chore: chain138-open-snap canonical repo, submodule, publish script

- Point AGENTS.md at Defi-Oracle-Tooling/chain138-snap-minimal; document nested submodule in SUBMODULE_RELATIONSHIP_MAP
- Bump metamask-integration submodule (chain138-snap-minimal nested submodule on Gitea)
- Add publish-chain138-open-snap.sh with canonical repo comment

Made-with: Cursor

scripts/deployment/publish-chain138-open-snap.sh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# Publish chain138-open-snap to the public npm registry (open-permission MetaMask Snap).
+#
+# Authentication (first that applies):
+#   1) NPM_ACCESS_TOKEN or NPM_TOKEN (e.g. in metamask-integration/chain138-snap/.env,
+#      auto-sourced by this script). Use a Granular token with permission to publish
+#      this package and enable "Bypass two-factor authentication (2FA)" so publish does
+#      not require an authenticator code (see npm token settings).
+#   2) Otherwise: existing npm login — npm whoami must succeed.
+#
+# If npm returns EOTP, either recreate the token with 2FA bypass for publish, or pass
+# a one-time code through to npm publish, e.g.:
+#   ./scripts/deployment/publish-chain138-open-snap.sh --otp=123456
+#
+# Canonical source repo: https://github.com/Defi-Oracle-Tooling/chain138-snap-minimal
+# Usage: from repo root: ./scripts/deployment/publish-chain138-open-snap.sh [--dry-run] [npm publish args...]
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
+DIR="$ROOT/metamask-integration/chain138-snap-minimal"
+CHAIN138_ENV="$ROOT/metamask-integration/chain138-snap/.env"
+
+if [[ ! -f "$DIR/package.json" ]]; then
+  echo "error: missing $DIR/package.json" >&2
+  exit 1
+fi
+
+# Optional: load npm token from sibling chain138-snap .env (gitignored; do not commit tokens).
+if [[ -f "$CHAIN138_ENV" ]]; then
+  _had_u=0
+  [[ -o nounset ]] && _had_u=1
+  set +u
+  set -a
+  # shellcheck disable=SC1090
+  source "$CHAIN138_ENV"
+  set +a
+  if [[ "$_had_u" -eq 1 ]]; then
+    set -u
+  else
+    set +u
+  fi
+fi
+
+AUTH_TOKEN="${NPM_ACCESS_TOKEN:-${NPM_TOKEN:-}}"
+
+cd "$DIR"
+
+# Quiet the common nvm + npm warning: ~/.npmrc `prefix` vs nvm-managed Node.
+unset npm_config_prefix 2>/dev/null || true
+if [[ -n "${NVM_DIR:-}" && -f "${NVM_DIR}/nvm.sh" ]]; then
+  # shellcheck disable=SC1090
+  source "${NVM_DIR}/nvm.sh" 2>/dev/null || true
+  _nvm_cur="$(nvm current 2>/dev/null || true)"
+  if [[ -n "${_nvm_cur}" && "${_nvm_cur}" != "system" && "${_nvm_cur}" != "none" ]]; then
+    nvm use --delete-prefix "${_nvm_cur}" --silent 2>/dev/null || true
+  fi
+  unset _nvm_cur
+fi
+
+cleanup() {
+  [[ -n "${NPMRC_TMP:-}" && -f "${NPMRC_TMP:-}" ]] && rm -f "$NPMRC_TMP"
+}
+trap cleanup EXIT
+
+if [[ -n "$AUTH_TOKEN" ]]; then
+  echo "Publishing chain138-open-snap from $DIR using registry token from env (prepack runs npm run build)..."
+  NPMRC_TMP="$(mktemp)"
+  printf '//registry.npmjs.org/:_authToken=%s\n' "$AUTH_TOKEN" >"$NPMRC_TMP"
+  npm publish --userconfig "$NPMRC_TMP" "$@"
+else
+  if ! npm whoami >/dev/null 2>&1; then
+    echo "error: not authenticated. Set NPM_ACCESS_TOKEN (see metamask-integration/chain138-snap/.env.example) or run: npm login" >&2
+    exit 1
+  fi
+  echo "Publishing chain138-open-snap from $DIR (logged-in npm user; prepack runs npm run build)..."
+  npm publish "$@"
+fi