@baichen_yu/mcp-guard 0.3.2 → 3.1.0

package/README.md

@@ -174,9 +174,8 @@ jobs:
 
 - On each push to `main`, `.github/workflows/release.yml` now:
   - runs lint/test/build
-  - computes the next available version above local and npm latest
-  - builds release assets (package tarball + compiled `dist` archive)
-  - creates/updates a GitHub Release with GitHub generated (auto/AI-style) release notes + uploaded assets
+  - bumps patch version automatically
+  - creates a GitHub Release with generated release notes
   - publishes the new package to npm (requires `NPM_TOKEN`)
 - For npm publishing in CI, set `NPM_TOKEN` to an **npm Automation token** (no interactive password/OTP required).
 
@@ -215,10 +214,10 @@ Wrap `--stdio` values in double quotes.
 
 ## Release helper
 
-Build release artifacts locally/offline (after one online `npm ci`):
+Build release artifacts locally:
 
 ```bash
-npm run release:offline
+./scripts/build-release-local.sh
 ```
 
 ---
@@ -232,10 +231,3 @@ npm run release:offline
 ## License
 
 MIT. See [LICENSE](LICENSE).
-
-
-### npm package run check
-
-```bash
-npm run npm:test-run
-```

package/docs/releasing.md

@@ -44,11 +44,10 @@ Then create a GitHub Release and include:
 On pushes to `main`, `.github/workflows/release.yml` will:
 
 1. Run `npm run lint`, `npm test`, and `npm run build`.
-2. Compute the next available version above both local `package.json` and npm latest, then bump to that version.
+2. Bump patch version via `npm version patch`.
 3. Push commit + tag back to GitHub.
-4. Build release assets (`npm pack` tarball + compiled `dist` archive).
-5. Publish to npm with provenance.
-6. Create/update a GitHub Release with generated release notes and uploaded assets.
+4. Publish to npm with provenance.
+5. Create GitHub Release with generated release notes.
 
 Required secret: `NPM_TOKEN` with publish permission for `@baichen_yu/mcp-guard`.
 
@@ -57,28 +56,3 @@ Use an **npm Automation token** (recommended) so the workflow can publish withou
 - npm: create token at <https://www.npmjs.com/settings/tokens>
 - GitHub: add it as repository secret `NPM_TOKEN`
 - workflow preflight runs `npm whoami` to confirm auth before version bump/publish
-
-
-## Offline release package build
-
-After dependencies are installed once (`npm ci` while online), you can build the release tarball completely offline:
-
-```bash
-npm run release:offline
-```
-
-If `node_modules` is missing, the script exits with guidance.
-
-## npm package test-run command
-
-Use this to verify the published package entrypoint works:
-
-```bash
-npm run npm:test-run
-```
-
-
-The workflow also supports manual trigger via `workflow_dispatch` in GitHub Actions.
-
-
-If a release tag already exists (for example, from a re-run), the workflow updates that release and re-uploads assets with `--clobber` instead of failing.

package/docs/testing.md

@@ -56,12 +56,3 @@ node fixtures/servers/sse-mcp-server/server.cjs
 # new terminal
 node dist/cli.js audit --sse "http://127.0.0.1:4013/sse" --sse-post "http://127.0.0.1:4013/message" --out reports --fail-on off
 ```
-
-
-## Published npm package smoke test
-
-```bash
-npm run npm:test-run
-```
-
-This executes the package from npm and prints CLI help to verify install/entrypoint integrity.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@baichen_yu/mcp-guard",
-  "version": "0.3.2",
+  "version": "3.1.0",
   "description": "Security auditing and policy gating for MCP servers (STDIO/HTTP) with Markdown + SARIF reports",
   "type": "module",
   "bin": {
@@ -20,9 +20,7 @@
     "docs:dev": "vitepress dev docs",
     "docs:build": "vitepress build docs",
     "docs:preview": "vitepress preview docs",
-    "prepublishOnly": "npm run lint && npm test",
-    "release:offline": "bash scripts/build-release-local.sh",
-    "npm:test-run": "PKG=$(npm pack --silent | tail -n 1) && npx --yes --package \"./$PKG\" mcp-guard --help && rm -f \"$PKG\""
+    "prepublishOnly": "npm run lint && npm test"
   },
   "dependencies": {
     "commander": "^12.1.0",