memento-mori-jester 0.1.4 → 0.1.5

package/README.md

@@ -253,6 +253,8 @@ More setup examples:
 - [Agent Setup](docs/AGENTS.md)
 - [GitHub Actions](docs/GITHUB_ACTIONS.md)
 - [Demo Script](docs/DEMO.md)
+- [Roadmap](ROADMAP.md)
+- [Trusted npm Publishing](docs/TRUSTED_PUBLISHING.md)
 
 ## Installer Scripts
 

package/docs/GETTING_STARTED.md

@@ -65,3 +65,5 @@ npx -y memento-mori-jester@latest bootstrap --preset node
 ```
 
 Then tell them to open `MEMENTO_MORI.md`.
+
+For where this is going next, see [ROADMAP.md](../ROADMAP.md).

package/docs/RELEASE.md

@@ -13,6 +13,8 @@ npm publish
 
 If npm asks for browser authentication, approve it in the browser window that opens.
 
+For the less painful route, configure trusted publishing once using [TRUSTED_PUBLISHING.md](TRUSTED_PUBLISHING.md), then run the `npm Publish` workflow in GitHub Actions.
+
 The package publishes these bins:
 
 - `jester`: human CLI
@@ -93,3 +95,7 @@ npx -y memento-mori-jester@latest hook-status
 ```
 
 Then stage a risky diff and confirm the hook blocks or cautions according to `hookFailOn`.
+
+## 6. GitHub Release
+
+Pushing a `v*` tag now creates a GitHub Release automatically. If `docs/RELEASE_NOTES_<tag>.md` exists, those notes are used; otherwise GitHub-generated notes are used.

package/docs/RELEASE_NOTES_v0.1.5.md

@@ -0,0 +1,19 @@
+# v0.1.5 Release Notes
+
+This release makes the public release process feel more real and less manual.
+
+## Added
+
+- GitHub Release workflow for future `v*` tags.
+- Manual npm trusted-publishing workflow, ready for npm's one-time trusted publisher setup.
+- `ROADMAP.md` with near-term direction and product ideas.
+- Trusted publishing setup guide.
+
+## Why
+
+The package is now live on npm, so the project needs a cleaner release path and a public roadmap. This release puts those pieces in the repo instead of leaving them as scattered instructions.
+
+## Useful Links
+
+- npm: https://www.npmjs.com/package/memento-mori-jester
+- GitHub: https://github.com/Martin123132/Memento-Mori

package/docs/TRUSTED_PUBLISHING.md

@@ -0,0 +1,39 @@
+# Trusted npm Publishing
+
+Trusted publishing lets GitHub Actions publish this package to npm without a long-lived npm token.
+
+## One-Time npm Setup
+
+Open the package settings on npm:
+
+```text
+https://www.npmjs.com/package/memento-mori-jester/access
+```
+
+Find the trusted publishing settings and add:
+
+- Provider: `GitHub Actions`
+- Organization or user: `Martin123132`
+- Repository: `Memento-Mori`
+- Workflow filename: `npm-publish.yml`
+
+The workflow file must exist in `.github/workflows/`, which this repo now has.
+
+## Manual Publish From GitHub
+
+After the npm trusted publisher is configured:
+
+1. Open the GitHub repo.
+2. Go to `Actions`.
+3. Open `npm Publish`.
+4. Click `Run workflow`.
+
+The workflow installs dependencies, runs tests, and publishes the current package version to npm.
+
+## Why It Exists
+
+Manual `npm publish` works, but npm asks for browser authentication. Trusted publishing moves that trust to the GitHub workflow and avoids storing a reusable npm token.
+
+## Important
+
+Only run the workflow after `package.json` has a version that npm does not already have. npm will reject publishing the same version twice.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memento-mori-jester",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "A local court-jester sidecar for AI coding agents: review plans, commands, diffs, and final claims before they get too pleased with themselves.",
   "type": "module",
   "repository": {