Add GitHub Actions workflow for npm publishing

Publishes to npm on tag push (v*) or manual trigger.
Bypasses local 2FA issues by using NPM_TOKEN secret.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/publish.yml

@@ -0,0 +1,29 @@
+name: Publish to npm
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
+
+      - run: npm ci
+
+      - run: npm test
+
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.gitignore

@@ -30,6 +30,7 @@ Thumbs.db
 # ai temp or local only files
 CLAUDE.md
 .*/**
+!.github/**
 
 _bmad
 _bmad-output