ package code change without any changeset file
✔ package code change but changeset missing that package
✔ package test-only change does not require changeset
✔ package markdown-only change does not require changeset
✔ package code change bypassed with "minor" label
✔ private package code change does not require changeset
... (15 total, 0 failures)

Checklist

• Tests have been added / updated (for bug fixes / features)
• Documentation has been added / updated (for bug fixes / features)
• A patch changeset for relevant packages has been added (for bug fixes / features - run pnpm changeset in the project root)
• I have reviewed this pull request (self-review)

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[gr2m]

@tigent why did you add the ai/provider label?

[tigent]

labels: maintenance, tools-registry

• maintenance: This PR implements improvements to the CI/CD pipeline and tooling for enforcing correct changeset usage, which falls under maintenance tasks.
• tools-registry: The changes affect the management and tooling of all packages in the monorepo, interpreting 'tool packages, shared tool definitions' to encompass general repository-wide development tools like changeset enforcement.