daangn · irrationnelle · Nov 4, 2025 · Nov 4, 2025 · Nov 4, 2025 · Nov 4, 2025
diff --git a/.changeset/gold-ideas-burn.md b/.changeset/gold-ideas-burn.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,6 +12,10 @@ jobs:
   release:
     name: Create PR or release packages
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -69,7 +73,6 @@ jobs:
           publish: yarn changeset publish
           version: yarn changeset:version
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.DAANGNBOT_PAT }}
 
       - name: Continuous release via pkg.pr.new

diff --git a/config/package.json b/config/package.json
@@ -38,7 +38,8 @@
     "ultra-runner": "^3.10.5"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/core/package.json b/core/package.json
@@ -56,7 +56,8 @@
     "ultra-runner": "^3.10.5"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/compat-await-push/package.json b/extensions/compat-await-push/package.json
@@ -47,7 +47,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/link/package.json b/extensions/link/package.json
@@ -63,7 +63,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-basic-ui/package.json b/extensions/plugin-basic-ui/package.json
@@ -56,7 +56,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-devtools/package.json b/extensions/plugin-devtools/package.json
@@ -41,7 +41,8 @@
     "@stackflow/core": "^1.1.0-canary.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-google-analytics-4/package.json b/extensions/plugin-google-analytics-4/package.json
@@ -51,7 +51,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-history-sync/package.json b/extensions/plugin-history-sync/package.json
@@ -88,7 +88,8 @@
     "eagerEsModules": true
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-map-initial-activity/package.json b/extensions/plugin-map-initial-activity/package.json
@@ -43,7 +43,8 @@
     "@stackflow/react": "^1.3.2-canary.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-preload/package.json b/extensions/plugin-preload/package.json
@@ -49,7 +49,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-renderer-basic/package.json b/extensions/plugin-renderer-basic/package.json
@@ -47,7 +47,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-renderer-web/package.json b/extensions/plugin-renderer-web/package.json
@@ -47,7 +47,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/plugin-stack-depth-change/package.json b/extensions/plugin-stack-depth-change/package.json
@@ -42,7 +42,8 @@
     "@stackflow/core": "^1.1.0-canary.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/extensions/react-ui-core/package.json b/extensions/react-ui-core/package.json
@@ -48,7 +48,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/integrations/react/package.json b/integrations/react/package.json
@@ -61,7 +61,8 @@
     "react": ">=16.8.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "ultra": {
     "concurrent": [

diff --git a/packages/esbuild-config/package.json b/packages/esbuild-config/package.json
@@ -15,6 +15,7 @@
     "@vanilla-extract/esbuild-plugin": "^2.3.8"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		---
		---
Comment on lines +1 to +2 Copy link coderabbitai bot Nov 4, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. ⚠️ Potential issue \| 🔴 Critical Changeset file is empty—requires package name and bump type. This changeset file contains only YAML separators but is missing the required structured content. According to the coding guidelines, a Changeset entry is required for any user-facing package change. The PR affects 16 publishable packages across the monorepo by adding `"provenance": true` to their `publishConfig`. The changeset should document these changes with the affected packages and their respective version bump types. A proper changeset should follow this format: --- "@stackflow/config": patch "@stackflow/core": patch "@stackflow/react": patch "@stackflow/extension-link": patch "@stackflow/plugin-history-sync": patch "@stackflow/plugin-previous-stack": patch "@stackflow/plugin-render-effect": patch "@stackflow/react-ui-core": patch "@stackflow/extension-basic-ui": patch "@stackflow/esbuild-config": patch --- Enable provenance attestation for npm packages via OIDC authentication. Updated publishConfig to include `"provenance": true` for cryptographic verification of build and publishing provenance. Also updated the GitHub Actions release workflow to use OIDC-based authentication instead of static npm tokens. Please populate the changeset with the appropriate package names and version bump types (patch/minor/major) based on the semantic versioning impact of these changes. 🧰 Tools 🪛 LanguageTool [grammar] ~1-~1: Hier könnte ein Fehler sein. Context: --- --- (QB_NEW_DE) 🤖 Prompt for AI Agents In .changeset/gold-ideas-burn.md around lines 1 to 2, the changeset is empty; replace the empty frontmatter with a proper changeset listing the affected packages (all set to patch) and add the release note body. Populate the YAML frontmatter with the 16 package names each mapped to patch: "@stackflow/config": patch, "@stackflow/core": patch, "@stackflow/react": patch, "@stackflow/extension-link": patch, "@stackflow/plugin-history-sync": patch, "@stackflow/plugin-previous-stack": patch, "@stackflow/plugin-render-effect": patch, "@stackflow/react-ui-core": patch, "@stackflow/extension-basic-ui": patch, "@stackflow/esbuild-config": patch, "@stackflow/esbuild-plugin-swc": patch, "@stackflow/esbuild-plugin-swc-aot": patch, "@stackflow/esbuild-plugin-swc-react": patch, "@stackflow/cli": patch, "@stackflow/release-workflow": patch, "@stackflow/publish-config": patch; close the frontmatter and add the body text describing enabling provenance attestation via `"provenance": true` in publishConfig, and the GitHub Actions update to OIDC-based authentication.