feat: initial release + publishing infrastructure

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# The Docs & Wizard team owns the Warlock day-to-day (see CONTRIBUTING.md).
+# Security team is consulted on security-sensitive changes but is not a code owner.
+* @PostHog/team-docs-wizard

.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  # npm dependencies (currently just @virustotal/yara-x + dev tooling).
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    # Wait 7 days before proposing newly published versions 
+    cooldown:
+      default-days: 7
+    groups:
+      dev-dependencies:
+        dependency-type: development
+
+  # GitHub Actions used in our workflows – keeps pinned action SHAs current.
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    cooldown:
+      default-days: 7

.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test & build
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # v2.4.1
+        with:
+          version: 10
+          run_install: false
+
+      - name: Set up Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run tests
+        run: pnpm test
+
+      - name: Build
+        run: pnpm build

.github/workflows/release.yml

@@ -0,0 +1,76 @@
+name: 'Release'
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+# Only one release runs at a time. Prevents races when multiple PRs
+# merge close together.
+concurrency:
+  group: release
+  cancel-in-progress: false
+
+jobs:
+  release-please:
+    name: Open or update release PR / tag release
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
+    steps:
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
+        id: release
+        with:
+          config-file: release-please-config.json
+          manifest-file: .release-please-manifest.json
+
+  publish:
+    name: Publish to npm
+    needs: release-please
+    if: needs.release-please.outputs.release_created == 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    # Required reviewers for this environment are configured in the repo
+    # settings (Settings → Environments → Release): `@PostHog/team-docs-wizard`.
+    # GitHub notifies reviewers in-product and by email when a publish is pending.
+    environment: 'Release'
+    permissions:
+      contents: read
+      id-token: write  # for npm OIDC trusted publishing + provenance
+    steps:
+      - name: Checkout release tag
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          ref: ${{ needs.release-please.outputs.tag_name }}
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@eae0cfeb286e66ffb5155f1a79b90583a127a68b # v2.4.1
+        with:
+          version: 10
+          run_install: false
+
+      - name: Set up Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+      - name: Publish to npm (OIDC trusted publishing + provenance)
+        run: pnpm publish --access public --no-git-checks
+        env:
+          NPM_CONFIG_PROVENANCE: 'true'

.nvmrc

@@ -0,0 +1 @@
+22

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.1.0"
+}

README.md

@@ -324,6 +324,24 @@ pnpm test:watch   # run tests in watch mode
 pnpm build        # compile TypeScript and copy rule files to dist/
 ```
 
+## Releasing
+
+Releases follow the spirit of PostHog's [SDK release procedure](https://posthog.com/handbook/engineering/sdks/releases) – semi-automatic, with a human approval gate on the publish step and npm [OIDC trusted publishing](https://docs.npmjs.com/trusted-publishers) for the actual publish. Nobody runs `npm publish` by hand :)
+
+How it works:
+
+1. Land changes on `main` with [Conventional Commits](https://www.conventionalcommits.org/) messages (`fix:` → patch, `feat:` → minor, `feat!:` or a `BREAKING CHANGE:` footer → major). That's how [release-please](https://github.com/googleapis/release-please) knows what to bump.
+2. release-please keeps a **release PR** open that bumps the version in `package.json` and updates `CHANGELOG.md`. It keeps updating itself as more commits land.
+3. When you're ready to ship, review and merge that release PR. Merging it tags the release.
+4. The publish job then waits for approval on the **`Release` GitHub Environment**. The Docs & Wizard team (`@PostHog/team-docs-wizard`) gets a pending-deployment notification in-product and by email.
+5. Once approved, `@posthog/warlock` is published to npm via OIDC trusted publishing – no long-lived `NPM_TOKEN` anywhere.
+
+A few rules of thumb:
+
+- Don't bump the version in `package.json` by hand – release-please owns it.
+- Doc-only / CI / test-only changes use `docs:`, `ci:`, `test:` prefixes and don't trigger a version bump.
+- Anything user-facing should be `fix:` or `feat:` so it ends up in the release PR.
+
 ## Contributing
 
 See [CONTRIBUTING.md](CONTRIBUTING.md) for the contribution process, review model, rule-writing guide, and category-addition policy.

package.json

@@ -1,9 +1,12 @@
 {
   "name": "@posthog/warlock",
-  "version": "0.0.0",
+  "version": "0.1.0",
   "description": "Security scanner for PostHog's agentic flows",
   "license": "MIT",
-  "private": true,
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/PostHog/warlock.git"
+  },
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

pnpm-workspace.yaml

@@ -1,3 +1,7 @@
+packages:
+  - '.'
+# Refuse to install any dependency version published less than 7 days ago, requires pnpm >= 10.16.0.
+minimumReleaseAge: 10080
 allowBuilds:
   esbuild: true
 onlyBuiltDependencies:

release-please-config.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "release-type": "node",
+      "package-name": "@posthog/warlock",
+      "changelog-path": "CHANGELOG.md"
+    }
+  },
+  "include-component-in-tag": false
+}