fix(scripts): add NETWORK-aware registry resolution to release script

release.sh → release-gitea-packages.sh:

1. Renamed to clearly describe purpose (Gitea npm package release, not
   a generic release script).

2. Added NETWORK=corp/home detection matching publish-outdated-gitea-
   packages.sh pattern:
   - corp: localhost:3300 SSH tunnel + proxy env var stripping
   - home: Azure VM directly via gitea.bytelyst.com or ~/.gitea_vm_host

3. Added ~/.gitea_npm_token file fallback (same as sibling scripts).

4. Corp publishes now strip HTTP_PROXY/HTTPS_PROXY/npm_config_proxy
   env vars so npm reaches localhost tunnel directly instead of going
   through the corporate proxy (which can't reach the tunnel).

5. Updated package.json 'release' script reference.

package.json

@@ -20,7 +20,7 @@
     "clean": "pnpm -r exec rm -rf dist",
     "dns:godaddy:bytelyst": "./scripts/godaddy-sync-bytelyst-dns.sh",
     "prototype:self-test": "./scripts/prototype-self-test.sh",
-    "release": "./scripts/release.sh",
+    "release": "./scripts/release-gitea-packages.sh",
     "prepare": "husky"
   },
   "devDependencies": {

scripts/release-gitea-packages.sh

@@ -1,25 +1,52 @@
 #!/usr/bin/env bash
-# release.sh — Full release pipeline for learning_ai_common_plat
+# release-gitea-packages.sh — Version-bump + publish @bytelyst/* packages to Gitea npm registry
 #
 # Usage:
-#   ./scripts/release.sh              # apply pending changesets + publish missing/outdated packages
-#   ./scripts/release.sh --patch      # auto-bump all packages (patch) + publish
-#   ./scripts/release.sh --minor      # auto-bump all packages (minor) + publish
-#   ./scripts/release.sh --major      # auto-bump all packages (major) + publish
-#   ./scripts/release.sh --dry-run    # show what would be published, no side effects
+#   ./scripts/release-gitea-packages.sh              # apply pending changesets + publish missing/outdated packages
+#   ./scripts/release-gitea-packages.sh --patch      # auto-bump all packages (patch) + publish
+#   ./scripts/release-gitea-packages.sh --minor      # auto-bump all packages (minor) + publish
+#   ./scripts/release-gitea-packages.sh --major      # auto-bump all packages (major) + publish
+#   ./scripts/release-gitea-packages.sh --dry-run    # show what would be published, no side effects
 #
 # Required env:
-#   GITEA_NPM_TOKEN — auth token for the Gitea npm registry (needs write:package scope)
+#   GITEA_NPM_TOKEN — auth token for the Gitea npm registry (or ~/.gitea_npm_token file)
 #
 # Optional env:
-#   GITEA_NPM_REGISTRY_URL — defaults to https://gitea.bytelyst.com/api/packages/ByteLyst/npm/
+#   GITEA_NPM_REGISTRY_URL — override auto-detected registry URL
+#
+# Network handling (automatic via NETWORK env var set by switch-network.sh):
+#   NETWORK=corp  → localhost:3300 (SSH tunnel to Azure VM, proxy env stripped)
+#   NETWORK=home  → Azure VM directly (gitea.bytelyst.com or ~/.gitea_vm_host)
 
