chore: disable npm publishing

[bmadcode]

Summary

• Removed publish.yaml workflow (tag-triggered npm auto-publish)
• Removed npm publish step from manual-release.yaml
• Added "private": true to package.json to prevent accidental publishes

Module content is delivered via git clone in the bmm installer, not npm packages. The npm publish was only being used as a version lookup service for the installer's status/update-check, which can be replaced with git tags.

Test plan

• Verify manual-release.yaml still creates git tags and GitHub releases
• Verify npm publish fails locally due to "private": true

Summary by CodeRabbit

• Chores
  • Removed the automated npm publishing workflow that executed on version tag pushes to the repository.
  • Removed the manual npm release workflow and its associated authentication mechanism.
  • Removed npm registry configuration from the Node.js environment setup.
  • Updated configuration to mark the package as private.

[coderabbitai]

Warning

Rate limit exceeded

@bmadcode has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 44 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 634aabeb-ce3c-49f7-a2bf-9c53d109fdb0

📥 Commits

Reviewing files that changed from the base of the PR and between 420e6b3 and 4db7237.

📒 Files selected for processing (1)

• package.json

Walkthrough

The pull request disables npm publishing for the package by removing the publish workflow triggered on version tags, eliminating NPM publishing steps from the manual release workflow, and marking the package as private in its manifest.

Changes

Cohort / File(s)	Summary
NPM Publishing Workflows .github/workflows/publish.yaml, .github/workflows/manual-release.yaml	Removed automated npm publishing: deleted the publish.yaml workflow entirely and removed npm publish step, registry configuration, and packages: write permission from manual-release.yaml.
Package Metadata package.json	Added "private": true field to mark package as non-publishable.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Poem

🐰 A private warren now, no longer shared with all,
The publishing gates have closed, the courier won't call,
Our package stays secure, tucked safe away,
In private burrows deep—no npm display! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: disable npm publishing' directly and accurately summarizes the main change: disabling npm publishing through workflow removal and package.json configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/disable-npm-publish

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[augmentcode]

🤖 Augment PR Summary

Summary: Disables npm publishing for this module, aligning distribution with the installer’s git-clone delivery model.

Changes:

• Removed the tag-triggered publish.yaml workflow that auto-published to npm
• Removed npm registry setup/permissions and the npm publish step from manual-release.yaml
• Marked the package as "private": true to prevent accidental local publishes

Technical Notes: The release workflow now focuses on version bumping, git tags, and GitHub releases; any “version lookup” behavior previously relying on npm should be replaced with git tags.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 4: The package.json file contains the change to the "private": true field
but fails Prettier formatting checks; run the project's formatter (e.g., npm run
format:fix or npx prettier --write package.json) to normalize package.json,
verify Prettier no longer reports errors, and commit the updated package.json so
CI/Prettier --check passes; target the package.json file and ensure only
formatting changes are included alongside the existing "private": true entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f9370fb9-b4a5-4536-8965-b49b23b57a83

📥 Commits

Reviewing files that changed from the base of the PR and between a812189 and 420e6b3.

📒 Files selected for processing (3)

• .github/workflows/manual-release.yaml
• .github/workflows/publish.yaml
• package.json

💤 Files with no reviewable changes (2)

• .github/workflows/publish.yaml
• .github/workflows/manual-release.yaml