feat: implement ATS workflow with manual control and validation

- Replace all.publish.yml with ats.publish.yml focused on contracts and SDK only
- Add manual trigger with dry-run capability for testing
- Remove dependency between SDK and contracts jobs for parallel execution
- Update changeset config to use develop as base branch
- Support automatic triggers on version tags and release branches
- Implement changeset validation workflow to enforce one changeset per PR
- Add bypass labels for docs/chore changes (no-changeset, docs-only, hotfix, chore)
- Enhance changeset description with comprehensive workflow documentation
- Fix .gitignore to allow .github/ tracking for workflows
- Resolve changeset validation workflow branch detection issues
- Simplify validation logic to avoid monorepo dependency conflicts

This establishes a complete develop-first workflow with manual release control,
automated changeset validation, parallel publishing capabilities, and enterprise-grade
documentation for production-ready release management.

Signed-off-by: Miguel_LZPF <miguel.carpena@io.builders>

Author: MiguelLZPF

.changeset/changesets-workflow-integration.md

@@ -0,0 +1,41 @@
+---
+'@hashgraph/asset-tokenization-contracts': minor
+'@hashgraph/asset-tokenization-sdk': minor
+'@hashgraph/asset-tokenization-dapp': minor
+---
+
+Integrate Changesets for version management and implement enterprise-grade release workflow
+
+## Changesets Integration
+
+- Add Changesets configuration with fixed versioning for ATS packages (contracts, SDK, dapp)
+- Configure develop-branch strategy as base for version management
+- Add comprehensive changeset management scripts: create, version, publish, status, snapshot
+- Implement automated semantic versioning and changelog generation
+- Add @changesets/cli dependency for modern monorepo version management
+
+## Enterprise Release Workflow
+
+- Implement new ats.publish.yml workflow focused exclusively on contracts and SDK packages
+- Add manual trigger with dry-run capability for safe testing before actual releases
+- Configure parallel execution of contracts and SDK publishing jobs for improved performance
+- Support automatic triggers on version tags, release branches, and GitHub releases
+- Add changeset validation workflow to enforce one changeset per PR requirement
+- Include bypass labels for non-feature changes (no-changeset, docs-only, hotfix, chore)
+
+## Repository Configuration
+
+- Update .gitignore to properly track .github/ workflows while excluding build artifacts
+- Remove deprecated all.publish.yml workflow in favor of focused ATS publishing
+- Update package.json with complete changeset workflow scripts and release commands
+- Enhance documentation with new version management workflow and enterprise practices
+
+## Benefits
+
+- **Modern Version Management**: Semantic versioning with automated changelog generation
+- **Enterprise Compliance**: Manual release control with proper audit trails
+- **Parallel Publishing**: Improved CI/CD performance with independent job execution
+- **Developer Experience**: Simplified workflow with comprehensive documentation
+- **Quality Assurance**: Mandatory changeset validation ensures all changes are documented
+
+This establishes a production-ready, enterprise-grade release management system that follows modern monorepo practices while maintaining backward compatibility with existing development workflows.

.changeset/config.json

@@ -11,7 +11,7 @@
   ],
   "linked": [],
   "access": "restricted",
-  "baseBranch": "main",
+  "baseBranch": "develop",
   "updateInternalDependencies": "patch",
   "ignore": []
 }

.github/workflows/all.publish.yml

@@ -0,0 +1,169 @@
+name: ATS Publish
+
+on:
+  # Manual trigger with dry-run option
+  workflow_dispatch:
+    inputs:
+      dry-run-enabled:
+        description: 'Run npm publish with dry-run flag'
+        required: false
+        type: boolean
+        default: false
+      ref:
+        description: 'Branch/tag/commit to publish from'
+        required: false
+        type: string
+        default: 'main'
+
+  # Release published trigger (GitHub release creation) - only for ATS releases
+  release:
+    types:
+      - published
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  contracts:
+    name: Publish ATS Contracts
+    runs-on: token-studio-linux-large
+    # Only run if manual trigger OR release tag contains 'ats'/'ATS'
+    if: github.event_name == 'workflow_dispatch' || contains(github.ref_name, 'ats') || contains(github.ref_name, 'ATS')
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+          fetch-depth: 0
+
+      - name: Setup NodeJS Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+
+      - name: Create .npmrc file
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          cat << 'EOF' > .npmrc
+          //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
+          EOF
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build ATS Contracts
+        run: npm run ats:contracts:build
+
+      - name: Publish ATS Contracts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DRY_RUN: ${{ inputs.dry-run-enabled }}
+        run: |
+          echo "DRY_RUN is set to: '${DRY_RUN}'"
+
+          cd packages/ats/contracts
+
+          PUBLISH_ARGS=("--access=restricted")
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            PUBLISH_ARGS+=("--dry-run")
+            echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-contracts"
+          fi
+
+          npm publish "${PUBLISH_ARGS[@]}"
+
+  sdk:
+    name: Publish ATS SDK
+    runs-on: token-studio-linux-large
+    # Only run if manual trigger OR release tag contains 'ats'/'ATS'
+    if: github.event_name == 'workflow_dispatch' || contains(github.ref_name, 'ats') || contains(github.ref_name, 'ATS')
+    # needs: contracts  # Commented out for parallel execution
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+          fetch-depth: 0
+
+      - name: Setup NodeJS Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+
+      - name: Create .npmrc file
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          cat << 'EOF' > .npmrc
+          //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
+          EOF
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build ATS Contracts and SDK
+        run: |
+          npm run ats:contracts:build
+          npm run ats:sdk:build
+
+      - name: Publish ATS SDK
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DRY_RUN: ${{ inputs.dry-run-enabled }}
+        run: |
+          echo "DRY_RUN is set to: '${DRY_RUN}'"
+
+          cd packages/ats/sdk
+
+          PUBLISH_ARGS=("--access=restricted")
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            PUBLISH_ARGS+=("--dry-run")
+            echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-sdk"
+          fi
+
+          npm publish "${PUBLISH_ARGS[@]}"
+
+  # Summary job to report results
+  summary:
+    name: Publish Summary
+    runs-on: token-studio-linux-large
+    needs: [contracts, sdk]
+    if: always()
+    steps:
+      - name: Report Results
+        run: |
+          echo "## ATS Publish Results" >> $GITHUB_STEP_SUMMARY
+          echo "| Package | Status |" >> $GITHUB_STEP_SUMMARY
+          echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY
+          echo "| Contracts | ${{ needs.contracts.result }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| SDK | ${{ needs.sdk.result }} |" >> $GITHUB_STEP_SUMMARY
+
+          if [[ "${{ inputs.dry-run-enabled }}" == "true" ]]; then
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "🔍 **DRY RUN MODE** - No packages were actually published" >> $GITHUB_STEP_SUMMARY
+          fi