feat: improve repository security and cleanup

- Add comprehensive .gitignore rules for local configs and test outputs
- Protect against committing sensitive files (.mcp.json, .claude/, etc.)
- Remove test output directories and temporary files
- Prevent future accidental commits of development artifacts

Security improvements:
- Block local MCP configurations with API keys
- Ignore Claude Code settings directory
- Exclude test output and cache files

Author: yibeichan

.cliff.toml

@@ -0,0 +1,45 @@
+name: Auto-release
+
+on:
+  # ATM, this is the closest trigger to a PR merging
+  workflow_run:
+    workflows: ["Test template generation"]
+    branches: [main]
+    types: [completed]
+
+env:
+  AUTO_VERSION: v11.3.0
+
+jobs:
+  auto-release:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v5
+
+    - name: Prepare repository
+      # Fetch full git history and tags
+      run: git fetch --unshallow --tags
+
+    - name: Unset header
+      # checkout adds a header that makes branch protection report errors
+      # because the Github action bot is not a collaborator on the repo
+      run: git config --local --unset http.https://github.com/.extraheader
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Download auto
+      run: |
+        auto_download_url="$(curl -fsSL https://api.github.com/repos/intuit/auto/releases/tags/$AUTO_VERSION | jq -r '.assets[] | select(.name == "auto-linux.gz") | .browser_download_url')"
+        wget -O- "$auto_download_url" | gunzip > ~/auto
+        chmod a+x ~/auto
+
+    - name: Create release
+      run: |
+        ~/auto shipit -vv
+      env:
+        GH_TOKEN: ${{ secrets.AUTO_ORG_TOKEN }}

.github/workflows/release.yaml

@@ -170,3 +170,18 @@ selected_activities.json
 
 # Development helper scripts
 run_in_env.sh
+
+# Local MCP and tool configurations
+.mcp.json
+.autorc
+.serena/
+.claude/
+
+# Test outputs and temporary files
+test-qa-output/
+test-workflow.yml
+validate_yaml.py
+**/Final*Validation*Test*/
+
+# Additional cache patterns
+.ui_checksum_cache