Switch Pro packages to public distribution (#1901)

## Summary

This PR implements the switch from GitHub Packages to public
distribution for React on Rails Pro packages and gem.

### Changes

**1. Node Renderer NPM Package (`react_on_rails_pro/package.json`)**
- Removed `publishConfig` section to publish to npmjs.org instead of
GitHub Packages
- Updated repository URL to reflect monorepo location

**2. Release Script (`rakelib/release.rake`)**
- Updated node-renderer publishing logic (remove GitHub Packages
messaging, add npmjs.org OTP prompt)
- Updated Pro gem publishing: removed `--key github --host` arguments to
publish to RubyGems.org
- Updated documentation header to list all packages as PUBLIC
- Updated success message to reflect unified public distribution

**3. Documentation Updates**
- Removed all GitHub PAT authentication instructions
- Added license token security warning
- Updated all package name references to unscoped version
- Simplified installation flow

### Distribution Strategy

**Before:**
- Pro packages published to GitHub Packages (private)
- Customers need GitHub PAT + JWT license token
- Manual PAT generation by Justin for each customer

**After:**
- All packages published to public registries (npmjs.org + RubyGems.org)
- Customers only need JWT license token
- Runtime enforcement via JWT validation (unchanged)
- Frictionless installation with `gem install` and `npm install`

### Breaking Change

⚠️ Existing customers using GitHub Packages will need to update their
`.npmrc` configuration after this release. Justin will communicate
migration steps directly to customers.

### Security

Runtime enforcement remains completely unchanged:
- JWT license validation at Rails startup (Ruby side)
- JWT license validation at Node renderer startup (Node side)
- Grace period system still in place
- Attribution system still in place

### Testing Plan

- [ ] Dry run: `rake release[16.2.0,true]`
- [ ] Verdaccio test: `rake release[16.2.0-test.1,false,verdaccio]`
- [ ] Verify packages publish successfully to public registries
- [ ] Test installation without GitHub credentials
- [ ] Test runtime enforcement still works

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- Reviewable:start -->
- - -
This change is [<img src="https://reviewable.io/review_button.svg"
height="34" align="absmiddle"
alt="Reviewable"/>](https://reviewable.io/reviews/shakacode/react_on_rails/1901)
<!-- Reviewable:end -->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Publishing consolidated: packages now published publicly (npmjs.org &
RubyGems.org); private registry references removed, publication
messaging unified, and package names simplified to unscoped forms.
OTP/publish prompts and final release summaries updated.

* **Documentation**
* Install, release, and node-renderer docs revised for public publishing
and license-based runtime auth: simplified release commands, updated
install/import examples, startup/config guidance, and
error/tracing/integration instructions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude <[email protected]>

