From 4d21fbca7bff330b0d206fde387bfcad3f39c6c1 Mon Sep 17 00:00:00 2001
From: johnxie <john@taskade.com>
Date: Tue, 9 Jun 2026 12:35:44 -0700
Subject: [PATCH] fix(ci): upgrade npm for OIDC trusted publishing (needs >=
 11.5.1)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Node 22 bundles npm 10.x, which signs provenance but cannot perform the
trusted-publishing token exchange — every CI publish has failed with npm's
E404-on-PUT (force-release.yml has never had a successful run; 0.0.3 was
evidently published manually). Add 'npm install -g npm@latest' to both
release workflows before publishing.

Note: npmjs.com-side trusted-publisher config (package Settings → Publishing
access → GitHub Actions: taskade/mcp + workflow file) must also exist for
both packages — that part is a web-UI action for a package owner.
---
 .github/workflows/force-release.yml | 4 ++++
 .github/workflows/release.yml       | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/force-release.yml b/.github/workflows/force-release.yml
index f662d50..fc62c4c 100644
--- a/.github/workflows/force-release.yml
+++ b/.github/workflows/force-release.yml
@@ -21,6 +21,10 @@ jobs:
           node-version: 22
           registry-url: "https://registry.npmjs.org"
 
+      # npm OIDC trusted publishing requires npm >= 11.5.1; Node 22 bundles npm 10.x.
+      - name: Upgrade npm for trusted publishing
+        run: npm install -g npm@latest && npm --version
+
       - name: Install dependencies
         run: yarn install
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1a48c09..1da8397 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -27,6 +27,12 @@ jobs:
           node-version: 22
           registry-url: "https://registry.npmjs.org"
 
+      # npm OIDC trusted publishing requires npm >= 11.5.1; Node 22 bundles npm 10.x,
+      # which signs provenance but cannot do the trusted-publishing token exchange
+      # (publish then fails with E404-on-PUT).
+      - name: Upgrade npm for trusted publishing
+        run: npm install -g npm@latest && npm --version
+
       - name: Install dependencies
         run: yarn install