feat: publish library to the npm registry

[weaponsforge]

• Feat: publish library to the npm registry on new Releases, #10

Summary by CodeRabbit

• New Features

  • NPM publish workflow added; package renamed/updated with TypeScript types and CLI command renamed to "sendemail".
  • Public API now exports buildHtml.

• Documentation

  • README restructured and expanded; new NPM-focused docs and updated quickstart/examples.

• Bug Fixes

  • Removed stray startup debug output.

• Chores

  • Windows release artifact naming adjusted; publish-prep script and ignore rules updated.

• Tests

  • CLI tests updated to use the new CLI command name.

[coderabbitai]

Warning

Rate limit exceeded

@weaponsforge has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 56 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 2b3654f and f8dbc7a.

📒 Files selected for processing (1)

• README.md

📝 Walkthrough

Walkthrough

Adds a publish-npm job to the release workflow, renames Windows release artifacts to the sendemail-win_ prefix, updates package metadata and exports for npm, adds an npm-publish prep script and npm-focused docs, adjusts ignore files, removes a stray console.log, and exports buildHtml.

Changes

Cohort / File(s)	Summary
Release Workflow .github/workflows/release.yml	Added publish-npm job (runs for releases whose target_commitish == main; needs lint-test-app & build-sea; sets Node v24.11.0; runs npm ci, npm run transpile, app/scripts/npm-publish.sh, and npm publish with provenance/public). Renamed Windows artifact filenames from sendemail_... → sendemail-win_... in Prepare App and Attach Artifact steps.
Package Configuration app/package.json	Scoped package name (@weaponsforge/sendemail), version bump, added types, exports, files, changed CLI bin key/value to sendemail, renamed scripts (sendemail, sendemail:dev), and updated repository/keywords.
NPM Publication Script app/scripts/npm-publish.sh	New script copying LICENSE and docs/README_NPM.md into app/ to prepare package before publishing.
Public API / Entry Exports app/src/index.ts, app/index.ts	Exported buildHtml from app/src/index.ts; changed re-export path to ./lib/index.js; removed console.log('entry point') from app/index.ts.
CLI / Tests / Meta app/src/__tests__/cli.test.ts, app/src/scripts/cli/lib/meta.ts	Renamed CLI program and test invocations from send-email → sendemail (metadata and sendemail:dev test calls).
Documentation README.md, docs/README_NPM.md	README reorganized to emphasize npm package (@weaponsforge/sendemail) and updated examples/CLI commands; added detailed npm-focused docs at docs/README_NPM.md.
Ignore Rules app/.dockerignore, app/.gitignore	Added/ reordered ignore entries for *.md, LICENSE, README.md; moved .env* position; updated .dockerignore to explicitly ignore LICENSE and README.md.

Sequence Diagram(s)

sequenceDiagram
    participant Actions as "GitHub Actions\n(release workflow)"
    participant Repo as "Repository\n(checkout tag)"
    participant Node as "Runner\n(setup-node v24.11.0)"
    participant Builder as "Build\n(npm ci + npm run transpile)"
    participant Prep as "Prep Script\n(app/scripts/npm-publish.sh)"
    participant Registry as "npm Registry"

    Note over Actions,Repo: publish-npm job triggers on main-target release
    Actions->>Repo: checkout repository at release tag
    Actions->>Node: setup-node v24.11.0
    Node->>Builder: run npm ci and npm run transpile
    Builder->>Prep: execute app/scripts/npm-publish.sh
    Prep->>Repo: copy LICENSE & docs/README_NPM.md → app/README.md
    Builder->>Registry: npm publish (with provenance, access public)
    Registry-->>Actions: publish result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: publish sea windows cli binary on releases page #45 — changes to release workflow and Windows executable packaging; directly related to artifact renaming and release steps.
• feat: create tests sending email from the cli #37 — modifications around buildHtml export and CLI surface; related to the added export and package API surface.
• perf: update dependencies and node version #41 — workflow and publish configuration updates; related to the new publish-npm job and Node/npm setup.

Poem

🐰 I hop, I patch, I tag the nightly vine,
I tuck a README, copy LICENSE fine.
Win-bins wear a flag, the CLI finds a name,
npm hums a publish — little rabbit’s game.
Release carrots gleam — hop, commit, proclaim!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objective: implementing npm registry publishing for the library, which is the primary focus evident from the workflow changes and package metadata updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/SE-10

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (2)

app/.dockerignore (1)

31-31: !README_NPM.md exception appears misaligned with generated file name.

