From 0041c1e4490905a14bd41f36cc9002ca96acfc11 Mon Sep 17 00:00:00 2001
From: venwork-dev <victorwork24@yahoo.com>
Date: Tue, 17 Feb 2026 14:54:49 -0600
Subject: [PATCH 1/4] feat(release): add npm metadata and fix contribution
 links

---
 .changeset/tasty-bags-obey.md        |  5 ++++
 .github/ISSUE_TEMPLATE/bug_report.md | 35 ++++++++++++++++++++++++++++
 README.md                            |  2 +-
 package.json                         |  8 +++++++
 4 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/tasty-bags-obey.md
 create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md

diff --git a/.changeset/tasty-bags-obey.md b/.changeset/tasty-bags-obey.md
new file mode 100644
index 0000000..7d66a40
--- /dev/null
+++ b/.changeset/tasty-bags-obey.md
@@ -0,0 +1,5 @@
+---
+"brand-shell": minor
+---
+
+Fix npm package metadata links by adding repository/homepage/bugs fields and making README contribution link absolute for npm rendering.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..a2da9fc
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: Report a bug in brand-shell
+title: "[bug]: "
+labels: ["bug"]
+---
+
+## Summary
+
+Briefly describe the problem.
+
+## Steps to reproduce
+
+1.
+2.
+3.
+
+## Expected behavior
+
+What should happen?
+
+## Actual behavior
+
+What happened instead?
+
+## Environment
+
+- `brand-shell` version:
+- Framework/runtime:
+- Browser (if relevant):
+- OS:
+
+## Additional context
+
+Add any logs, screenshots, links, or sample payloads here.
diff --git a/README.md b/README.md
index aee890e..05b59a0 100644
--- a/README.md
+++ b/README.md
@@ -86,4 +86,4 @@ import schema from "brand-shell/schema";
 
 SemVer is managed with Changesets.
 
-See [CONTRIBUTING.md](CONTRIBUTING.md) for development, commit policy, and release flow.
+See [CONTRIBUTING.md](https://github.com/venwork-dev/brand-shell/blob/main/CONTRIBUTING.md) for development, commit policy, and release flow.
diff --git a/package.json b/package.json
index d19db18..b14c4eb 100644
--- a/package.json
+++ b/package.json
@@ -2,6 +2,14 @@
   "name": "brand-shell",
   "version": "0.4.0",
   "description": "Reusable Header and Footer components with typed details and theme. Premium default UX, works in React, Vite, Next.js.",
+  "homepage": "https://github.com/venwork-dev/brand-shell#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/venwork-dev/brand-shell.git"
+  },
+  "bugs": {
+    "url": "https://github.com/venwork-dev/brand-shell/issues"
+  },
   "type": "module",
   "main": "./dist/index.mjs",
   "module": "./dist/index.mjs",

From adfb17b7c9a6866af79670f39b25406f9eb9d0ba Mon Sep 17 00:00:00 2001
From: venwork-dev <victorwork24@yahoo.com>
Date: Tue, 17 Feb 2026 20:43:52 -0600
Subject: [PATCH 2/4] chore(cleanup): switch npm release workflow

---
 .changeset/metal-lions-share.md |  5 +++++
 .github/workflows/release.yml   | 23 -----------------------
 CONTRIBUTING.md                 |  7 ++++---
 3 files changed, 9 insertions(+), 26 deletions(-)
 create mode 100644 .changeset/metal-lions-share.md

diff --git a/.changeset/metal-lions-share.md b/.changeset/metal-lions-share.md
new file mode 100644
index 0000000..acacdab
--- /dev/null
+++ b/.changeset/metal-lions-share.md
@@ -0,0 +1,5 @@
+---
+"brand-shell": patch
+---
+
+Switch npm release workflow to Trusted Publishing (OIDC) by removing token-based npm auth from GitHub Actions release job.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f87918e..dec2d0c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,9 +26,6 @@ jobs:
       contents: write
       pull-requests: write
       id-token: write
-    env:
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
     steps:
       - name: Checkout
@@ -50,24 +47,6 @@ jobs:
       - name: Install Dependencies
         run: bun install --frozen-lockfile
 
-      - name: Verify npm token
-        run: |
-          if [ -z "${NPM_TOKEN}" ]; then
-            echo "NPM_TOKEN is not configured."
-            echo "Add it in GitHub repository settings > Secrets and variables > Actions."
-            exit 1
-          fi
-          if [[ "${NPM_TOKEN}" != npm_* ]]; then
-            echo "NPM_TOKEN format looks invalid. It should start with npm_."
-            exit 1
-          fi
-
-      - name: Verify npm auth identity
-        run: |
-          npm --version
-          npm config get registry
-          npm whoami
-
       - name: Create release PR or publish
         uses: changesets/action@v1
         with:
@@ -77,5 +56,3 @@ jobs:
           commit: "chore(release): version packages"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7a2a676..ffcee42 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -69,9 +69,10 @@ Release is automated through GitHub Actions.
 
 ## NPM Publish Notes
 
-- Use repository secret `NPM_TOKEN`.
-- Token must support publish and bypass 2FA for automation.
-- Release workflow verifies `npm whoami` before publish.
+- Publish uses npm Trusted Publishing (OIDC) from GitHub Actions.
+- Keep `id-token: write` permission in `/Users/mounikathota/brand-shell/.github/workflows/release.yml`.
+- Configure Trusted Publisher in npm package settings for this repository/workflow.
+- Do not store long-lived `NPM_TOKEN` once Trusted Publishing is active.
 
 ## Pull Request Checklist
 

From 38d688bad02e17402bff7f102fbbf0e0fe001bb5 Mon Sep 17 00:00:00 2001
From: venwork-dev <victorwork24@yahoo.com>
Date: Tue, 17 Feb 2026 20:49:19 -0600
Subject: [PATCH 3/4] chore: cleanup

---
 .changeset/tasty-bags-obey.md | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 .changeset/tasty-bags-obey.md

diff --git a/.changeset/tasty-bags-obey.md b/.changeset/tasty-bags-obey.md
deleted file mode 100644
index 7d66a40..0000000
--- a/.changeset/tasty-bags-obey.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-"brand-shell": minor
----
-
-Fix npm package metadata links by adding repository/homepage/bugs fields and making README contribution link absolute for npm rendering.

From db0cd1fcab0ff1eee3b83837f76c0a0d5c4ed85a Mon Sep 17 00:00:00 2001
From: venwork-dev <victorwork24@yahoo.com>
Date: Tue, 17 Feb 2026 20:50:44 -0600
Subject: [PATCH 4/4] chore: cleanup

---
 .changeset/{metal-lions-share.md => cute-states-accept.md} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename .changeset/{metal-lions-share.md => cute-states-accept.md} (86%)

diff --git a/.changeset/metal-lions-share.md b/.changeset/cute-states-accept.md
similarity index 86%
rename from .changeset/metal-lions-share.md
rename to .changeset/cute-states-accept.md
index acacdab..3d63cc5 100644
--- a/.changeset/metal-lions-share.md
+++ b/.changeset/cute-states-accept.md
@@ -1,5 +1,5 @@
 ---
-"brand-shell": patch
+"brand-shell": minor
 ---
 
 Switch npm release workflow to Trusted Publishing (OIDC) by removing token-based npm auth from GitHub Actions release job.