feat: validate and fix publication workflow artifacts

Author: Thomo1318

.agent/workflows/publish-change.md

@@ -0,0 +1,52 @@
+---
+description: Pipeline to test, sanitize, and publish changes to jjConfig
+---
+
+### 1. Quality Assurance
+
+Verify that the code meets quality standards and documentation is up to date.
+
+0. Update Documentation Checklist:
+   - [ ] `TASKS.md`: Mark completed items, add next steps
+   - [ ] `backups/VERSION_HISTORY.md`: Add version/change notes
+   - [ ] `README.md`: Update feature list if user-facing changes
+
+1. Check for linting and formatting errors
+   `trunk check`
+
+2. (Optional) Run AI review for final check
+   `scripts/ai-review.sh`
+
+### 2. Security & Sanitization
+
+**CRITICAL**: Remove all personal identifiable information (PII) before snapshotting.
+
+// turbo 3. Run the robust sanitization script (includes auto-discovery)
+`jj security-sanitize`
+
+### 3. Commit & Publish
+
+Finalize the snapshot and push to the remote.
+
+4. Describe the changes (Write a good commit message)
+   `jj describe`
+
+5. Push to GitHub (Triggers GitGuardian pre-push hook)
+   `jj git push`
+
+6. Create the Pull Request
+   `gh pr create --web`
+
+### 4. Restore Local State
+
+**Important**: Restore your local configuration (email) so you can continue working.
+
+7. Restore PII (Email)
+   `python3 .build-artifacts/sanitize_email.py --restore`
+
+### 5. Release (After Merge)
+
+Once the PR is approved and merged integration branch:
+
+7. Create a release tag
+   `gh release create v1.0.0 --generate-notes`

.github/workflows/ggshield.yml

@@ -2,21 +2,24 @@ name: GitGuardian Scan
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   scanning:
     name: GitGuardian Scan
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0 # fetch all history so multiple commits can be scanned
 
       - name: GitGuardian scan
-        uses: GitGuardian/ggshield-action@v1.24.0
+        uses: GitGuardian/ggshield-action@v1
         env:
           GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
-          GITHUB_PUSH_BASE_SHA: ${{ github.event.base_ref }}
+          GITHUB_PUSH_BASE_SHA: ${{ github.event.before }}
           GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
           GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
           GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}

.gitignore

@@ -43,3 +43,4 @@ backups/v*/applied-*.timestamp
 
 # relay state
 /.relay/
+.cache_ggshield

.mcp/README.md

@@ -3,7 +3,7 @@
 **Repository:** jjConfig  
 **GitHub:** Thomo1318/jjConfig  
 **MCP Server:** https://gitmcp.io/Thomo1318/jjConfig  
-**Updated:** 2025-12-05T10:03:59Z
+**Updated:** 2026-01-01T06:52:31Z
 
 ## Quick Setup
 
@@ -25,5 +25,5 @@ Context files update automatically via Git hooks.
 
 ## Status
 - Branch: 
-- Commit: 1a85507dda70e8d1a1748939d0853e8745442284
-- Generated: 2025-12-05T10:03:59Z
+- Commit: b816691632b5db370256130f3bd670a6f17a9d64
+- Generated: 2026-01-01T06:52:31Z

.mcp/context.json

@@ -4,9 +4,9 @@
   "github_url": "https://github.com/Thomo1318/jjConfig.git",
   "mcp_url": "https://gitmcp.io/Thomo1318/jjConfig",
   "is_github_repo": true,
-  "generated_at": "2025-12-05T10:03:59Z",
+  "generated_at": "2026-01-01T06:52:31Z",
   "branch": "",
-  "commit": "1a85507dda70e8d1a1748939d0853e8745442284",
+  "commit": "b816691632b5db370256130f3bd670a6f17a9d64",
   "mcp_endpoints": {
     "readme": "https://gitmcp.io/Thomo1318/jjConfig/readme",
     "docs": "https://gitmcp.io/Thomo1318/jjConfig/docs",

.relay/prompts/system-prompt.md

@@ -33,13 +33,41 @@ make test
 
 # Deploy to test
 make deploy
-
✏️ Making Changes
-Configuration Changes
-	1.	Edit the main config: ⁠config.toml
	2.	Add reference files: Place in appropriate subdirectory (⁠aliases/, ⁠revsets/, etc.)
	3.	Update documentation: Reflect changes in relevant README files
-Documentation Changes
-	1.	Follow markdown best practices
	2.	Use proper headings (H1-H6)
	3.	Include code examples with syntax highlighting
	4.	Add emojis for visual appeal (sparingly)
	5.	Test all links
-Adding New Features
-	1.	Create reference file in appropriate directory
	2.	Add to README in that directory
	3.	Update main README if user-facing
	4.	Add to TASKS.md if part of roadmap
+
## ✏️ Making Changes
+
+### The Golden Workflow
+
+Follow this "Inner Loop" to ensure quality and security:
+
+#### 1. The Inner Loop (Iterate)
+> **Goal**: Get the code working and documented locally.
+1.  **Code**: `micro config.toml` (Edit your files)
+2.  **Test**: `make test` or `trunk check` (Verify immediately)
+3.  **Docs**: Update `README.md` or `alias/*.md` **in parallel** with code changes.
+4.  *Repeat until tests pass and docs match code.*
+
+#### 2. Quality Assurance
+> **Goal**: Polish before committing.
+1.  **Formating**: `trunk fmt` (Standardize style)
+2.  **AI Review**: `scripts/ai-review.sh` (Catch bugs/impovements)
+
+#### 3. Commit & Sanitize
+> **Goal**: Secure your work.
+1.  **Snapshot**: `jj describe -m "feat: description"`
+2.  **Sanitize**: `jj security-sanitize` (Scrub PII/emails)
+    *   *Critical*: Must run before pushing!
+
+#### 4. Publish
+> **Goal**: Share with the world.
+1.  **Push**: `jj git push`
+    *   *Note*: This triggers the `pre-push` hook (GitGuardian).
+2.  **PR**: `gh pr create` (Triggers CI/CD)
+
+### Adding New Features
+1.	Create reference file in appropriate directory
+2.	Add to README in that directory
+3.	Update main README if user-facing
+4.	Add to TASKS.md if part of roadmap
 🧪 Testing Changes
 Syntax Validation
 
# Test configuration syntax
@@ -178,4 +206,5 @@ We welcome feature requests! Please include:
 Your contributions make jjConfig better for everyone. We appreciate your time and effort!
 Happy contributing! 🎉
 
----
+---
+```

CONTRIBUTING.md

@@ -116,4 +116,5 @@ Need Help?
 	•	Troubleshooting: TROUBLESHOOTING.md
	•	Contributing: CONTRIBUTING.md
	•	Issues: https://github.com/Thomo1318/jjConfig/issues
	•	jj Discord: https://discord.gg/dkmfj3aGQN
 Happy hacking! 🎉
 
----
+---
+```