feat(ci): sigstore build provenance on every publish

[amacsmith]

Summary

Adds actions/attest-build-provenance@v3.2.0 (SHA-pinned) to all three publish workflows so every CLI tarball, MCP tarball, sdist, and wheel ships with a verifiable Sigstore build provenance attestation.

• publish-cli.yml: npm pack produces cli/*.tgz -> attest -> npm publish --access public --provenance (npm's own provenance flag stays as a complementary signal).
• publish-mcp.yml: same pattern for mcp/*.tgz.
• publish-pysdk.yml: attest python-sdk/dist/* (sdist + wheel) immediately after python -m build, before pypa/gh-action-pypi-publish.

Each job now carries id-token: write (already present) plus attestations: write (new). The action SHA 96278af6caaf10aea03fd8d33a09a777ca52d62f is actions/attest-build-provenance@v3.2.0 (latest v3 release at time of writing).

Goal: OpenSSF Scorecard Signed-Releases 0/10 -> 8+/10.

Docs updated in docs/ops/release-process.md with a "Build attestations" section explaining what gets attested, required permissions, and how to gh attestation verify a downloaded artifact.

Test plan

• CI green on this PR.
• Next cli-v* / mcp-v* tag push: confirm a green "Attest build provenance" step in the workflow run, and a new entry under Actions -> Attestations for the repo.
• Next pysdk-v* GitHub Release: confirm wheel + sdist both attested.
• On a published artifact: npm pack @looptech-ai/understand-quickly-cli && gh attestation verify ./*.tgz --owner looptech-ai returns OK.
• Re-run OpenSSF Scorecard workflow after the next release; confirm Signed-Releases score climbs.

Notes

• Do not admin-merge until the parallel token-permissions PR lands so the permission blocks don't conflict.
• Free-tier compatible: no new paid services, no new dependencies.

Summary by CodeRabbit

Release Notes

• New Features

  • Provenance attestations now generated for published CLI, MCP, and Python SDK packages for verification purposes.

• Documentation

  • Added guidance on verifying package attestations and reviewing failure modes in release process documentation.

[Copilot]

Pull request overview

This PR adds GitHub/Sigstore build provenance attestations to the project’s release/publish workflows (CLI, MCP, and Python SDK) and documents how attestations work and how to verify them, aiming to improve OpenSSF Scorecard Signed-Releases.

Changes:

• Add actions/attest-build-provenance@v3.2.0 (SHA pinned) to the CLI, MCP, and Python SDK publish workflows.
• Grant attestations: write permission alongside existing OIDC id-token: write in publish workflows.
• Document the attestation mechanism, required permissions, verification commands, and failure modes in the release process docs.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
docs/ops/release-process.md	Adds a “Build attestations (Sigstore)” section describing what’s attested and how to verify attestations.
.github/workflows/publish-cli.yml	Packs the CLI, creates a provenance attestation for the .tgz, then publishes to npm.
.github/workflows/publish-mcp.yml	Packs the MCP, creates a provenance attestation for the .tgz, then publishes to npm.
.github/workflows/publish-pysdk.yml	Attests python-sdk/dist/* after build and before uploading/attaching/publishing the Python artifacts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b980c2c3-c792-41d3-992e-b90bd843cfb1

📥 Commits

Reviewing files that changed from the base of the PR and between 66a287b and 03d28d0.

📒 Files selected for processing (4)

• .github/workflows/publish-cli.yml
• .github/workflows/publish-mcp.yml
• .github/workflows/publish-pysdk.yml
• docs/ops/release-process.md

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

---

📝 Walkthrough

Walkthrough

Three package release workflows (CLI, MCP, Python SDK) are enhanced to generate Sigstore build provenance attestations. Workflow permissions add attestations: write; attestation steps are inserted after artifact packing/building. Release documentation details attestation subjects, required permissions, verification procedures, and failure conditions.

Changes

Build Provenance Attestations

Layer / File(s)	Summary
Workflow Permission Grants .github/workflows/publish-cli.yml, .github/workflows/publish-mcp.yml, .github/workflows/publish-pysdk.yml	All three publish workflows extend permissions with attestations: write to enable GitHub-native provenance attestation generation.
Attestation Step Implementation .github/workflows/publish-cli.yml, .github/workflows/publish-mcp.yml, .github/workflows/publish-pysdk.yml	Pinned actions/attest-build-provenance steps are added after artifact packing/building to generate Sigstore attestations for cli/*.tgz, mcp/*.tgz, and python-sdk/dist/*. Existing publish steps remain conditional and unchanged.
Release Process Documentation docs/ops/release-process.md	New "Build attestations (Sigstore)" section specifies artifact subjects, required job permissions, gh attestation verify commands for verification, and failure modes that prevent artifact shipping.

🎯 2 (Simple) | ⏱️ ~12 minutes

🐰 Attestations sprouting like carrots, safe and signed—
Sigstore's blessing on every release designed.
Build provenance flows through three pathways aligned,
Now all your packages are cryptographically blessed, I find! ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/signed-releases

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}