Line 31 unignores README_NPM.md, but publish prep writes app/README.md. Aligning this to !README.md (or removing it) would make intent clearer.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/.dockerignore` at line 31, The .dockerignore currently contains an
unignore pattern "!README_NPM.md" which doesn't match the actual generated file
name; update the exception to "!README.md" (or remove the unignore line) so the
unignored filename matches the publish/prep output. Locate the "!README_NPM.md"
entry in app/.dockerignore and replace it with "!README.md" or delete the line
to ensure the intended README is not accidentally ignored.

app/.gitignore (1)

22-22: !README_NPM.md doesn’t match the file created for publish prep.

Line 22 unignores README_NPM.md, but the publish script creates app/README.md. Consider switching to !README.md (or removing the exception) to avoid confusion.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/.gitignore` at line 22, The .gitignore currently unignores
"README_NPM.md" but the publish prep creates "app/README.md"; update the
unignore pattern in .gitignore by replacing "!README_NPM.md" with "!README.md"
(or remove the exception entirely) so the actual generated README is
tracked/included; look for the "!README_NPM.md" entry in the .gitignore and
change it to "!README.md" to match the publish script output.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 126-127: The tarball created by the tar command is named
sendemail-win_${{github.ref_name}}.tar.gz but the upload step expects
sendemail_${{github.ref_name}}.tar.gz; update one of them so both use the exact
same filename (either rename the created tar to
sendemail_${{github.ref_name}}.tar.gz or change the upload target to
sendemail-win_${{github.ref_name}}.tar.gz) and ensure the mv/tar commands
(sending sendemail-win_${{github.ref_name}}.exe →
sendemail-win_${{github.ref_name}}.tar.gz) and the release upload step reference
the identical artifact name.

In `@docs/README_NPM.md`:
- Line 140: The sample instantiates the wrong class name; replace the incorrect
identifier MyOauthClient with the declared class MyOAuthClient in the README
snippet so the example matches the actual exported class (update any occurrences
of MyOauthClient to MyOAuthClient).
- Around line 49-52: Update the README quickstart install command to use the
correct package name; replace the incorrect `npm install sendemail` with `npm
install send-email` so it matches the package manifest (`send-email`) in this PR
and prevents confusion for users following the docs.
- Line 7: The "windows binaries" local anchor
'#️-building-the-windows-executable-file' is invalid; either update the link
target to the actual heading slug present in the document or add a matching
heading named "Building the Windows executable file" (or the exact anchor text)
so the fragment resolves; search for the "windows binaries" link and replace the
fragment '#️-building-the-windows-executable-file' with the correct slug or
create the corresponding section heading to restore the local anchor.
- Line 89: The example incorrectly imports buildHtml from 'send-email' but that
symbol is not exported from the package root; update the sample to either remove
buildHtml from the import and only import the supported root exports (e.g.,
send, EmailSender, EmailTransport, GmailOAuthClient, SchemaValidator) or change
the import to the correct internal module that actually exports buildHtml if one
exists; locate the import line referencing buildHtml and replace it with a valid
import of only exported symbols or the correct submodule path.

In `@README.md`:
- Around line 6-8: Add the missing npm package URL to the "Node.js package"
bullet: update the line that reads "A Node.js package is available at" (the
"**Node.js package**" bullet) to include the package destination (e.g., an npm
or GitHub package link or the package name with its npm URL) so readers can
click through to install or view the package; ensure the link is formatted as a
Markdown link and includes the canonical package name and URL.

---

Nitpick comments:
In `@app/.dockerignore`:
- Line 31: The .dockerignore currently contains an unignore pattern
"!README_NPM.md" which doesn't match the actual generated file name; update the
exception to "!README.md" (or remove the unignore line) so the unignored
filename matches the publish/prep output. Locate the "!README_NPM.md" entry in
app/.dockerignore and replace it with "!README.md" or delete the line to ensure
the intended README is not accidentally ignored.

In `@app/.gitignore`:
- Line 22: The .gitignore currently unignores "README_NPM.md" but the publish
prep creates "app/README.md"; update the unignore pattern in .gitignore by
replacing "!README_NPM.md" with "!README.md" (or remove the exception entirely)
so the actual generated README is tracked/included; look for the
"!README_NPM.md" entry in the .gitignore and change it to "!README.md" to match
the publish script output.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8fb252d and ca2ca58.

