prep for 0.2.0 manual publish

Author: St0rmz1

RELEASING.md

@@ -422,64 +422,3 @@ Once the package slug exists:
 From the second release onward, the normal `workflow_dispatch` flow in
 this document applies — the workflow authenticates to npm via OIDC,
 publishes with provenance, and handles git/GitHub-release side effects.
-
----
-
-## First-time releases (2026-04-15)
-
-Today's first cut is to the `dev` channel.
-
-| Input     | Value         |
-| --------- | ------------- |
-| `channel` | `dev`         |
-| `bump`    | _(blank)_     |
-| `version` | `0.1.0-dev.1` |
-
-The explicit version is required because auto-bump from a fresh repo
-(no prior tags) would resolve to `0.0.1-dev.1`, which doesn't match the
-intended starting point.
-
-This publishes `@kilocode/shell-security@0.1.0-dev.1` to the
-`dev` dist-tag, creates the `v0.1.0-dev.1` tag (pointing at an orphan
-commit), and creates a prerelease GitHub release. `main` history is
-untouched.
-
-Subsequent dev cuts can leave `version` blank — the workflow auto-bumps
-the dev counter (`0.1.0-dev.2`, `0.1.0-dev.3`, …) until you start a new
-dev cycle with a `bump` input.
-
-### Known quirk: first-publish `latest` dist-tag
-
-On the very first publish of a brand-new npm package, npm auto-assigns
-the `latest` dist-tag to that first version, **regardless of `--tag dev`
-on the publish command**. There is no way to prevent this from the
-publish side — it's npm's behavior for ensuring every package has a
-`latest` resolvable.
-
-The publish workflow includes a `Reconcile latest dist-tag (dev publishes)`
-step that runs after every dev publish. It tries to repoint `latest` to
-the highest existing stable version. As long as no stable release has
-ever shipped (the entire pre-stable phase, e.g. while you're iterating
-on `0.1.0-dev.N`), the step has nothing to repoint to and emits a
-`::warning::` annotation on the workflow run. **This warning is expected
-and non-fatal** — it just documents that `latest` is still pointing at
-a dev version.
-
-Once you ship the first stable release with `channel=latest`, that
-publish overwrites `latest` with the stable version naturally. From
-then on the reconciliation step stays quiet.
-
-While the package is pre-stable, end users **must** install the dev
-channel explicitly:
-
-```bash
-openclaw plugins install @kilocode/shell-security@dev
-# or
-npm install @kilocode/shell-security@dev
-```
-
-Plain `openclaw plugins install @kilocode/shell-security`
-(no `@dev`) will resolve to whatever `latest` currently points at, and
-since `latest` currently points at a prerelease, OpenClaw's prerelease
-guard will refuse the install with a confusing error. See
-[README.md](./README.md) for the user-facing install instructions.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kilocode/shell-security",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "type": "module",
   "license": "MIT",
   "description": "Security analysis plugin for OpenClaw instances, powered by KiloCode",