Author: ihabadham

CONTRIBUTING.md

@@ -129,7 +129,7 @@ Package [email protected] added ==> /Users/justin/shakacode/react-o
 Don't forget you may need to run yarn after adding packages with yalc to install/update dependencies/bin scripts.
 ```
 
-Of course, you can do the same with `react-on-rails-pro` and `@shakacode-tools/react-on-rails-pro-node-renderer` packages.
+Of course, you can do the same with `react-on-rails-pro` and `react-on-rails-pro-node-renderer` packages.
 
 This is the approach `spec/dummy` apps use, so you can also look at their implementation.
 

docs/contributor-info/releasing.md

@@ -58,9 +58,9 @@ The release task publishes 5 packages with unified versioning:
 
 1. **react-on-rails** - NPM package
 2. **react-on-rails-pro** - NPM package
-3. **react_on_rails** - RubyGem
-
-**PRIVATE (GitHub Packages):** 4. **@shakacode-tools/react-on-rails-pro-node-renderer** - NPM package 5. **react_on_rails_pro** - RubyGem
+3. **react-on-rails-pro-node-renderer** - NPM package
+4. **react_on_rails** - RubyGem
+5. **react_on_rails_pro** - RubyGem
 
 ### Version Synchronization
 

rakelib/release.rake

@@ -29,9 +29,8 @@ This will update and release:
   PUBLIC (npmjs.org + rubygems.org):
     - react-on-rails NPM package
     - react-on-rails-pro NPM package
+    - react-on-rails-pro-node-renderer NPM package
     - react_on_rails RubyGem
-  PRIVATE (GitHub Packages):
-    - @shakacode-tools/react-on-rails-pro-node-renderer NPM package
     - react_on_rails_pro RubyGem
 
 1st argument: Version (patch/minor/major OR explicit version like 16.2.0)
@@ -208,24 +207,17 @@ task :release, %i[version dry_run registry skip_push] do |_t, args|
     sh_in_dir(gem_root,
               "yarn workspace react-on-rails-pro publish --new-version #{actual_npm_version} #{npm_publish_args}")
 
-    # Publish node-renderer NPM package (to Verdaccio or GitHub Packages depending on mode)
+    # Publish node-renderer NPM package (PUBLIC on npmjs.org)
     puts "\n#{'=' * 80}"
-    if use_verdaccio
-      puts "Publishing node-renderer to Verdaccio (local)..."
-    else
-      puts "Publishing PRIVATE node-renderer to GitHub Packages..."
-    end
+    puts "Publishing PUBLIC node-renderer to #{use_verdaccio ? 'Verdaccio (local)' : 'npmjs.org'}..."
     puts "=" * 80
 
     # Publish react-on-rails-pro-node-renderer NPM package
-    node_renderer_registry = if use_verdaccio
-                               "Verdaccio (http://localhost:4873/)"
-                             else
-                               "GitHub Packages"
-                             end
-    node_renderer_name = "@shakacode-tools/react-on-rails-pro-node-renderer"
-    puts "\nPublishing #{node_renderer_name}@#{actual_npm_version} to #{node_renderer_registry}..."
-    puts "Ensure you're authenticated with GitHub Packages (see ~/.npmrc)" unless use_verdaccio
+    # Note: Uses plain `yarn publish` (not `yarn workspace`) because the node-renderer
+    # package.json is in react_on_rails_pro/ which is not defined as a workspace
+    node_renderer_name = "react-on-rails-pro-node-renderer"
+    puts "\nPublishing #{node_renderer_name}@#{actual_npm_version}..."
+    puts "Carefully add your OTP for NPM when prompted." unless use_verdaccio
     sh_in_dir(pro_gem_root,
               "yarn publish --new-version #{actual_npm_version} --no-git-tag-version #{npm_publish_args}")
 
@@ -241,14 +233,13 @@ task :release, %i[version dry_run registry skip_push] do |_t, args|
       sh_in_dir(gem_root, "gem release")
 
       puts "\n#{'=' * 80}"
-      puts "Publishing PRIVATE Ruby gem to GitHub Packages..."
+      puts "Publishing PUBLIC Pro Ruby gem to RubyGems.org..."
       puts "=" * 80
 
-      # Publish react_on_rails_pro Ruby gem to GitHub Packages
-      puts "\nPublishing react_on_rails_pro gem to GitHub Packages..."
-      puts "Ensure you have GitHub token in ~/.gem/credentials"
-      sh_in_dir(pro_gem_root,
-                "gem release --key github --host https://rubygems.pkg.github.com/shakacode-tools")
+      # Publish react_on_rails_pro Ruby gem to RubyGems.org
+      puts "\nPublishing react_on_rails_pro gem to RubyGems.org..."
+      puts "Carefully add your OTP for Rubygems when prompted."
+      sh_in_dir(pro_gem_root, "gem release")
     end
   end
 
@@ -286,13 +277,13 @@ task :release, %i[version dry_run registry skip_push] do |_t, args|
       Published to #{npm_registry_note}:
         - react-on-rails@#{actual_npm_version}
         - react-on-rails-pro@#{actual_npm_version}
-        - @shakacode-tools/react-on-rails-pro-node-renderer@#{actual_npm_version}
+        - react-on-rails-pro-node-renderer@#{actual_npm_version}
     MSG
 
     unless use_verdaccio
-      msg += "\n  Ruby Gems:\n"
-      msg += "    - react_on_rails #{actual_gem_version} (RubyGems.org)\n"
-      msg += "    - react_on_rails_pro #{actual_gem_version} (GitHub Packages)\n"
+      msg += "\n  Ruby Gems (RubyGems.org):\n"
+      msg += "    - react_on_rails #{actual_gem_version}\n"
+      msg += "    - react_on_rails_pro #{actual_gem_version}\n"
     end
 
     if skip_push
@@ -313,7 +304,7 @@ task :release, %i[version dry_run registry skip_push] do |_t, args|
                To test installation:
                  npm install --registry http://localhost:4873/ react-on-rails@#{actual_npm_version}
                  npm install --registry http://localhost:4873/ react-on-rails-pro@#{actual_npm_version}
-                 npm install --registry http://localhost:4873/ @shakacode-tools/react-on-rails-pro-node-renderer@#{actual_npm_version}
+                 npm install --registry http://localhost:4873/ react-on-rails-pro-node-renderer@#{actual_npm_version}
 
                Note: Ruby gems were not published (Verdaccio is NPM-only)
 

react_on_rails_pro/CONTRIBUTING.md

@@ -347,24 +347,13 @@ Contact Justin Gordon, [[email protected]](mailto:[email protected]) for r
 
 ## Prerequisites
 
-You need authentication for both public and private package registries:
+You need authentication for public package registries:
 
 **Public packages (npmjs.org + rubygems.org):**
 - NPM: Run `npm login`
 - RubyGems: Standard credentials via `gem push`
 
-**Private packages (GitHub Packages):**
-- Get a GitHub personal access token with `write:packages` scope
-- Configure `~/.npmrc`:
-  ```ini
-  //npm.pkg.github.com/:_authToken=<TOKEN>
-  always-auth=true
-  ```
-- Configure `~/.gem/credentials`:
-  ```yaml
-  :github: Bearer <GITHUB_TOKEN>
-  ```
-- Set environment variable: `export GITHUB_TOKEN=<TOKEN>`
+All React on Rails and React on Rails Pro packages are now published publicly to npmjs.org and RubyGems.org.
 
 ## Release Command
 

react_on_rails_pro/docs/code-splitting-loadable-components.md

@@ -245,7 +245,7 @@ In your `node-renderer.js` file which runs node renderer, you need to specify `s
 ```js
 const path = require('path');
 const env = process.env;
-const { reactOnRailsProNodeRenderer } = require('@shakacode-tools/react-on-rails-pro-node-renderer');
+const { reactOnRailsProNodeRenderer } = require('react-on-rails-pro-node-renderer');
 
 const config = {
   ...

react_on_rails_pro/docs/contributors-info/releasing.md

@@ -35,6 +35,6 @@ rake release[17.0.0,false,verdaccio]
 This unified script releases all 5 packages together:
 - react-on-rails (NPM)
 - react-on-rails-pro (NPM)
+- react-on-rails-pro-node-renderer (NPM)
 - react_on_rails (RubyGem)
-- @shakacode-tools/react-on-rails-pro-node-renderer (NPM, GitHub Packages)
-- react_on_rails_pro (RubyGem, GitHub Packages)
+- react_on_rails_pro (RubyGem)