⛔ Files ignored due to path filters (1)

• app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (9)

• .github/workflows/release.yml
• README.md
• app/.dockerignore
• app/.gitignore
• app/index.ts
• app/package.json
• app/scripts/npm-publish.sh
• app/src/index.ts
• docs/README_NPM.md

💤 Files with no reviewable changes (1)

• app/index.ts

[github-actions]

Test Results

29 tests  ±0   29 ✅ ±0   21s ⏱️ -3s
 6 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit f8dbc7a. ± Comparison against base commit 8fb252d.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

docs/README_NPM.md (3)

139-146: ⚠️ Potential issue | 🟡 Minor

Fix class name mismatch in sample (MyOauthClient vs MyOAuthClient).

The instantiated identifier does not match the declared class name.

Suggested doc fix

-const client = new MyOauthClient()
+const client = new MyOAuthClient()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/README_NPM.md` around lines 139 - 146, The sample has a class name
mismatch: the class is declared as MyOAuthClient but instantiated as
MyOauthClient; update the instantiation to use the exact declared identifier
(MyOAuthClient) or rename the class to match the instantiation so both
identifiers (MyOAuthClient and the new expression) are identical.

---

8-8: ⚠️ Potential issue | 🟡 Minor

Fix broken local anchor for Windows binaries link.

This fragment does not resolve in this document and should be removed or pointed to an existing heading.

Suggested doc fix

->    Pre-compiled [windows binaries](#️-building-the-windows-executable-file) are available for download in the latest [Releases](https://github.com/weaponsforge/send-email/releases) download page.
+>    Pre-compiled windows binaries are available for download in the latest [Releases](https://github.com/weaponsforge/send-email/releases) download page.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/README_NPM.md` at line 8, Remove or fix the broken local anchor in the
README_NPM entry that points to "#️-building-the-windows-executable-file":
locate the line containing the "Pre-compiled [windows
binaries](#️-building-the-windows-executable-file)" link and either remove the
local anchor (leaving the external Releases URL only) or replace the anchor with
a correct existing heading slug in this document (or point to the external
"Releases" page) so the "windows binaries" link resolves.

---

96-103: Verify buildHtml is actually exported from the package root.

If buildHtml is not part of the root export surface, this example will fail for consumers.

#!/bin/bash
# Verify whether buildHtml is exported from the public entrypoint referenced by docs.
rg -n -C3 '\bbuildHtml\b|^export' app/src/index.ts docs/README_NPM.md

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/README_NPM.md` around lines 96 - 103, Confirm whether buildHtml is
re-exported from the package's public entrypoint used by the docs (i.e., the
root export that consumers import from when doing "import { buildHtml } from
'send-email'"); if it is missing, add a root-level re-export (export { buildHtml
} from '<internal-module-containing-buildHtml>') or update the README example to
import buildHtml from its actual exported module; check the module that defines
buildHtml and the package's main/index export surface and ensure buildHtml
appears in that export list so the example import "import { buildHtml, send }
from 'send-email'" will work for consumers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/README_NPM.md`:
- Line 80: Update the example import statements that currently use "send-email"
to the published package name "@weaponsforge/sendemail" (e.g., change imports
like "import { send } from 'send-email'" to import from
"@weaponsforge/sendemail"); update all occurrences noted (around the import of
symbol "send" at the shown diff and the other instances listed) so documentation
matches the published package name.

---

Duplicate comments:
In `@docs/README_NPM.md`:
- Around line 139-146: The sample has a class name mismatch: the class is
declared as MyOAuthClient but instantiated as MyOauthClient; update the
instantiation to use the exact declared identifier (MyOAuthClient) or rename the
class to match the instantiation so both identifiers (MyOAuthClient and the new
expression) are identical.
- Line 8: Remove or fix the broken local anchor in the README_NPM entry that
points to "#️-building-the-windows-executable-file": locate the line containing
the "Pre-compiled [windows binaries](#️-building-the-windows-executable-file)"
link and either remove the local anchor (leaving the external Releases URL only)
or replace the anchor with a correct existing heading slug in this document (or
point to the external "Releases" page) so the "windows binaries" link resolves.
- Around line 96-103: Confirm whether buildHtml is re-exported from the
package's public entrypoint used by the docs (i.e., the root export that
consumers import from when doing "import { buildHtml } from 'send-email'"); if
it is missing, add a root-level re-export (export { buildHtml } from
'<internal-module-containing-buildHtml>') or update the README example to import
buildHtml from its actual exported module; check the module that defines
buildHtml and the package's main/index export surface and ensure buildHtml
appears in that export list so the example import "import { buildHtml, send }
from 'send-email'" will work for consumers.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ca2ca58 and 915d571.

