chore(release): cut v3.15.0

[naimkatiman]

Summary

Release bump 3.14.0 → 3.15.0. Version bump + regenerated manifests + CHANGELOG only; no code changes (npm version --no-git-tag-version + npm run build).

Bundles everything unreleased on main since 3.14.0 (#244–#248):

• /plan-pack — plan doc → commentable review packet (feat(plan-pack): turn a plan doc into a commentable review packet for colleague review #244)
• how-to-best-use guide docs/using-this-plugin.md (docs(usage): add a how-to-best-use guide for the plugin #245)
• /ship — single-defect audit→fix→PR command (feat(ship): add /ship single-defect audit-to-PR command #246)
• /production-readiness-review — parallel multi-agent readiness gate (feat(readiness): add /production-readiness-review parallel multi-agent review command #247)
• hook-pack — warn-default push-to-main + commit-size PreToolUse gates (feat(hook-pack): warn-default push-to-main + commit-size PreToolUse gates #248)

What ships on merge

Marketplace consumers (/plugin update continuous-improvement) get 3.15.0. The code is already on main; the version bump is what refreshes the cached plugin files (cached files aren't re-copied on resync unless the version changes), so this is what makes the new commands + hook actually load for installed users.

npm publish — held pending account config

npm is published at 3.12.3 (3.13.0 and 3.14.0 were never published). The npm release is tag-triggered (v* → release.yml), but the v3.13.0 run published provenance then E404'd on PUT while running Node 22.22 / npm 11.16 — both above the OIDC floor, so it is not an npm-version problem. Per docs/RELEASING.md's troubleshooting table, signed-provenance-then-E404 on a current npm means the OIDC trusted publisher isn't configured/matching on npmjs.com.

That is a one-time account setting only the npm owner can make: npmjs.com → continuous-improvement → Settings → Trusted Publisher → GitHub Actions publisher, owner naimkatiman, repo continuous-improvement, workflow release.yml, environment blank.

Until that's confirmed, tagging v3.15.0 would E404 again and leave a dangling tag. So the tag is intentionally held. Merge this for the marketplace release; then configure the trusted publisher (or use the manual npm publish + OTP fallback in docs/RELEASING.md) and the v3.15.0 tag can be pushed.

Verification

• npm run build regenerated the 5 manifests + package.json/package-lock.json to 3.15.0.
• verify:all GREEN; verify:generated clean.
• No new dependencies.

[gemini-code-assist]

Code Review

This pull request bumps the version of the continuous-improvement plugin to 3.15.0 across multiple package and configuration files, and updates the CHANGELOG.md to document the new features of this release, such as the /ship, /production-readiness-review, and /plan-pack commands, and the hook-pack gate. As there are no review comments provided, I have no feedback to offer.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.