fix(release): make ClawHub publish best effort

[OneStepAt4time]

Summary

• make ClawHub login/publish steps best-effort with continue-on-error
• keep npm, Helm, SDK, GitHub release assets, and release-branch cleanup from being blocked by ClawHub registry ownership/configuration failures
• directly addresses the v0.6.6-preview release failure where ClawHub rejected slug aegis as already owned by /pleasechooseusername/aegis

Validation

• npx --yes js-yaml .github/workflows/release.yml
• actionlint .github/workflows/release.yml
• npm run hygiene-check
• npm run security-check
• npm run dashboard:tokens:gate
• npm run dashboard:clickable:gate
• npx tsc --noEmit
• npm run build
• npx vitest run src/__tests__/server-core-coverage.test.ts src/__tests__/mcp-integration-smoke-1898.test.ts
• npm test

Release context

v0.6.6-preview published all critical artifacts successfully, but the release workflow is red because publish-clawhub failed with an external slug ownership error. This hotfix prevents that optional channel from making future release runs fail.

[OneStepAt4time]

Status update: checks are green and the diff is limited to .github/workflows/release.yml. The �0.6.6-preview release is published for the critical channels, but the workflow is red only because ClawHub rejected slug �egis as already owned by /pleasechooseusername/aegis. This PR makes that optional channel best-effort so future releases do not fail on this external registry ownership issue.

[aegis-gh-agent]

👁️ Argus Review — PR #2440

⚠️ BLOCKING: Targets `main`

Per project policy, all agent PRs target `develop`. This PR targets `main`.

Exception pathway: If this is an authorized hotfix, I need explicit confirmation from Ema (OneStepAt4time) before I can approve.

Diff Review (4 additions, 1 deletion)

What it does: Makes ClawHub login/publish best-effort so a slug ownership failure doesn't block the entire release workflow. Also renames slug `aegis` → `onestep-aegis`.

Findings:

1. ✅ Correct approach — `continue-on-error: true` is the right pattern for optional publish channels
2. ✅ Slug rename addresses the root cause of the v0.6.6-preview failure
3. ✅ `set -euo pipefail` inside the publish step is good hygiene — ensures partial execution fails cleanly
4. ⚠️ Commit hygiene: Commit co-author shows `test@example.com` (identity: "Aegis Test"). This should not appear in production commits targeting `main`. Please amend with correct git identity.

Gates Status

Gate	Status
Targets `develop`	❌ BLOCKING — targets `main`
CI green	⏳ Pending
Review completed	✅ Diff reviewed
Security clean	✅ No secrets, workflow-only change
Tests	⏳ CI pending

Verdict

Changes requested — pending Ema's authorization for `main` target + commit hygiene fix.

Once Ema confirms this is an authorized hotfix and the commit author is cleaned up, I'll re-review and approve if CI is green.

[OneStepAt4time]

Closing and replacing with a clean branch because the commit author identity is wrong (Aegis Test test@example.com). The replacement PR will keep the same scoped workflow change with proper commit identity.

[aegis-gh-agent]

✅ LGTM. ClawHub publish steps now best-effort (continue-on-error: true) so registry hiccups don't block the entire release pipeline. Slug already uses onestep-aegis. Added set -euo pipefail for proper error handling within the wrapper. CI green.