 set -euo pipefail
 
 # ── Config ─────────────────────────────────────────────────────────────────────
 
 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
-REGISTRY_URL="${GITEA_NPM_REGISTRY_URL:-https://gitea.bytelyst.com/api/packages/ByteLyst/npm/}"
+
+# ── Network-aware Gitea resolution ─────────────────────────────────────────────
+# Matches the pattern in publish-outdated-gitea-packages.sh
+NETWORK_MODE="${NETWORK:-home}"
+
+if [ "$NETWORK_MODE" = "corp" ]; then
+  GITEA_HOST="${GITEA_NPM_HOST:-localhost}"
+  GITEA_PORT="${GITEA_NPM_PORT:-3300}"
+  GITEA_BASE="http://${GITEA_HOST}:${GITEA_PORT}"
+  IS_CORP=true
+else
+  if [ -n "${GITEA_NPM_HOST:-}" ] && [ "${GITEA_NPM_HOST}" != "localhost" ]; then
+    GITEA_HOST="$GITEA_NPM_HOST"
+  elif [ -f "$HOME/.gitea_vm_host" ]; then
+    GITEA_HOST="$(cat "$HOME/.gitea_vm_host")"
+  else
+    GITEA_HOST="gitea.bytelyst.com"
+  fi
+  GITEA_PORT="${GITEA_NPM_PORT:-3300}"
+  GITEA_BASE="http://${GITEA_HOST}:${GITEA_PORT}"
+  IS_CORP=false
+fi
+
+REGISTRY_URL="${GITEA_NPM_REGISTRY_URL:-${GITEA_BASE}/api/packages/ByteLyst/npm/}"
 AUTH_TARGET="${REGISTRY_URL#http://}"
 AUTH_TARGET="${AUTH_TARGET#https://}"
 TOKEN="${GITEA_NPM_TOKEN:-}"
@@ -84,7 +111,11 @@ version_on_registry() {
 
 cd "$REPO_ROOT"
 
-[ -z "$TOKEN" ] && fail "GITEA_NPM_TOKEN is not set"
+# Resolve token from file if not in env
+if [ -z "$TOKEN" ] && [ -f "$HOME/.gitea_npm_token" ]; then
+  TOKEN="$(cat "$HOME/.gitea_npm_token")"
+fi
+[ -z "$TOKEN" ] && fail "GITEA_NPM_TOKEN is not set (env var or ~/.gitea_npm_token)"
 command -v pnpm >/dev/null 2>&1 || fail "pnpm not found in PATH"
 command -v git  >/dev/null 2>&1 || fail "git not found in PATH"
 command -v node >/dev/null 2>&1 || fail "node not found in PATH"
@@ -94,6 +125,10 @@ mkdir -p "$TMP_DIR"
 trap 'rm -rf "$TMP_DIR"' EXIT
 printf '//%s:_authToken=%s\n' "$AUTH_TARGET" "$TOKEN" > "$NPMRC_FILE"
 
+# Show resolved config
+log "Network: $NETWORK_MODE ($( [ "$IS_CORP" = true ] && echo "corp — localhost tunnel" || echo "home — Azure VM" ))"
+info "Registry: $REGISTRY_URL"
+
 # Verify token can read from registry
 log "Verifying registry credentials..."
 if ! npm view "@bytelyst/errors" version \
@@ -289,13 +324,32 @@ publish_package() {
     return
   fi
 
-  # Publish using shared npmrc
+  # Publish using shared npmrc (corp: strip proxy env so npm reaches localhost directly)
   local publish_log="$work_dir/publish.log"
-  if npm publish "$final_tgz" \
-      --registry "$REGISTRY_URL" \
-      --userconfig "$NPMRC_FILE" \
-      --silent \
-      2>"$publish_log"; then
+  local publish_ok=false
+  if [ "$IS_CORP" = true ]; then
+    if (cd "$work_dir" && env \
+        -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY \
+        -u npm_config_proxy -u npm_config_https_proxy \
+        -u NPM_CONFIG_PROXY -u NPM_CONFIG_HTTPS_PROXY \
+        -u npm_config_noproxy -u NPM_CONFIG_NOPROXY \
+        -u NODE_TLS_REJECT_UNAUTHORIZED \
+        npm publish "$final_tgz" \
+        --registry "$REGISTRY_URL" \
+        --userconfig "$NPMRC_FILE" \
+        --silent 2>"$publish_log"); then
+      publish_ok=true
+    fi
+  else
+    if npm publish "$final_tgz" \
+        --registry "$REGISTRY_URL" \
+        --userconfig "$NPMRC_FILE" \
+        --silent \
+        2>"$publish_log"; then
+      publish_ok=true
+    fi
+  fi
+  if [ "$publish_ok" = true ]; then
     ok "  ✅ $name@$version published"
     PUBLISHED+=("$name@$version")
   else