chore: keep fiscalize private (in-house) + standard bunfig.toml auth

.github/workflows/publish.yml

@@ -14,6 +14,9 @@ jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
+    env:
+      # Lets `bun install` resolve @grunt-it packages from GitHub Packages via bunfig.toml.
+      REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -40,6 +43,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+    env:
+      REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

.gitignore

@@ -28,6 +28,3 @@ logs
 
 # macOS
 .DS_Store
-
-# Bun config with tokens
-bunfig.toml

README.md

@@ -1,8 +1,9 @@
 # @grunt-it/fiscalize
 
-Open-source Slovenian **fiscalization + e-invoicing** toolkit on the grunt-it
+Private, in-house **fiscalization + e-invoicing** toolkit for grunt-it, on the
 TS/Effect stack — the compliance-hard sliver of what Minimax does, as a reusable,
-**framework-agnostic** engine (not a full accounting suite).
+**framework-agnostic** engine (not a full accounting suite). Internal grunt-it
+tool, distributed via GitHub Packages — not a public release.
 
 It knows nothing about Medusa, HTTP frameworks, or any host: build an invoice,
 get conformant XML out. Consumers (e.g. a Medusa fiscalization plugin) wrap it as
@@ -29,15 +30,19 @@ fork away from them. Rule-change monitoring is tracked via `upkeep`.
 
 ## Install
 
-Published to GitHub Packages. Create a `bunfig.toml`:
+Published to **GitHub Packages** under the `@grunt-it` scope. Auth follows the
+house standard: a committed `bunfig.toml` that reads the token from the
+`REGISTRY_TOKEN` env var (the same config app-template / utility-belt use; CI
+provides `REGISTRY_TOKEN` as a secret). In the consuming repo:
 
 ```toml
+# bunfig.toml — no secret in the file, safe to commit
 [install.scopes]
 "@grunt-it" = { token = "$REGISTRY_TOKEN", url = "https://npm.pkg.github.com" }
 ```
 
 ```bash
-export REGISTRY_TOKEN="ghp_…"   # a PAT with read:packages
+export REGISTRY_TOKEN="ghp_…"   # locally: a PAT with read:packages
 bun add @grunt-it/fiscalize
 ```
 
@@ -142,4 +147,6 @@ bunx tsc --noEmit
 
 ## License
 
-MIT — see [`LICENSE`](./LICENSE).
+UNLICENSED — private/internal grunt-it tool. Not for public distribution.
+(Bundled third-party schema files keep their own terms — see
+[`src/lib/eslog/schema/PROVENANCE.md`](./src/lib/eslog/schema/PROVENANCE.md).)

bunfig.toml

@@ -0,0 +1,16 @@
+# Bun configuration file
+# See https://bun.sh/docs/runtime/bunfig
+#
+# @grunt-it scoped packages resolve from GitHub Packages. The token is read from
+# the REGISTRY_TOKEN env var (a PAT with read:packages) — no secret lives in this
+# file, so it is safe to commit. CI provides REGISTRY_TOKEN as a secret.
+
+[install]
+[install.scopes]
+"@grunt-it" = { token = "$REGISTRY_TOKEN", url = "https://npm.pkg.github.com" }
+
+# Optional: Configure cache directory
+# cache = "node_modules/.cache/bun"
+
+# Optional: Set default registry (uncomment if needed)
+# registry = "https://registry.npmjs.org"

package.json

@@ -1,8 +1,9 @@
 {
   "name": "@grunt-it/fiscalize",
   "version": "0.1.0",
-  "description": "Open-source Slovenian fiscalization + e-invoicing toolkit (TS/Effect). P1: EN16931 → e-SLOG 2.0 / UBL e-invoice generation + validation, deriving from E-Invoice-EU. Framework-agnostic engine.",
+  "description": "Private/internal grunt-it Slovenian fiscalization + e-invoicing toolkit (TS/Effect). P1: EN16931 → e-SLOG 2.0 / UBL e-invoice generation + validation, deriving from E-Invoice-EU. Framework-agnostic engine.",
   "type": "module",
+  "license": "UNLICENSED",
   "module": "src/index.ts",
   "exports": {
     ".": "./src/index.ts",
@@ -14,8 +15,7 @@
   "files": [
     "src",
     "README.md",
-    "ROADMAP.md",
-    "LICENSE"
+    "ROADMAP.md"
   ],
   "repository": {
     "type": "git",

src/lib/eslog/schema/PROVENANCE.md

@@ -15,5 +15,5 @@ fixture) at `src/test/sample-eslog20-with-bt.xml`, and the 1.6↔2.0 mapping
 tables ship in the package as `.xlsx` (not vendored here).
 
 e-SLOG is an open standard for Slovenian electronic business documents; these
-schema files are redistributed for interoperability. They are not covered by
-this project's MIT license — refer to ePOS/GZS for their terms.
+schema files are bundled for interoperability and keep their own terms — refer
+to ePOS/GZS. They are not part of this project's own (UNLICENSED, internal) code.