Prepare npm release readiness

[mattbaconz]

Summary

• add npm release checklist and trusted publishing notes
• add manual npm release workflow skeleton with publish gates
• add public package metadata and release-readiness tests

Verification

• pnpm install --frozen-lockfile
• pnpm test
• pnpm typecheck
• pnpm lint
• pnpm build
• pnpm verify:packed
• npm pack --dry-run --json

No npm publish command was run.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bcabbda98b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use npm 11+ in release workflow

The publish path is configured around npm Trusted Publishing, but this job pins node-version: 22, and Node 22 currently ships npm 10.x; npm’s trusted-publisher flow requires npm CLI 11.5.1+ to exchange OIDC tokens, so npm publish can fail with auth errors once token-based publishing is disabled as described in RELEASE.md. This means the workflow can pass all verification gates and still be unable to publish in the intended secure mode unless npm is explicitly upgraded (or Node 24 is used).

Useful? React with 👍 / 👎.