Implement release flow

.github/workflows/release.yml

@@ -39,10 +39,36 @@ jobs:
           # Remove 'v' prefix for version number
           VERSION="${VERSION_TAG#v}"
 
+          # Extract base version (X.Y.Z) for gopher-orch download
+          # Handles both X.Y.Z and X.Y.Z.E formats
+          if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
+            # Extended version X.Y.Z.E -> base is X.Y.Z
+            BASE_VERSION=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$/\1/')
+          else
+            # Standard version X.Y.Z
+            BASE_VERSION="$VERSION"
+          fi
+
           echo "version_tag=${VERSION_TAG}" >> $GITHUB_OUTPUT
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "base_version=${BASE_VERSION}" >> $GITHUB_OUTPUT
+          echo "base_version_tag=v${BASE_VERSION}" >> $GITHUB_OUTPUT
           echo "Version Tag: ${VERSION_TAG}"
           echo "Version: ${VERSION}"
+          echo "Base Version: ${BASE_VERSION} (for gopher-orch download)"
+
+      - name: Push tag to remote
+        run: |
+          VERSION_TAG="${{ steps.version.outputs.version_tag }}"
+
+          # Check if tag exists on remote
+          if git ls-remote --tags origin | grep -q "refs/tags/${VERSION_TAG}$"; then
+            echo "Tag ${VERSION_TAG} already exists on remote"
+          else
+            echo "Pushing tag ${VERSION_TAG} to remote..."
+            git push origin "${VERSION_TAG}"
+            echo "Tag pushed successfully"
+          fi
 
       - name: Check if release already exists
         id: check_release
@@ -62,19 +88,21 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GOPHER_ORCH_TOKEN }}
         run: |
-          echo "Downloading native binaries for ${{ steps.version.outputs.version_tag }}..."
+          # Use base version for gopher-orch (X.Y.Z even if SDK is X.Y.Z.E)
+          ORCH_TAG="${{ steps.version.outputs.base_version_tag }}"
+          echo "Downloading native binaries from gopher-orch ${ORCH_TAG}..."
 
           mkdir -p downloads
 
           # Download all platform binaries from gopher-orch release
-          gh release download ${{ steps.version.outputs.version_tag }} \
+          gh release download "${ORCH_TAG}" \
             -R GopherSecurity/gopher-orch \
             -D downloads \
             -p "libgopher-orch-*.tar.gz" \
             -p "libgopher-orch-*.zip" || {
               echo "Warning: Could not download some binaries"
               echo "Available assets:"
-              gh release view ${{ steps.version.outputs.version_tag }} -R GopherSecurity/gopher-orch --json assets -q '.assets[].name'
+              gh release view "${ORCH_TAG}" -R GopherSecurity/gopher-orch --json assets -q '.assets[].name'
             }
 
           echo "Downloaded files:"
@@ -113,20 +141,20 @@ jobs:
           \`\`\`toml
           # Add to Cargo.toml
           [dependencies]
-          gopher-orch = "${VERSION}"
+          gopher-mcp-rust = "${VERSION}"
           \`\`\`
 
           Or via cargo:
 
           \`\`\`bash
-          cargo add gopher-orch@${VERSION}
+          cargo add gopher-mcp-rust@${VERSION}
           \`\`\`
 
           #### From GitHub
 
           \`\`\`toml
           [dependencies]
-          gopher-orch = { git = "https://github.com/GopherSecurity/gopher-mcp-rust.git", tag = "${VERSION_TAG}" }
+          gopher-mcp-rust = { git = "https://github.com/GopherSecurity/gopher-mcp-rust.git", tag = "${VERSION_TAG}" }
           \`\`\`
 
           ### Native Library Installation
@@ -222,8 +250,7 @@ jobs:
     needs: release
     runs-on: ubuntu-latest
     if: |
-      needs.release.outputs.release_created == 'true' &&
-      (vars.PUBLISH_CRATES == 'true' || github.event.head_commit.message contains '[publish]')
+      vars.PUBLISH_CRATES == 'true' || contains(github.event.head_commit.message, '[publish]')
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -260,8 +287,8 @@ jobs:
           echo "## crates.io Publish Summary" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "- **Version:** ${{ needs.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **crates.io:** https://crates.io/crates/gopher-orch/${{ needs.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **docs.rs:** https://docs.rs/gopher-orch/${{ needs.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **crates.io:** https://crates.io/crates/gopher-mcp-rust/${{ needs.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **docs.rs:** https://docs.rs/gopher-mcp-rust/${{ needs.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
 
