feat: improving how releases are managed and improved logout functionality

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,9 +10,15 @@ Describe the change.
 - [ ] Documentation
 - [ ] Test
 
+## Release Impact
+
+- [ ] Release-eligible commit message used (`feat:`, `fix:`, `perf:`, `revert:`, release-scoped `docs:`, or documented breaking change)
+- [ ] No package release expected
+
 ## Checklist
 
 - [ ] Tests pass
 - [ ] No breaking changes
+- [ ] Changelog impact is clear from the commit subject/body
 - [ ] Docs updated (if needed)
 - [ ] Security implications considered

.github/workflows/ci.yml

@@ -3,19 +3,35 @@ name: CI
 on:
   pull_request:
     branches: ['**']
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   test:
     runs-on: ubuntu-latest
+    env:
+      HUSKY: 0
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [20, 24]
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20
+          node-version: ${{ matrix.node-version }}
           cache: 'npm'
 
       - name: Install dependencies
@@ -25,13 +41,16 @@ jobs:
         run: npm run lint
 
       - name: Run Tests with Coverage
-        run: npm test -- --coverage
+        run: npm test -- --coverage --runInBand
 
       - name: Build
         run: npm run build
 
+      - name: Verify package contents
+        run: npm run check-npm-build
+
       - name: Upload coverage reports to Codecov
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.node-version == 24
         uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,60 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+  id-token: write
+
+concurrency:
+  group: release-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  release:
+    if: github.repository == 'fells-code/seamless-auth-react'
+    runs-on: ubuntu-latest
+    env:
+      HUSKY: 0
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.10.0
+          package-manager-cache: false
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Test
+        run: npm test -- --runInBand
+
+      - name: Build
+        run: npm run build
+
+      - name: Verify package contents
+        run: npm run check-npm-build
+
+      - name: Release GitHub version and publish npm package
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_AUTHOR_NAME: github-actions[bot]
+          GIT_AUTHOR_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com
+          GIT_COMMITTER_NAME: github-actions[bot]
+          GIT_COMMITTER_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com
+        run: npm run semantic-release

.releaserc.json

@@ -1,23 +1,78 @@
 {
-  "branches": ["main", { "name": "dev", "prerelease": "beta" }],
+  "branches": ["main"],
+  "tagFormat": "v${version}",
   "plugins": [
-    "@semantic-release/commit-analyzer",
-    "@semantic-release/release-notes-generator",
-    "@semantic-release/changelog",
-    "@semantic-release/npm",
-    "@semantic-release/github"
-  ],
-  "preset": "conventionalcommits",
-  "releaseRules": [
-    { "type": "build", "release": false },
-    { "type": "chore", "release": false },
-    { "type": "docs", "release": false },
-    { "type": "feat", "release": "minor" },
-    { "type": "fix", "release": "patch" },
-    { "type": "perf", "release": false },
-    { "type": "refactor", "release": false },
-    { "type": "style", "release": false },
-    { "type": "test", "release": false }
-  ],
-  "tagFormat": "v${version}"
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits",
+        "releaseRules": [
+          { "breaking": true, "release": "major" },
+          { "type": "feat", "release": "minor" },
+          { "type": "fix", "release": "patch" },
+          { "type": "perf", "release": "patch" },
+          { "type": "revert", "release": "patch" },
+          { "type": "docs", "scope": "README", "release": "patch" },
+          { "type": "docs", "scope": "readme", "release": "patch" },
+          { "type": "docs", "scope": "API", "release": "patch" },
+          { "type": "docs", "scope": "api", "release": "patch" },
+          { "type": "docs", "scope": "release", "release": "patch" }
+        ],
+        "parserOpts": {
+          "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"]
+        }
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits",
+        "presetConfig": {
+          "types": [
+            { "type": "feat", "section": "Features" },
+            { "type": "fix", "section": "Bug Fixes" },
+            { "type": "perf", "section": "Performance" },
+            { "type": "revert", "section": "Reverts" },
+            { "type": "docs", "section": "Documentation" },
+            { "type": "refactor", "section": "Code Refactoring", "hidden": true },
+            { "type": "build", "section": "Build System", "hidden": true },
+            { "type": "ci", "section": "Continuous Integration", "hidden": true },
+            { "type": "test", "section": "Tests", "hidden": true },
+            { "type": "chore", "section": "Maintenance", "hidden": true },
+            { "type": "style", "section": "Styles", "hidden": true }
+          ]
+        },
+        "parserOpts": {
+          "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"]
+        }
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nAll notable changes to `@seamless-auth/react` are generated from Conventional Commits by semantic-release.\n"
+      }
+    ],
+    [
+      "@semantic-release/npm",
+      {
+        "npmPublish": true
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": ["CHANGELOG.md", "package.json", "package-lock.json"],
+        "message": "chore(release): v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false
+      }
+    ]
+  ]
 }

CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+All notable changes to `@seamless-auth/react` are generated from Conventional Commits by semantic-release.
+
+The first automated release will replace this note with the generated changelog entry for the next version.

