fix(ci): use NPM_TOKEN secret for npm publish auth#15
Merged
jrusso1020 merged 1 commit intomainfrom Mar 23, 2026
Merged
Conversation
jrusso1020
force-pushed
the
fix/publish-npm-token
branch
from
c65fd6f to
3fe9267
Compare
2 tasks
miguel-heygen
added a commit
that referenced
this pull request
Apr 7, 2026
## Summary Adds critical rendering constraints to the `hyperframes` skill discovered from eval analysis of 27 agent-generated compositions. These guardrails prevent agents from producing compositions that technically work but render poorly. ## What it fixes | Rule Added | Eval Prompts Affected | Issue | | --- | --- | --- | | Ban `repeat: -1` | #20 loading-spinner (2.0/5) | Infinite timeline broke capture engine | | Ban async timeline construction | #16 particle-logo (2.6/5) | Timeline empty at capture time | | Min font size 16px (labels), 20px (body) | #7, #8, #13, #14, #15, #19 | Illegible text after encoding | | Ban full-screen dark linear gradients | #3, #5, #10, #14 | H.264 color banding | | `<link>` fonts over CSS `@import` | #7, #24 | Font loading race conditions | ## Changes - **Rules section**: Added `repeat: -1` ban, async timeline ban, items 8-9 to "Never do" list - **Typography section**: Expanded font size guidance with specific minimums per text role (headlines, body, labels) - **New "Backgrounds and Color" section**: Guidance on avoiding gradient banding - **Output Checklist**: 5 new items covering all new constraints ## Test plan - [ ] Run eval with updated skill and compare avg quality scores - [x] Skill renders correctly in `/hyperframes` invocation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Fix publish workflow — use Node.js 24 instead of 22 for npm trusted publishing.
Why
npm Trusted Publishing (OIDC) requires npm CLI >= 11.5.1. Node.js 22 ships with npm v10, which doesn't support the OIDC handshake. When the handshake fails, npm treats the request as anonymous and returns a misleading 404.
Node.js 24 ships with npm v11, which supports trusted publishing natively.
How
node-version: 22→node-version: 24in the publish workflow onlyNPM_TOKEN/NODE_AUTH_TOKENworkaround (not needed with OIDC)References
Test plan
v0.1.1tag and re-push to test publish