Merge pull request #1 from Encryptioner/pre/release/1.0.0

Pre/release/1.0.0

Author: Encryptioner

.github/PUBLISHING.md

@@ -0,0 +1,55 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: ['18.20.0', '20', '22']
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9.0.0
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run type check
+        run: pnpm run typecheck
+
+      - name: Run tests
+        run: pnpm test -- run --passWithNoTests
+
+      # TODO: Re-enable once ESLint is properly configured for v9
+      # - name: Run linter
+      #   run: pnpm run lint
+
+      - name: Build package
+        run: pnpm run build
+
+      - name: Verify build outputs
+        run: |
+          echo "Checking dist/ directory..."
+          ls -la dist/
+          echo "Checking mcp/dist/ directory..."
+          ls -la mcp/dist/

.github/workflows/ci.yml

@@ -0,0 +1,112 @@
+name: Publish to NPM
+
+on:
+  # Trigger on version tags (e.g., v1.0.0, v1.2.3)
+  push:
+    tags:
+      - 'v*'
+
+  # Allow manual trigger from Actions tab
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to publish (e.g., v1.0.0)'
+        required: false
+        type: string
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write # Required for NPM provenance
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9.0.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18.20.0'
+          cache: 'pnpm'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run type check
+        run: pnpm run typecheck
+
+      - name: Run tests
+        run: pnpm test -- run --passWithNoTests
+
+      # TODO: Re-enable once ESLint is properly configured for v9
+      # - name: Run linter
+      #   run: pnpm run lint
+
+      - name: Build package
+        run: pnpm run build
+
+      - name: Verify build outputs
+        run: |
+          echo "Checking dist/ directory..."
+          ls -la dist/
+          echo "Checking mcp/dist/ directory..."
+          ls -la mcp/dist/
+
+      - name: Extract version from tag
+        id: extract_version
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.tag }}" ]; then
+            TAG="${{ inputs.tag }}"
+          else
+            TAG="${GITHUB_REF#refs/tags/}"
+          fi
+          VERSION="${TAG#v}"
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Publishing version: $VERSION"
+
+      - name: Verify package.json version matches tag
+        run: |
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          TAG_VERSION="${{ steps.extract_version.outputs.version }}"
+          echo "package.json version: $PACKAGE_VERSION"
+          echo "Tag version: $TAG_VERSION"
+          if [ "$PACKAGE_VERSION" != "$TAG_VERSION" ]; then
+            echo "Error: package.json version ($PACKAGE_VERSION) does not match tag version ($TAG_VERSION)"
+            exit 1
+          fi
+
+      - name: Create .npmrc
+        run: |
+          cat << EOF > "$HOME/.npmrc"
+          //registry.npmjs.org/:_authToken=\$NPM_TOKEN
+          EOF
+
+      - name: Publish to NPM
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          # Publish with provenance for supply chain security
+          pnpm publish --no-git-checks --access public --provenance
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          generate_release_notes: true
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -1,7 +1,7 @@
 # Dependencies
 node_modules/
 .pnpm-store/
-pnpm-lock.yaml
+# pnpm-lock.yaml should be committed for reproducible builds
 
 # Build outputs
 dist/

.gitignore

@@ -1,17 +1,21 @@
-# Source files (only publish dist/)
+# This file is mostly informational since package.json "files" array controls what's published
+# The "files" array whitelists: dist/, mcp/dist/, documentation/, README.md, LICENSE.md, CHANGELOG.md
+
+# Exclude development files
 src/
 *.ts
 *.tsx
 !*.d.ts
 
-# Configuration files
+# Exclude config files
 tsconfig.json
 tsup.config.ts
 .prettierrc
 .prettierignore
 .editorconfig
+.npmrc
 
-# Development files
+# Exclude test files
 *.test.ts
 *.test.tsx
 *.spec.ts
@@ -21,41 +25,30 @@ test/
 tests/
 coverage/
 
-# Documentation (keep README.md)
+# Exclude development docs (docs/ is for internal notes, documentation/ is for users)
 docs/
-examples/
-EXAMPLE.tsx
-*.md
-!README.md
-!LICENSE.md
+CLAUDE.md
 
-# Build artifacts
+# Exclude build artifacts
 node_modules/
 .pnpm-store/
 pnpm-lock.yaml
 *.log
 *.tgz
-.DS_Store
-.env
-.env.*
 
-# Git files
+# Exclude version control
 .git/
 .gitignore
 .gitattributes
 
-# IDE files
+# Exclude IDE files
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
 
-# CI/CD
+# Exclude CI/CD
 .github/
 .gitlab-ci.yml
 .travis.yml
-
-# Other
-*.orig
-.npmrc