brand's release.yml publishes with token auth (NODE_AUTH_TOKEN/NPM_TOKEN), which 404s on the @tangle-network scope (E404 PUT https://registry.npmjs.org/@tangle-network%2fbrand) — confirmed when 0.4.0 + ui 3.0.0 failed at the publish step and had to be recovered with a local changeset publish as drewstone.
sandbox-ui already solved this: its release.yml strips the token and uses OIDC trusted publishing (its own comment notes 'our scoped tokens 404 on this package'). brand + ui need the same migration, else every future brand/ui release fails CI and needs manual recovery.
Fix: mirror sandbox-ui's OIDC publish job (id-token: write permission, no NODE_AUTH_TOKEN, npm trusted publisher configured for the scope).
🤖 Generated with Claude Code
brand's
release.ymlpublishes with token auth (NODE_AUTH_TOKEN/NPM_TOKEN), which 404s on the@tangle-networkscope (E404 PUT https://registry.npmjs.org/@tangle-network%2fbrand) — confirmed when 0.4.0 + ui 3.0.0 failed at the publish step and had to be recovered with a localchangeset publishas drewstone.sandbox-ui already solved this: its
release.ymlstrips the token and uses OIDC trusted publishing (its own comment notes 'our scoped tokens 404 on this package'). brand + ui need the same migration, else every future brand/ui release fails CI and needs manual recovery.Fix: mirror sandbox-ui's OIDC publish job (
id-token: writepermission, no NODE_AUTH_TOKEN, npm trusted publisher configured for the scope).🤖 Generated with Claude Code