chore: add npm release automation

[the-Drunken-coder]

Summary

• add a single Release workflow using Release Please for automated version bumps and CHANGELOG generation
• publish release PR merges to npm through trusted publishing/OIDC
• update package metadata so npm provenance can identify this GitHub repository
• document Conventional Commit release rules and npm trusted publisher setup

Validation

• npm test
• npm pack --dry-run
• git diff --check
• JSON/YAML syntax checks
• npm registry lookup returned 404 for sidc-kit, so no obvious package-name collision

Required npm setup before first publish

Configure npm trusted publishing for package sidc-kit:

• owner: the-Drunken-coder
• repository: sidc-kit
• workflow filename: release.yml
• allowed action: npm publish

No NPM_TOKEN is needed for this workflow.

Summary by CodeRabbit

Release Notes

• Documentation

  • Updated installation and development guidance in the README.
  • Expanded “Release Automation” details, including Conventional Commit requirements and how automated releases behave.
  • Added release-process guidance to AGENTS.

• New Features

  • Optional AI-generated release-diff summaries can be appended to GitHub release notes when configured.

• Chores

  • Enabled automated releases from main to create GitHub releases and publish to npm.
  • Updated npm package metadata and adjusted publication settings to make the package publicly publishable.

[coderabbitai]

Warning

Review limit reached

@the-Drunken-coder, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 3 minutes and 46 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f9458e25-de31-46d0-9cb7-ac0147110836

📥 Commits

Reviewing files that changed from the base of the PR and between 55cc2ab and cdb7098.

📒 Files selected for processing (7)

• .github/workflows/release.yml
• .release-please-manifest.json
• AGENTS.md
• README.md
• package.json
• release-please-config.json
• scripts/summarize-release-diff.mjs

📝 Walkthrough

Walkthrough

Adds Release Please automation for the sidc-kit package: a new GitHub Actions workflow triggers on pushes to main, conditionally runs tests and publishes to npm via OIDC trusted publishing. Optionally augments releases with OpenCode-generated diff summaries. Supporting changes include Release Please config/manifest files, package.json public publishing metadata, a new summarization script, and documentation updates.

Changes

Release Automation Setup

Layer / File(s)	Summary
Package metadata and Release Please configuration package.json, release-please-config.json, .release-please-manifest.json	Removes private from package.json, adds repository, bugs, homepage, and publishConfig: { access: "public" }. Populates release-please-config.json with node release type for sidc-kit with component tags disabled, and sets initial version "0.0.0" in the manifest.
GitHub Actions release workflow .github/workflows/release.yml	Defines a workflow triggered on main pushes with contents, pull-requests, and id-token permissions. Runs release-please-action with local config/manifest files; conditionally executes checkout, Node.js 24 setup, npm ci, npm test, and npm publish --access public only when release_created == 'true'.
OpenCode release diff summarization script scripts/summarize-release-diff.mjs	Adds a Node.js script that validates RELEASE_TAG_NAME and OPENCODE_API_KEY environment variables, gathers git diff metadata (commits, changed files, diff stats, unified patch truncated to 120KB), writes .release-diff-context.md, calls npx opencode-ai with a summarization prompt with 120-second timeout handling, and persists the generated summary to opencode-release-summary.md.
OpenCode integration in release workflow .github/workflows/release.yml	Adds conditional workflow steps that invoke scripts/summarize-release-diff.mjs with required environment variables and append the generated summary to GitHub release notes via gh release view/edit when the summary file is non-empty. Both steps use continue-on-error: true to tolerate failures and ensure npm publishing is not blocked by LLM availability.
README and AGENTS.md documentation README.md, AGENTS.md	Updates README install instructions to reference npm install sidc-kit and a local-dev clone flow. Adds a "Release Automation" section covering Release Please PR mechanics, Conventional Commit prefix mappings (patch/minor/major), and trusted npm publishing config with no long-lived token. Includes optional OpenCode integration details. Adds AGENTS.md bullets on Conventional Commit formatting and non-blocking OpenCode summaries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• the-Drunken-coder/ATLAS2#2: Both PRs modify AGENTS.md to add guidance; this PR adds release-process automation guidance while the related PR adds agent guidance documentation.
• the-Drunken-coder/easymanet#25: Both PRs modify AGENTS.md to add workflow/automation guidance for different purposes.

Poem

🐇 Hop hop, the bunny typed away,
fix: and feat: to save the day,
Release Please watches every push,
OpenCode summaries—no rush!
OIDC trusted, no tokens to hide,
Automated releases far and wide! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding npm release automation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 57-74: The "Append OpenCode summary to GitHub release" step is
missing the `continue-on-error: true` configuration. Add `continue-on-error:
true` to this step definition so that if the gh release edit command fails, the
workflow continues to the next step instead of blocking the npm publish step.
This ensures that external service failures do not prevent the publication
process.

In `@scripts/summarize-release-diff.mjs`:
- Around line 80-87: Add a timeout option to the spawnSync call that invokes npx
opencode-ai. Include a reasonable timeout value in milliseconds within the
options object (the third parameter) alongside the existing encoding and env
properties. Additionally, update the error handling logic after the spawnSync
call to check not only for result.status but also for timeout errors by
verifying if result.error?.code === 'ETIMEDOUT', and handle this timeout case
appropriately by logging an error and exiting the process to prevent the release
job from hanging indefinitely.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 957ee15f-4b7d-4887-a8a4-ab5c1ffb2423

📥 Commits

Reviewing files that changed from the base of the PR and between 53fedf0 and 4e441ce.

📒 Files selected for processing (7)

• .github/workflows/release.yml
• .release-please-manifest.json
• AGENTS.md
• README.md
• package.json
• release-please-config.json
• scripts/summarize-release-diff.mjs

✅ Files skipped from review due to trivial changes (3)

• .release-please-manifest.json
• README.md
• release-please-config.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 35-38: In the `actions/setup-node` action configuration, add a new
line `package-manager-cache: false` to the with section to explicitly disable
automatic npm caching. This prevents potential cache-poisoning attacks in the
privileged publish job that has `id-token: write` permissions. The property
should be added alongside the existing `node-version` and `registry-url`
configuration properties.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a3f37b43-9e05-45ce-bd25-6711d9d12381

📥 Commits

Reviewing files that changed from the base of the PR and between 4e441ce and 153e27c.

📒 Files selected for processing (7)

• .github/workflows/release.yml
• .release-please-manifest.json
• AGENTS.md
• README.md
• package.json
• release-please-config.json
• scripts/summarize-release-diff.mjs

✅ Files skipped from review due to trivial changes (2)

• .release-please-manifest.json
• release-please-config.json

🚧 Files skipped from review as they are similar to previous changes (3)

• README.md
• package.json
• scripts/summarize-release-diff.mjs