diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
index f9fbadb2..57392f6e 100644
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -14,9 +14,11 @@ env:
 jobs:
   publish:
     runs-on: ubuntu-latest
-    # Prefer the npm-only workflow_dispatch path in release.yml. This workflow
-    # works only if npm Trusted Publishing is explicitly configured for
-    # `publish-npm.yml` instead of `release.yml`.
+    # `release.yml` no longer publishes to npm — see CLAUDE.md "Releases" for
+    # the manual flow we actually use. This workflow remains as inert plumbing
+    # that only works if npm Trusted Publishing is configured for it; trigger
+    # via `gh workflow run publish-npm.yml -f version=X.Y.Z` if you've set
+    # that up on the npm side.
     permissions:
       contents: read
       id-token: write
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 274eefda..c24d45d8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -123,59 +123,8 @@ jobs:
           files: artifacts/*/*
           prerelease: false
 
-  publish-npm:
-    needs: release
-    runs-on: ubuntu-latest
-    # Token-based publish (npm classic automation token). The OIDC
-    # Trusted Publisher path was unreliable across v0.5.1/v0.5.2/v0.6.1
-    # (npm returned 404 on PUT despite valid OIDC). Set the `NPM_TOKEN`
-    # repo secret to a granular access token scoped to `deepseek-tui`
-    # with publish permission.
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '24'
-          registry-url: 'https://registry.npmjs.org'
-      - name: Verify package version
-        working-directory: npm/deepseek-tui
-        run: |
-          actual="$(node -p "require('./package.json').version")"
-          expected="${GITHUB_REF_NAME#v}"
-          if [ "${actual}" != "${expected}" ]; then
-            echo "package.json version ${actual} does not match tag ${expected}" >&2
-            exit 1
-          fi
-      - name: Publish wrapper to npm
-        working-directory: npm/deepseek-tui
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npm publish --access public
-
-  publish-npm-manual:
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '24'
-          registry-url: 'https://registry.npmjs.org'
-      - name: Verify package version
-        working-directory: npm/deepseek-tui
-        run: |
-          actual="$(node -p "require('./package.json').version")"
-          expected="${{ inputs.version }}"
-          if [ "${actual}" != "${expected}" ]; then
-            echo "package.json version ${actual} does not match requested ${expected}" >&2
-            exit 1
-          fi
-      - name: Publish wrapper to npm
-        working-directory: npm/deepseek-tui
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npm publish --access public
+# npm publish is intentionally not automated. The npm account requires 2FA OTP
+# on every publish, and a granular automation token that bypasses 2FA has not
+# been provisioned. Release the npm wrapper manually from a developer machine
+# after the GitHub Release has been created — see CLAUDE.md "Releases" for the
+# exact commands.
diff --git a/.gitignore b/.gitignore
index 46181235..db23daca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,6 +40,10 @@ dist/
 outputs/
 tmp/
 
+# Reference papers / large research blobs (keep locally if needed, don't ship)
+docs/DeepSeek_V4.pdf
+docs/*.pdf
+
 # Note: Cargo.lock is intentionally NOT ignored for reproducible builds
 
 # Local dev scripts and temp files
diff --git a/docs/DeepSeek_V4.pdf b/docs/DeepSeek_V4.pdf
deleted file mode 100644
index 23198c9f..00000000
Binary files a/docs/DeepSeek_V4.pdf and /dev/null differ
diff --git a/docs/RELEASE_RUNBOOK.md b/docs/RELEASE_RUNBOOK.md
index df678e96..4e1fa125 100644
--- a/docs/RELEASE_RUNBOOK.md
+++ b/docs/RELEASE_RUNBOOK.md
@@ -136,27 +136,34 @@ release verification script both depend on that checksum manifest.
 
 ## npm Wrapper Release
 
-1. Set the npm package version in [npm/deepseek-tui/package.json](../npm/deepseek-tui/package.json).
+**The npm publish step is manual.** `release.yml` no longer runs `npm publish`
+because the npm account requires 2FA OTP on every publish, and an automation
+token that bypasses 2FA has not been provisioned. The GitHub Release flow
+remains fully automated; only the npm wrapper publish requires a developer
+on a workstation with `npm login` and an authenticator app.
+
+### Steps
+
+1. Set the npm package version in [npm/deepseek-tui/package.json](../npm/deepseek-tui/package.json) to match the workspace `Cargo.toml`. CI's version-drift guard will catch mismatches before tag.
 2. Set `deepseekBinaryVersion` to the GitHub release tag that should supply binaries.
-3. For GitHub Actions publishing, configure npm Trusted Publishing for:
-   - Publisher: GitHub Actions
-   - Repository: `Hmbown/DeepSeek-TUI`
-   - Workflow filename: `release.yml`
-4. If the GitHub release succeeded but npm publishing failed, rerun only npm
-   publication from Actions → Release → Run workflow with the failed version.
-   This keeps npm's single trusted publisher pointed at `release.yml`.
-5. For local manual publication, run:
+3. Push the version bump to `main`. `auto-tag.yml` creates the matching `vX.Y.Z` tag, and `release.yml` builds the binary matrix and drafts the GitHub Release.
+4. **Wait for the GitHub Release to finalize** with all eight signed binaries plus `deepseek-artifacts-sha256.txt`. The npm `prepublishOnly` hook (`scripts/verify-release-assets.js`) requires every asset to be present.
+5. From a developer machine, publish the npm wrapper manually:
 
 ```bash
 cd npm/deepseek-tui
-npm pack
-npm publish
+npm publish --access public
+# (you will be prompted for the npm OTP from your authenticator)
 ```
 
-`prepublishOnly` verifies that all expected release assets and the checksum manifest exist.
-The tag release workflow publishes through npm Trusted Publishing, so it does
-not use `NPM_TOKEN`. npm requires Node 22.14.0+ and npm 11.5.1+ for that OIDC
-path; the workflow uses Node 24.
+### Why not automated?
+
+- `release.yml`'s old `publish-npm` job used `secrets.NPM_TOKEN`, but npm's 2FA-by-default policy means a publish token must be either an automation token with "Bypass 2FA for token authentication" enabled OR an account-level 2FA-disabled state. We don't have either configured.
+- The `publish-npm.yml` workflow remains as inert plumbing for a future move to npm Trusted Publishing (OIDC). It only fires on `workflow_dispatch` and only works once Trusted Publishing is configured for *that* workflow filename on the npm side.
+
+### If you fix the token later
+
+To re-enable automated publish: provision an npm automation token with "Bypass 2FA for token authentication" enabled, store it as repo secret `NPM_TOKEN`, and revert this section's "manual" framing along with re-adding the `publish-npm` job in `release.yml`.
 
 ## Recovery and Rollback