ci: Add automated npm publishing workflow

Add separate publish workflow that depends on CI passing:

Features:
- Runs automatically when code merges to main
- Waits for CI workflow to complete successfully
- Publishes to npm with NPM_TOKEN secret
- Creates GitHub Release with version tag
- Verifies package contents before publishing

Setup:
- Add .github/workflows/publish.yml
- Add .github/workflows/README.md with setup instructions
- Requires NPM_TOKEN secret in GitHub repository settings

Workflow dependency chain:
1. CI workflow runs tests and builds
2. Publish workflow waits for CI success
3. Package published to npm
4. GitHub release created automatically

See .github/workflows/README.md for setup instructions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: facundofarias

.github/workflows/README.md

@@ -0,0 +1,167 @@
+# GitHub Actions CI/CD Workflows
+
+This repository uses GitHub Actions for continuous integration and automated npm publishing.
+
+## Workflows
+
+### 1. CI Workflow (`ci.yml`)
+
+**Triggers**: Push or PR to `main` or `develop` branches
+
+**What it does**:
+- Runs on Node.js 18.x, 20.x, and 22.x
+- Lints code with ESLint
+- Type checks with TypeScript
+- Runs full test suite (108 tests)
+- Builds the project
+- Verifies build artifacts exist
+- Tests module loading
+
+**Status**: Must pass before code can be merged
+
+### 2. Publish Workflow (`publish.yml`)
+
+**Triggers**: Automatically after CI workflow succeeds on `main` branch
+
+**What it does**:
+1. Waits for CI workflow to complete successfully
+2. Checks out code and installs dependencies
+3. Builds the project
+4. Extracts version from `package.json`
+5. Verifies package contents with `npm pack --dry-run`
+6. Publishes to npm registry (public package)
+7. Creates GitHub Release with tag `v{version}`
+
+**Dependencies**: Only runs if CI workflow passes
+
+## Setup Requirements
+
+### npm Token (Required for Publishing)
+
+You need to add an `NPM_TOKEN` secret to your GitHub repository:
+
+1. **Generate npm token**:
+   ```bash
+   npm login
+   npm token create --type automation
+   ```
+
+2. **Add to GitHub**:
+   - Go to: `https://github.com/deployhq/deployhq-mcp-server/settings/secrets/actions`
+   - Click "New repository secret"
+   - Name: `NPM_TOKEN`
+   - Value: Your npm automation token
+
+### GitHub Token (Automatic)
+
+The `GITHUB_TOKEN` is automatically provided by GitHub Actions - no setup needed.
+
+## Publishing Process
+
+### Automatic Publishing (Recommended)
+
+When you merge to `main`:
+
+```bash
+# 1. Create PR with version bump
+git checkout -b release/v1.0.1
+npm version patch  # or minor, major
+git push origin release/v1.0.1
+
+# 2. Create and merge PR to main
+# GitHub Actions will automatically:
+# - Run CI tests
+# - Publish to npm (if CI passes)
+# - Create GitHub release
+```
+
+### Manual Publishing (Not Recommended)
+
+If you need to publish manually:
+
+```bash
+npm run build
+npm publish
+```
+
+## Version Management
+
+Follow semantic versioning (SemVer):
+
+- **Patch** (`1.0.x`): Bug fixes, small changes
+  ```bash
+  npm version patch
+  ```
+
+- **Minor** (`1.x.0`): New features, backwards compatible
+  ```bash
+  npm version minor
+  ```
+
+- **Major** (`x.0.0`): Breaking changes
+  ```bash
+  npm version major
+  ```
+
+## Workflow Diagram
+
+```
+┌─────────────────────────────────────────────────────┐
+│  Push/PR to main/develop                            │
+└────────────────┬────────────────────────────────────┘
+                 │
+                 ▼
+┌─────────────────────────────────────────────────────┐
+│  CI Workflow (ci.yml)                               │
+│  ├─ Lint                                            │
+│  ├─ Type Check                                      │
+│  ├─ Test (108 tests)                                │
+│  ├─ Build                                           │
+│  └─ Verify artifacts                                │
+└────────────────┬────────────────────────────────────┘
+                 │
+                 │ (only on main branch)
+                 ▼
+┌─────────────────────────────────────────────────────┐
+│  Publish Workflow (publish.yml)                     │
+│  ├─ Wait for CI to succeed                          │
+│  ├─ Build project                                   │
+│  ├─ Verify package                                  │
+│  ├─ Publish to npm                                  │
+│  └─ Create GitHub Release                           │
+└─────────────────────────────────────────────────────┘
+```
+
+## Monitoring
+
+### View Workflow Runs
+- GitHub Actions tab: https://github.com/deployhq/deployhq-mcp-server/actions
+
+### Check Published Packages
+- npm package: https://www.npmjs.com/package/deployhq-mcp-server
+- GitHub Releases: https://github.com/deployhq/deployhq-mcp-server/releases
+
+## Troubleshooting
+
+### Publish workflow doesn't run
+- Verify CI workflow completed successfully
+- Check that push was to `main` branch
+- Check GitHub Actions tab for workflow status
+
+### npm publish fails
+- Verify `NPM_TOKEN` secret is set correctly
+- Check token hasn't expired: `npm token list`
+- Verify package name isn't taken
+- Check version hasn't been published already
+
+### GitHub Release fails
+- Usually safe to ignore if npm publish succeeded
+- Can manually create release from GitHub UI
+- Check `GITHUB_TOKEN` permissions
+
+## Security Notes
+
+- Never commit `NPM_TOKEN` to repository
+- Use automation tokens for CI/CD, not personal tokens
+- Rotate tokens regularly
+- Limit token scope to publishing only

.github/workflows/publish.yml

@@ -0,0 +1,66 @@
+name: Publish to npm
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types: [completed]
+    branches: [main]
+
+jobs:
+  publish:
+    name: Publish to npm
+    runs-on: ubuntu-latest
+
+    # Only run if CI workflow succeeded
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build project
+        run: npm run build
+
+      - name: Get package version
+        id: package-version
+        run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
+
+      - name: Verify package contents
+        run: |
+          echo "Verifying package contents for v${{ steps.package-version.outputs.version }}..."
+          ls -la dist/
+          npm pack --dry-run
+
+      - name: Publish to npm
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Create GitHub Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.package-version.outputs.version }}
+          release_name: Release v${{ steps.package-version.outputs.version }}
+          body: |
+            🚀 Published to npm: https://www.npmjs.com/package/deployhq-mcp-server/v/${{ steps.package-version.outputs.version }}
+
+            ## Installation
+            ```bash
+            npx deployhq-mcp-server
+            ```
+
+            See [README](https://github.com/deployhq/deployhq-mcp-server#readme) for full documentation.
+          draft: false
+          prerelease: false