CONTRIBUTING.md

@@ -207,16 +207,69 @@ This ensures changes remain aligned with real authentication flows and infrastru
 
 ## Commit Conventions
 
-- feat:
-- fix:
-- docs:
-- refactor:
-- test:
-- chore:
+This repository uses Conventional Commits for automated releases.
+
+Release-eligible commit types:
+
+- `feat:` creates a minor release
+- `fix:`, `perf:`, and `revert:` create patch releases
+- `docs(readme):`, `docs(api):`, and `docs(release):` create patch releases
+- `type(scope)!:` or a `BREAKING CHANGE:` footer creates a major release
+
+Non-release commit types:
+
+- `build:`
+- `chore:`
+- `ci:`
+- `docs:` without one of the release scopes above
+- `refactor:`
+- `style:`
+- `test:`
 
 Example:
 
+```bash
 feat: add configurable token expiration override
+```
+
+Write commit subjects for the changelog reader. Prefer concrete user-facing impact, such as
+`fix(provider): refresh credentials after mutation`, over vague subjects like `fix auth`.
+
+## Release Process
+
+Merging a release-eligible commit to `main` runs the `Release` GitHub Actions workflow.
+
+The workflow:
+
+- installs dependencies with `npm ci`
+- runs lint, tests, build, and package verification
+- generates release notes from Conventional Commits
+- updates `CHANGELOG.md`, `package.json`, and `package-lock.json`
+- commits the release update back to `main`
+- creates a `vX.Y.Z` GitHub tag and GitHub Release
+- publishes `@seamless-auth/react` to npm with provenance
+
+Do not create release tags manually for normal releases. The workflow owns `v*` tags after
+automation is enabled.
+
+The package runtime still supports Node 20, but release automation runs on Node 24 in GitHub
+Actions. If you need to run `npm run semantic-release` locally, use Node 24.10 or newer so it
+matches the release workflow and npm Trusted Publishing requirements.
+
+### npm Trusted Publishing
+
+npm publishing uses GitHub Actions OIDC, not a long-lived npm token. Before the first automated
+release, configure Trusted Publishing for `@seamless-auth/react` in npm with:
+
+- owner: `fells-code`
+- repository: `seamless-auth-react`
+- workflow file: `release.yml`
+- environment: leave blank unless this repo later adds a protected release environment
+
+The `Release` workflow needs `contents: write` so semantic-release can push the release commit and
+tag. If branch protection blocks GitHub Actions from pushing to `main`, allow the
+`github-actions[bot]` release commit or switch the release policy to a release-PR model before
+enabling automation.
 
 ## Pull Requests Must
 

README.md

@@ -1,6 +1,8 @@
 # @seamless-auth/react
 
 [![npm version](https://img.shields.io/npm/v/@seamless-auth/react.svg?label=%40seamless-auth%2Freact)](https://www.npmjs.com/package/@seamless-auth/react)
+[![CI](https://github.com/fells-code/seamless-auth-react/actions/workflows/ci.yml/badge.svg)](https://github.com/fells-code/seamless-auth-react/actions/workflows/ci.yml)
+[![Release](https://github.com/fells-code/seamless-auth-react/actions/workflows/release.yml/badge.svg)](https://github.com/fells-code/seamless-auth-react/actions/workflows/release.yml)
 [![coverage](https://img.shields.io/codecov/c/github/fells-code/seamless-auth-react)](https://app.codecov.io/gh/fells-code/seamless-auth-react)
 [![license](https://img.shields.io/github/license/fells-code/seamless-auth-react)](./LICENSE)
 
@@ -23,6 +25,12 @@
 npm install @seamless-auth/react
 ```
 
+## Releases
+
+Published versions are listed in [CHANGELOG.md](./CHANGELOG.md) and GitHub Releases. Releases are
+created automatically from release-eligible Conventional Commits merged to `main`, then published to
+npm with provenance from GitHub Actions.
+
 ## Choose Your Integration Style
 
 You can use this package in three ways:
@@ -113,6 +121,7 @@ You are still responsible for your app’s route protection and redirects.
   verifyStepUpWithPasskey(): Promise<StepUpVerificationResult>;
   verifyStepUpWithPasskeyPrf(input: PasskeyPrfInput): Promise<StepUpWithPasskeyPrfResult>;
   logout(): Promise<void>;
+  logoutAllSessions(): Promise<void>;
   deleteUser(): Promise<void>;
   login(identifier: string, passkeyAvailable: boolean): Promise<Response>;
   handlePasskeyLogin(): Promise<boolean>;
@@ -455,7 +464,8 @@ This package assumes a Seamless Auth-compatible backend with the auth adapter mo
 The built-in flows assume compatible endpoints for:
 
 - `/login`
-- `/logout`
+- `DELETE /logout` for the current session
+- `DELETE /logout/all` for every session owned by the current user
 - `/registration/register`
 - `/webAuthn/login/start`
 - `/webAuthn/login/finish`