feat: add release and publish workflows

Author: shenxianpeng

.github/labeler.yml

@@ -0,0 +1,45 @@
+feature:
+  - head-branch:
+      - "^feature/"
+      - "^feat/"
+
+fix:
+  - head-branch:
+      - "^fix/"
+      - "^bugfix/"
+      - "^hotfix/"
+
+docs:
+  - all:
+      - head-branch:
+          - "^docs/"
+      - changed-files:
+          - any-glob-to-any-file: "**/*.md"
+
+chore:
+  - head-branch:
+      - "^chore/"
+      - "^build/"
+
+refactor:
+  - head-branch:
+      - "^refactor/"
+
+test:
+  - any:
+      - head-branch:
+          - "^test/"
+      - changed-files:
+          - any-glob-to-any-file: "tests/**"
+
+ci:
+  - any:
+      - head-branch:
+          - "^ci/"
+      - changed-files:
+          - any-glob-to-any-file: ".github/workflows/**"
+
+dependencies:
+  - head-branch:
+      - "^deps/"
+      - "^dependabot/"

.github/release-drafter.yml

@@ -0,0 +1,49 @@
+name-template: "v$RESOLVED_VERSION"
+tag-template: "v$RESOLVED_VERSION"
+change-template: "- $TITLE by @$AUTHOR (#$NUMBER)"
+change-title-escapes: "\\<*_&`"
+no-changes-template: "- No user-facing changes in this release."
+template: |
+  ## What's Changed
+
+  $CHANGES
+
+categories:
+  - title: Features
+    labels:
+      - feature
+  - title: Fixes
+    labels:
+      - fix
+  - title: Documentation
+    labels:
+      - docs
+  - title: Maintenance
+    labels:
+      - chore
+      - refactor
+      - test
+      - ci
+      - dependencies
+
+exclude-labels:
+  - skip-changelog
+
+version-resolver:
+  major:
+    labels:
+      - major
+      - breaking
+  minor:
+    labels:
+      - feature
+  patch:
+    labels:
+      - fix
+      - docs
+      - chore
+      - refactor
+      - test
+      - ci
+      - dependencies
+  default: patch

.github/workflows/labeler.yml

@@ -0,0 +1,22 @@
+name: PR Autolabeler
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - edited
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  labeler:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          sync-labels: true

.github/workflows/main.yml

@@ -0,0 +1,63 @@
+name: main
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - "**.py"
+      - "pyproject.toml"
+      - "README.md"
+      - ".github/workflows/**"
+      - ".github/*.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e .[dev]
+
+      - name: Run tests
+        run: python -m pytest -q
+
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Install build tooling
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install build twine
+
+      - name: Build distributions
+        run: python -m build
+
+      - name: Check distributions
+        run: python -m twine check dist/*
+
+      - name: Upload distributions
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/*

.github/workflows/publish-package.yml

@@ -0,0 +1,90 @@
+name: publish package
+
+on:
+  release:
+    branches:
+      - main
+    types:
+      - published
+  workflow_dispatch:
+    inputs:
+      repository:
+        description: "Target package index"
+        required: true
+        default: testpypi
+        type: choice
+        options:
+          - testpypi
+          - pypi
+
+permissions:
+  id-token: write
+  attestations: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    outputs:
+      artifact-name: python-package-distributions
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Build distributions
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install build twine
+          python -m build
+          python -m twine check dist/*
+
+      - name: Upload distributions
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/*
+
+      - name: Create attestations
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-path: "dist/*"
+
+  publish-testpypi:
+    if: github.event_name == 'workflow_dispatch' && inputs.repository == 'testpypi'
+    needs: build
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Download distributions
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist
+
+      - name: Publish package to TestPyPI
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
+        run: python -m pip install --upgrade twine && python -m twine upload --repository testpypi dist/*
+
+  publish-pypi:
+    if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && inputs.repository == 'pypi')
+    needs: build
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Download distributions
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist
+
+      - name: Publish package to PyPI
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: python -m pip install --upgrade twine && python -m twine upload dist/*

.github/workflows/release-drafter.yml

@@ -0,0 +1,20 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  draft-release:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      pull-requests: read
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -8,9 +8,11 @@ This MCP server exposes commit-check validations as MCP tools:
 
 - `server_health` — returns server/sdk versions
 - `validate_commit_message` — validates a commit message
-- `validate_branch_name` — validates a branch name
-- `validate_author_info` — validates author name/email
+- `validate_branch_name` — validates a branch name or the current repo branch
+- `validate_author_info` — validates author name/email or the repo's git author config
 - `validate_commit_context` — runs combined checks in one call
+- `validate_repository_state` — validates latest commit, current branch, and author state for a repo
+- `describe_validation_rules` — returns the effective config and enabled rules after merging defaults and repo config
 
 All validation tools return the same structured commit-check result shape:
 
@@ -42,3 +44,28 @@ commit-check-mcp
 ```
 
 The server runs over stdio transport (recommended MCP default for local tool integrations).
+
+## Repository-Aware Validation
+
+`commit-check` is most useful when it runs against a real git repository and its `cchk.toml` or `commit-check.toml` file. This MCP server now supports that directly:
+
+- `repo_path` — run git-based validations against a specific repository
+- `config_path` — point to an explicit TOML config file; relative paths are resolved from `repo_path`
+- `config` — apply ad-hoc overrides on top of defaults and repo config
+
+Typical patterns:
+
+- Validate an explicit message with a repository's rules
+- Validate the current repository state without passing message/branch/author values manually
+- Inspect which rules are actually enabled after config merging
+
+Example payload for a repository-wide validation:
+
+```json
+{
+  "repo_path": "/path/to/repo",
+  "include_message": true,
+  "include_branch": true,
+  "include_author": true
+}
+```