   test:
     name: Run Tests

CHANGELOG.md

@@ -7,6 +7,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.2.11] - 2026-03-22
+
+## [0.1.2.10] - 2026-03-21
+
+## [0.1.2.9] - 2026-03-21
+
+## [0.1.2.8] - 2026-03-21
+
+## [0.1.2.7] - 2026-03-21
+
+## [0.1.2.6] - 2026-03-21
+
+## [0.1.2.5] - 2026-03-21
+
+## [0.1.2.4] - 2026-03-21
+
+## [0.1.2.3] - 2026-03-21
+
+## [0.1.2.1] - 2026-03-21
+
+## [0.1.2] - 2026-03-20
+
 ### Added
 - Initial release of gopher-mcp-rust SDK
 - Rust bindings for gopher-orch native library via FFI
@@ -21,6 +43,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `default` - Core functionality without auth
 - `auth` - OAuth 2.0 token validation via native library
 
+
+
+
+
+
+
+
+
+
+
+
 ---
 
-[Unreleased]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/HEAD
+[Unreleased]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.11...HEAD
+[0.1.2.11]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.10...v0.1.2.11
+[0.1.2.10]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.9...v0.1.2.10
+[0.1.2.9]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.8...v0.1.2.9
+[0.1.2.8]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.7...v0.1.2.8
+[0.1.2.7]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.6...v0.1.2.7
+[0.1.2.6]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.5...v0.1.2.6
+[0.1.2.5]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.4...v0.1.2.5
+[0.1.2.4]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.3...v0.1.2.4
+[0.1.2.3]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2.1...v0.1.2.3
+[0.1.2.1]: https://github.com/GopherSecurity/gopher-mcp-rust/compare/v0.1.2...v0.1.2.1
+[0.1.2]: https://github.com/GopherSecurity/gopher-mcp-rust/releases/tag/v0.1.2

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "gopher-mcp-rust"
-version = "0.1.2-9"
+version = "0.1.2-11"
 edition = "2021"
 authors = ["GopherSecurity"]
 description = "Rust SDK for Gopher Orch - AI Agent orchestration framework"

README.md

@@ -1,4 +1,4 @@
-# gopher-orch - Rust SDK
+# gopher-mcp-rust - Rust SDK
 
 Rust SDK for Gopher Orch - AI Agent orchestration framework with native C++ performance.
 
@@ -48,6 +48,7 @@ Rust SDK for Gopher Orch - AI Agent orchestration framework with native C++ perf
 - **Tool Orchestration** - Manage and execute tools across multiple MCP servers
 - **State Management** - Built-in state graph for complex workflows
 - **Memory Safety** - Rust's ownership system with zero-cost abstractions
+- **OAuth 2.0 Authentication** - JWT validation with JWKS support (feature-gated)
 
 ## When to Use This SDK
 
@@ -68,7 +69,7 @@ This SDK is ideal for:
                               │
                               ▼
 ┌─────────────────────────────────────────────────────────────┐
-│                  Rust SDK (gopher_orch)                     │
+│                  Rust SDK (gopher_mcp_rust)                 │
 │  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
 │  │ GopherAgent │  │ConfigBuilder│  │ Error Types         │  │
 │  └─────────────┘  └─────────────┘  └─────────────────────┘  │
@@ -95,28 +96,40 @@ This SDK is ideal for:
 
 ## Installation
 
-### Option 1: Cargo (when published)
+### Option 1: From crates.io
 
 ```toml
 [dependencies]
-gopher-orch = "0.1.0"
+gopher-mcp-rust = "0.1.2"
 ```
 
 ### Option 2: Git Dependency
 
 ```toml
 [dependencies]
-gopher-orch = { git = "https://github.com/GopherSecurity/gopher-mcp-rust.git" }
+gopher-mcp-rust = { git = "https://github.com/GopherSecurity/gopher-mcp-rust.git" }
 ```
 
 ### Option 3: Build from Source
 
 See [Building from Source](#building-from-source) section below.
 
