@baichen_yu/mcp-guard 0.3.1 → 0.3.2

package/README.md

@@ -174,8 +174,9 @@ jobs:
 
 - On each push to `main`, `.github/workflows/release.yml` now:
   - runs lint/test/build
-  - bumps patch version automatically
-  - creates a GitHub Release with generated release notes
+  - computes the next available version above local and npm latest
+  - builds release assets (package tarball + compiled `dist` archive)
+  - creates/updates a GitHub Release with GitHub generated (auto/AI-style) release notes + uploaded assets
   - publishes the new package to npm (requires `NPM_TOKEN`)
 - For npm publishing in CI, set `NPM_TOKEN` to an **npm Automation token** (no interactive password/OTP required).
 
@@ -214,10 +215,10 @@ Wrap `--stdio` values in double quotes.
 
 ## Release helper
 
-Build release artifacts locally:
+Build release artifacts locally/offline (after one online `npm ci`):
 
 ```bash
-./scripts/build-release-local.sh
+npm run release:offline
 ```
 
 ---
@@ -231,3 +232,10 @@ Build release artifacts locally:
 ## License
 
 MIT. See [LICENSE](LICENSE).
+
+
+### npm package run check
+
+```bash
+npm run npm:test-run
+```

package/docs/releasing.md

@@ -44,10 +44,11 @@ Then create a GitHub Release and include:
 On pushes to `main`, `.github/workflows/release.yml` will:
 
 1. Run `npm run lint`, `npm test`, and `npm run build`.
-2. Bump patch version via `npm version patch`.
+2. Compute the next available version above both local `package.json` and npm latest, then bump to that version.
 3. Push commit + tag back to GitHub.
-4. Publish to npm with provenance.
-5. Create GitHub Release with generated release notes.
+4. Build release assets (`npm pack` tarball + compiled `dist` archive).
+5. Publish to npm with provenance.
+6. Create/update a GitHub Release with generated release notes and uploaded assets.
 
 Required secret: `NPM_TOKEN` with publish permission for `@baichen_yu/mcp-guard`.
 
@@ -56,3 +57,28 @@ Use an **npm Automation token** (recommended) so the workflow can publish withou
 - npm: create token at <https://www.npmjs.com/settings/tokens>
 - GitHub: add it as repository secret `NPM_TOKEN`
 - workflow preflight runs `npm whoami` to confirm auth before version bump/publish
+
+
+## Offline release package build
+
+After dependencies are installed once (`npm ci` while online), you can build the release tarball completely offline:
+
+```bash
+npm run release:offline
+```
+
+If `node_modules` is missing, the script exits with guidance.
+
+## npm package test-run command
+
+Use this to verify the published package entrypoint works:
+
+```bash
+npm run npm:test-run
+```
+
+
+The workflow also supports manual trigger via `workflow_dispatch` in GitHub Actions.
+
+
+If a release tag already exists (for example, from a re-run), the workflow updates that release and re-uploads assets with `--clobber` instead of failing.

package/docs/testing.md

@@ -56,3 +56,12 @@ node fixtures/servers/sse-mcp-server/server.cjs
 # new terminal
 node dist/cli.js audit --sse "http://127.0.0.1:4013/sse" --sse-post "http://127.0.0.1:4013/message" --out reports --fail-on off
 ```
+
+
+## Published npm package smoke test
+
+```bash
+npm run npm:test-run
+```
+
+This executes the package from npm and prints CLI help to verify install/entrypoint integrity.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@baichen_yu/mcp-guard",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Security auditing and policy gating for MCP servers (STDIO/HTTP) with Markdown + SARIF reports",
   "type": "module",
   "bin": {
@@ -20,7 +20,9 @@
     "docs:dev": "vitepress dev docs",
     "docs:build": "vitepress build docs",
     "docs:preview": "vitepress preview docs",
-    "prepublishOnly": "npm run lint && npm test"
+    "prepublishOnly": "npm run lint && npm test",
+    "release:offline": "bash scripts/build-release-local.sh",
+    "npm:test-run": "PKG=$(npm pack --silent | tail -n 1) && npx --yes --package \"./$PKG\" mcp-guard --help && rm -f \"$PKG\""
   },
   "dependencies": {
     "commander": "^12.1.0",