v0.3.5
v0.3.5 — 2026-06-30
Documentation-only patch release. No source-code, runtime, MCP-surface, or release-engineering changes. npm Trusted Publishing + provenance unchanged.
Changed
- README top-level file links are now absolute GitHub URLs. The License badge target and License body link, plus the Contributing section's
CONTRIBUTING.md,CODE_OF_CONDUCT.md, andSECURITY.mdlinks, now point athttps://github.com/geanatz/curion/blob/main/<file>. GitHub renders both forms identically; the absolute form is required on the npm registry because onlyLICENSE,README.md, andpackage.jsonship at the top of the npm tarball, so the relativeCONTRIBUTING.md,CODE_OF_CONDUCT.md, andSECURITY.mdlinks silently 404'd for consumers reading the README from the npm page.
Fixed
.mcp.jsonis now gitignored. Claude Code'sclaude mcp add --scope projectwrites a project-scoped.mcp.jsonthat may contain environment-variable bindings and must not be committed.
Verification
- npm:
npm view @geanatz/curion version→0.3.5,dist-tags.latest→0.3.5. - npm tarball top-level files:
LICENSE,README.md,package.json(noCHANGELOG.md/CONTRIBUTING.md/CODE_OF_CONDUCT.md/SECURITY.mdshipped — README links now absolute). - Provenance: SLSA v1 attestation present.
- Publish workflow:
https://github.com/geanatz/curion/actions/runs/28436276404→ success.