fix: harden release pipeline for reliable unattended npm publish

[himerus]

Summary

The release pipeline has failed on every run since v0.1.0 was published. Three fixes are required across two files.

Root Causes

1. OIDC provenance causes 404 on every publish

NPM_CONFIG_PROVENANCE: 'true' was added in PR #31. npm OIDC provenance for unscoped packages requires the package maintainer to link the GitHub repo in npmjs.com → Package Settings → Provenance. That setup was never done. Result: every release fails with:

OIDC token exchange with the npm registry failed: 404 ...

---
*Recovered automatically by Automaker post-agent hook*

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

* **Chores**
  * Enhanced build and release workflows to streamline the publishing process, adding explicit build steps and improving configuration.
  * Simplified the prepublish phase to focus on building without redundant testing, optimizing the release preparation process.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key(s) in object: 'version'

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Walkthrough

Two configuration files are modified: the GitHub Actions release workflow is updated to explicitly execute a build step before release and removes NPM provenance configuration, while package.json simplifies the prepublishOnly script to perform only build instead of build and test.

Changes

Cohort / File(s)	Summary
CI/CD Workflow .github/workflows/release.yml	Added explicit Build step before Release; removed NPM_CONFIG_PROVENANCE: 'true' from Release environment variables.
Build Configuration package.json	Simplified prepublishOnly script to run only pnpm run build, removing the pnpm test step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• fix(ci): chain release after CI + credential fix for semantic-release #30: Both PRs modify .github/workflows/release.yml to add/run a build step before the release job.
• feat(ci): semantic-release automated publishing pipeline #22: Both PRs modify the same .github/workflows/release.yml workflow file, adjusting release steps and environment configuration.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description provides context and root cause analysis but lacks required template sections including Type of change, Related issue, Tests added, and Checklist items.	Complete the description using the repository template: add Type of change checkbox, Related issue number, Tests added confirmation, and verification checklist items.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main objective of hardening the release pipeline for reliable npm publishing, which aligns with the primary changes made.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/fix-harden-release-pipeline-for

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}