feat: prepare for npm publish and fix path security validation (#24)

## Changes

### Package Configuration
- Add `files` field to package.json to control npm package contents
- Add `allowedPluginPaths` and `allowedAbsolutePaths` to config schema
- Update `resolveConfig` to preserve security allowlist fields
- Add `--help` flag to CLI for usage information

### Path Security Enhancements
- Fix path validation to support absolute paths in allowlist
- Add case-insensitive, cross-platform path normalization (Windows/Unix)
- Skip traversal warnings for allowed absolute paths
- Update `resolvePluginPath` signature to include `allowedExtensions` parameter
- Forward `allowedAbsolutePaths` from config to extractors (basic-python, basic-node)

### Build & Testing
- Update inspect-pack.js to copy archlette.config.yaml to test directory
- Fix module-loader.ts to pass allowedAbsolutePaths correctly
- Update path-security tests to match new API signature

### Breaking Changes
- `resolvePluginPath` now has 4 parameters: `userPath`, `cliDir`, `allowedExtensions`, `allowedAbsolutePaths`

## Fixes
- Resolves security warnings for absolute paths in allowed directories
- Ensures config allowlists are properly passed through pipeline
- Improves Windows path handling with mixed separators

Author: chrislyons-dev

.github/workflows/release-please.yml

@@ -0,0 +1,19 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@v4
+        with:
+          release-type: node
+          package-name: '@chrislyons-dev/archlette'

.gitignore

@@ -9,6 +9,7 @@ coverage/
 .claude/
 CLAUDE.md
 output/
+*.tgz
 
 # MkDocs - files copied from root during build (not committed)
 docs/CONTRIBUTING.md

README.md

@@ -23,7 +23,7 @@ Archlette analyzes your TypeScript/JavaScript codebase and generates C4 architec
 - Multiple outputs — Structurizr DSL, PlantUML, Mermaid, PNG
 - CI-native — runs wherever your code runs
 
-See Archlette documenting itself: [architecture docs](docs/architecture/readme.md).
+See Archlette documenting itself: [architecture docs](docs/architecture/README.md).
 
 ---
 
@@ -143,7 +143,7 @@ Write extractors. Write validators. Write generators. See [plugin development](h
 
 ## Example
 
-See the [architecture docs](docs/architecture/readme.md) generated by Archlette for this project.
+See the [architecture docs](docs/architecture/README.md) generated by Archlette for this project.
 
 ---