From 36943770a25991a04e20a772356fc3f689a0edad Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Thu, 28 May 2026 03:21:03 +0000
Subject: [PATCH] ci(release): switch to npm Trusted Publishing via OIDC

Add id-token: write permission so GitHub Actions can mint short-lived
OIDC tokens for the job, and drop the long-lived NPM_TOKEN env. Each
package must have a Trusted Publisher configured on npm pointing to
MyPrototypeWhat/context-chef and workflow release.yml.

Fixes ERR_PNPM_OTP_NON_INTERACTIVE caused by 2FA "auth and writes"
requiring an OTP that CI cannot provide with a non-automation token.
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e86bcb4..49f9003 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,6 +13,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+      id-token: write
 
     steps:
       - uses: actions/checkout@v4
@@ -42,4 +43,3 @@ jobs:
           commit: 'chore: version packages'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}