fix: resolve GitHub Packages publishing permission error

- Remove scoped package name (@mearman/mcp-template) from package.json
- Remove publishConfig pointing to GitHub Packages registry
- Update semantic-release to disable npm publishing (npmPublish: false)
- Remove GitHub Packages registry from semantic-release workflow
- Add separate GitHub Packages publishing step after semantic-release
- Remove NPM publishing from release workflow (template only publishes to GitHub Packages)

The issue was that semantic-release was trying to publish a scoped package
directly to GitHub Packages, which requires different permissions. Following
the pattern from mcp-wayback-machine, we now:
1. Keep an unscoped name in package.json
2. Let semantic-release handle versioning without publishing to npm
3. Publish to GitHub Packages in a separate step with the scoped name

Author: Mearman

.github/workflows/release.yml

@@ -102,12 +102,6 @@ jobs:
             sbom.spdx.json
           generate_release_notes: true
 
-      - name: Publish to NPM
-        if: ${{ secrets.NPM_TOKEN != '' }}
-        run: npm publish --access public --provenance
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
       - name: Setup Node.js for GitHub Packages
         uses: actions/setup-node@v4
         with:

.github/workflows/semantic-release.yml

@@ -28,8 +28,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          registry-url: 'https://npm.pkg.github.com'
-          scope: '@mearman'
+          registry-url: 'https://registry.npmjs.org'
 
       - name: Enable Corepack
         run: corepack enable
@@ -47,8 +46,8 @@ jobs:
         id: semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ''
+          NODE_AUTH_TOKEN: ''
         run: |
           # Capture the current version before release
           CURRENT_VERSION=$(node -p "require('./package.json').version")
@@ -87,3 +86,22 @@ jobs:
           subject-path: './dist'
           sbom-path: './sbom.spdx.json'
 
+      - name: Setup Node.js for GitHub Packages
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        uses: actions/setup-node@v4
+        with:
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@${{ github.repository_owner }}'
+
+      - name: Publish to GitHub Packages
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        run: |
+          # Update package name for GitHub Packages (must be lowercase)
+          npm pkg set name="@mearman/mcp-template"
+          # Ensure we're publishing to GitHub Packages registry
+          npm config set registry https://npm.pkg.github.com/
+          # Skip prepublishOnly script to avoid running tests with modified package name
+          npm publish --access public --provenance --ignore-scripts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.releaserc.json

@@ -7,7 +7,7 @@
 		[
 			"@semantic-release/npm",
 			{
-				"npmPublish": true,
+				"npmPublish": false,
 				"pkgRoot": "."
 			}
 		],

package.json

@@ -1,14 +1,10 @@
 {
-	"name": "@mearman/mcp-template",
+	"name": "mcp-template",
 	"version": "1.1.1",
 	"description": "Template for building MCP (Model Context Protocol) servers with TypeScript",
 	"main": "dist/index.js",
 	"bin": "dist/index.js",
 	"type": "module",
-	"publishConfig": {
-		"access": "public",
-		"registry": "https://npm.pkg.github.com"
-	},
 	"scripts": {
 		"build": "tsc",
 		"dev": "tsx watch src/index.ts",