+### With Auth Feature
+
+Enable OAuth 2.0 / JWT authentication support:
+
+```toml
+[dependencies]
+gopher-mcp-rust = { version = "0.1.2", features = ["auth"] }
+
+# Or with git
+gopher-mcp-rust = { git = "https://github.com/GopherSecurity/gopher-mcp-rust.git", features = ["auth"] }
+```
+
 ## Quick Start
 
 ```rust
-use gopher_orch::{GopherAgent, ConfigBuilder};
+use gopher_mcp_rust::{GopherAgent, ConfigBuilder};
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     // Create an agent with API key (fetches server config from remote API)
@@ -268,10 +281,10 @@ The SDK searches for the native library in this order:
 The main struct for creating and running AI agents:
 
 ```rust
-use gopher_orch::{GopherAgent, ConfigBuilder, AgentResult};
+use gopher_mcp_rust::{GopherAgent, ConfigBuilder, AgentResult};
 
 // Initialize the library (called automatically on first create)
-gopher_orch::init()?;
+gopher_mcp_rust::init()?;
 
 // Create with API key (fetches server config from remote API)
 let config = ConfigBuilder::new()
@@ -317,15 +330,15 @@ let detailed: AgentResult = agent.run_detailed("Your prompt here");
 drop(agent);
 
 // Shutdown library
-gopher_orch::shutdown();
+gopher_mcp_rust::shutdown();
 ```
 
 ### ConfigBuilder
 
 Builder for creating agent configurations:
 
 ```rust
-use gopher_orch::ConfigBuilder;
+use gopher_mcp_rust::ConfigBuilder;
 
 // With API key
 let config = ConfigBuilder::new()
@@ -351,7 +364,7 @@ assert!(!config.has_server_config());
 The SDK provides typed errors for different failure scenarios:
 
 ```rust
-use gopher_orch::{GopherAgent, ConfigBuilder, Error};
+use gopher_mcp_rust::{GopherAgent, ConfigBuilder, Error};
 
 fn main() {
     let config = ConfigBuilder::new()
@@ -383,7 +396,7 @@ fn main() {
 ### Basic Usage with API Key
 
 ```rust
-use gopher_orch::{GopherAgent, ConfigBuilder};
+use gopher_mcp_rust::{GopherAgent, ConfigBuilder};
 use std::env;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -407,7 +420,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 ### Using Local MCP Servers
 
 ```rust
-use gopher_orch::{GopherAgent, ConfigBuilder};
+use gopher_mcp_rust::{GopherAgent, ConfigBuilder};
 
 const SERVER_CONFIG: &str = r#"{
     "succeeded": true,
@@ -465,6 +478,59 @@ cd examples/server3002 && npm install && npm run dev
 ANTHROPIC_API_KEY=your-key cargo run --example client_example_json
 ```
 
+### Auth MCP Server Example
+
+The `examples/auth` directory contains a complete OAuth 2.0 protected MCP server example using Axum:
+
+```bash
+cd examples/auth
+
+# Run with auth disabled (development mode)
+./run_example.sh --no-auth
+
+# Run with full OAuth support
+./run_example.sh
+```
+
+**Features:**
+- OAuth 2.0 / OIDC discovery endpoints (RFC 8414, RFC 9728)
+- JWT token validation via native library
+- Scope-based authorization for MCP tools
+- Example weather tools with different scope requirements
+
+**Available Tools:**
+
+| Tool | Scope Required | Description |
+|------|----------------|-------------|
+| `get-weather` | None | Get current weather for a city |
+| `get-forecast` | `mcp:read` | Get 5-day weather forecast |
+| `get-weather-alerts` | `mcp:admin` | Get weather alerts for a region |
+
+**Using the Auth Client:**
+
+```rust
+use gopher_mcp_rust::GopherAuthClient;
+
+// Create auth client with JWKS endpoint
+let client = GopherAuthClient::new(
+    "https://auth.example.com/.well-known/jwks.json",
+    "https://auth.example.com"
+)?;
+
+// Validate a JWT token
+let result = client.validate_token("eyJ...", 60);
+if result.valid {
+    println!("Token is valid!");
+    println!("Subject: {}", result.payload.sub);
+    println!("Scopes: {:?}", result.payload.scope);
+}
+
+// Extract payload without validation
+let payload = client.extract_payload("eyJ...")?;
+```
+
+See [examples/auth/README.md](examples/auth/README.md) for full documentation.
+
 ---
 
 ## Development
@@ -633,7 +699,7 @@ Contributions are welcome! Please read our contributing guidelines.
 
 ## License
 
-MIT License - see [LICENSE](LICENSE) file for details.
+Apache License 2.0 - see [LICENSE](LICENSE) file for details.
 
 ## Links