⛔ Files ignored due to path filters (1)

• app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• README.md
• app/package.json
• docs/README_NPM.md

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/release.yml (1)

126-135: Windows artifact rename/upload names now match — addressed.

The artifact is created as sendemail-win_${{github.ref_name}}.tar.gz (Line 127) and uploaded under the same name (Line 135).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 126 - 135, The artifact filename
used when creating the Windows package
(sendemail-win_${{github.ref_name}}.tar.gz) matches the filename listed in the
softprops/action-gh-release@v2 "files" input, so no code change is needed; just
keep the current names consistent (sendemail-win_${{github.ref_name}}.exe ->
tar.gz and the files: entry) and ensure the release step remains gated by if:
startsWith(github.ref, 'refs/tags/').

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

143-143: build-sea is an unnecessary dependency for the npm publish job.

build-sea produces a Windows binary that publish-npm never downloads or uses. Depending on it means a SEA build failure blocks npm publishing even though the two are independent release artifacts. Consider depending only on lint-test-app.

♻️ Proposed refactor

-    needs: [lint-test-app, build-sea]
+    needs: [lint-test-app]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 143, The publish-npm job's needs array
currently includes an unnecessary dependency on build-sea; update the
publish-npm job definition (the needs: [ ... ] entry) so it no longer lists
build-sea and instead depends only on lint-test-app (i.e., remove "build-sea"
from the needs array for the publish-npm job) to decouple npm publishing from
the SEA Windows build.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 166-171: The "Publish package" step will fail because
actions/setup-node wrote an .npmrc that expects NODE_AUTH_TOKEN but that
environment variable is never provided; update the "Publish package" step in
.github/workflows/release.yml to inject the repo secret by adding env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} (or set at the job level) so npm
publish (and app/scripts/npm-publish.sh) can authenticate, and ensure a
repository secret named NPM_TOKEN with a scoped token for
`@weaponsforge/sendemail` exists.

---

Duplicate comments:
In @.github/workflows/release.yml:
- Around line 126-135: The artifact filename used when creating the Windows
package (sendemail-win_${{github.ref_name}}.tar.gz) matches the filename listed
in the softprops/action-gh-release@v2 "files" input, so no code change is
needed; just keep the current names consistent
(sendemail-win_${{github.ref_name}}.exe -> tar.gz and the files: entry) and
ensure the release step remains gated by if: startsWith(github.ref,
'refs/tags/').

---

Nitpick comments:
In @.github/workflows/release.yml:
- Line 143: The publish-npm job's needs array currently includes an unnecessary
dependency on build-sea; update the publish-npm job definition (the needs: [ ...
] entry) so it no longer lists build-sea and instead depends only on
lint-test-app (i.e., remove "build-sea" from the needs array for the publish-npm
job) to decouple npm publishing from the SEA Windows build.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 915d571 and d443207.

📒 Files selected for processing (5)

• .github/workflows/release.yml
• app/.dockerignore
• app/.gitignore
• app/src/index.ts
• docs/README_NPM.md

🚧 Files skipped from review as they are similar to previous changes (3)

• docs/README_NPM.md
• app/.gitignore
• app/.dockerignore

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 106: Update the git clone command in README (the backticked line
containing `git clone https://github.com/weaponsforge/sendemail.git`) to use the
correct repository slug; change `weaponsforge/sendemail.git` to
`weaponsforge/send-email.git` so the clone command points to the actual repo
name.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d443207 and 2b3654f.

📒 Files selected for processing (5)

• README.md
• app/package.json
• app/src/__tests__/cli.test.ts
• app/src/scripts/cli/lib/meta.ts
• docs/README_NPM.md

✅ Files skipped from review due to trivial changes (1)

• docs/README_NPM.md