INFRA: dedupe publish workflow + CHANGELOG v0.5.0 — audit #10, #11

[ryan10sa-star]

Summary

Two pre-launch audit fixes. Neither fix alone publishes v0.5.0 to npm or PyPI — see "Manual step required" below.

Audit context: pyproject.toml, python/pyproject.toml, and typescript/package.json all declare 0.5.0, but the published npm + PyPI artifacts are still 0.4.0 because no v0.5.0 GitHub Release has been cut. Every README install command therefore pulls a build that is missing the catalog sync / gate check / signed receipts surface ARIA depends on.

---

Fix 1 — audit #11: dedupe npm publish step

.github/workflows/publish.yml had two consecutive npm publish --provenance steps for the unscoped carapace-sdk package. The second one fails with EPUBLISHCONFLICT (the same version is already published by the first step), turning green publishes red.

Diff

       - name: Publish
         working-directory: typescript
         run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN:  ${{ secrets.NPM_TOKEN }}
-      - name: Publish
-        working-directory: typescript
-        run: npm publish --provenance

   pypi:

Only one npm publish step remains (the one that has NODE_AUTH_TOKEN wired up). PyPI job untouched.

Commit: bc77950a639dddf040b6166d854611efb2508e03

---

Fix 2 — audit #10: add CHANGELOG entry for v0.5.0

CHANGELOG.md stopped at [0.4.0] — 2026-05-16. Added a new [0.5.0] — 2026-05-23 section pulled from the actual phase-B commits (be8e199, 5c9c1ec, e4274da, b9b78c0, 3f9ce59).

New section

## [0.5.0] — 2026-05-23

### Added
- **Catalog sync** — `fetch_catalog()` / `fetchCatalog()` performs an
  ETag-based read of the live ARIA registry catalog with 304 Not Modified
  support. `CatalogEntry`, `CatalogState`, and `GateResult` dataclasses /
  TypeScript types are exported from both SDKs.
- **Gate check** — `run_gate_check()` / `runGateCheck()` runs a five-gate
  pre-call delegation validation: `catalog_membership`, `active_status`,
  `revocation_clear`, `clawmark_gate`, and `delegation_valid`. Fail-open when
  the catalog is unavailable (`mode=fail_open`) and observe-only when
  `trust_gates_enabled=False`.
- **Signed receipts** — `create_receipt()` / `createReceipt()` issues
  SHA-256-hashed call receipts with optional Ed25519 signing over a JCS
  canonicalised payload. `verify_receipt()` / `verifyReceipt()` performs
  signature verification and returns a boolean (never raises).
  `post_receipt()` / `post_receipt_async()` / `postReceipt()` are
  fire-and-forget posts to ARIA that NEVER raise.
- **Delegation chains with replay protection** — receipts and gate-check
  results bind to delegation tokens so call chains can be reconstructed and
  replays detected at the registry boundary.
- **Revocation lookup** — `revocation_clear` gate consults the catalog
  revocation list; revoked agents fail-closed regardless of other gates.
- **Capability profiles** — `catalog_get()` / `catalogGet()` and
  `catalog_is_active()` / `catalogIsActive()` helpers expose per-agent
  scope requirements and Clawmark breakdowns sourced from ARIA.
- Mirrored `carapace/catalog.py` and `carapace/receipt.py` into
  `python/carapace/` so the published wheel ships the v0.5 surface.
- 40 new tests added (`tests/test_v05_phase_b.py`,
  `python/tests/test_v05_phase_b.py`, `typescript/test/v05_receipts.test.js`);
  259 total passing.

### Changed
- Clawmark trust gate now operates on the canonical 0–5 scale
  (`CANONICAL_CLAWMARK_STANDARD.md`). `CatalogEntry.clawmark_score` is a
  `float` (Python) / `number | null` (TypeScript); `from_dict` coerces
  ARIA's `null` (unscored) to `0.0`; default `score_threshold` lowered from
  `80` to `3.0` in both SDKs. Catalog fixtures converted from 0–100 to 0–5.
- TypeScript `sha256Json` now sorts keys recursively so nested object
  hashes are stable across implementations.
- TypeScript receipt signing uses a `CryptoKeyPair` so the receipt's
  `public_key` field is populated automatically.
- TypeScript catalog ETag handling strips the `W/` weak-validator prefix
  before comparison.
- `tsconfig` adds the `DOM` lib so `CryptoKey` / `CryptoKeyPair` types
  resolve.
- Package version bumped to **0.5.0** (`pyproject.toml`,
  `python/pyproject.toml`, `typescript/package.json`).

Commit: 87282471d4b7b4df28093d4ede1047822f50ac40

---

Manual step required — Ryan must cut the v0.5.0 release

Merging this PR does NOT publish v0.5.0 to npm or PyPI. The publish workflow only fires on release: [published], which the GitHub API cannot trigger from a PR context. After this PR is merged to main, Ryan must manually create the release tag:

gh release create v0.5.0 \
  --title "v0.5.0" \
  --notes-from-tag \
  --target main

(Or equivalent through the GitHub UI: Releases → "Draft a new release" → tag v0.5.0 → target main → Publish.)

Until that release is cut, npm + PyPI stay at 0.4.0 regardless of this merged PR, and every README install command will continue pulling a build that is missing the catalog sync / gate check / signed receipts surface ARIA depends on.

---

Out of scope (separate audit items)

• .github/workflows/ci.yml — untouched.
• pyproject.toml / python/pyproject.toml / typescript/package.json versions — unchanged (already 0.5.0).
• SECURITY.md — separate audit item, not addressed here.
• No protocol / source code changes.

Test plan

• CI green on this branch (no source changes; only workflow YAML + CHANGELOG)
• After merge, Ryan runs gh release create v0.5.0 ...
• Confirm Publish Packages workflow runs once and only one npm publish step executes (no EPUBLISHCONFLICT)
• Confirm npm view carapace-sdk version returns 0.5.0
• Confirm pip index versions carapace-sdk lists 0.5.0

https://claude.ai/code/session_01UEu5f1gCA5nGnZrf67RK1c

---

Generated by Claude Code

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}

[ryan10sa-star]

CI python failure (job 77493822704) is not caused by this PR.

This PR's only changes are:

• .github/workflows/publish.yml — removed a duplicate npm publish step
• CHANGELOG.md — added the v0.5.0 entry

Neither touches Python source, the pytest config, dependencies, or any imported module path. The python CI job runs pip install -e ".[dev]" then pytest from python/ — no input to that pipeline differs between this branch and main.

The fix likely needs to land on main directly. Couldn't pull the actions log without auth from here, so I can't name the specific failing test — you'll want to open the job page (actions/runs/26322399437/job/77493822704) and we can patch from there if it's small.

Not blocking this PR's content review.

---

Generated by Claude Code