fix(agents): replace workspace:* protocol with * for npm ci compatibility#91
Closed
brawlaphant wants to merge 1 commit into
Closed
fix(agents): replace workspace:* protocol with * for npm ci compatibility#91brawlaphant wants to merge 1 commit into
brawlaphant wants to merge 1 commit into
Conversation
…lity
The Agents CI job has been failing on every PR against main with:
npm error code EUNSUPPORTEDPROTOCOL
npm error Unsupported URL Type "workspace:": workspace:*
Root cause: three internal package.json files in agents/packages/*
declared their cross-package dependencies using the `workspace:*`
protocol. That protocol is supported by pnpm and yarn berry but NOT
by npm, and the CI `agents` job runs `npm ci` in `agents/`.
Notably, `agents/package-lock.json` was already in the correct
state — the lockfile records these internal deps as `"*"`, not
`"workspace:*"`. The package.json files were out of sync with the
lockfile, which is exactly the mismatch `npm ci` refuses to
tolerate.
This PR aligns the three package.json files with the lockfile:
agents/packages/agents/package.json
@regen/core: workspace:* → *
@regen/plugin-ledger-mcp: workspace:* → *
@regen/plugin-koi-mcp: workspace:* → *
agents/packages/plugin-koi-mcp/package.json
@regen/core: workspace:* → *
agents/packages/plugin-ledger-mcp/package.json
@regen/core: workspace:* → *
The `*` specifier is the npm-workspaces idiomatic form: when the
root package.json declares `workspaces`, npm resolves internal
dependencies locally rather than hitting the registry. No lockfile
regeneration is needed — the lockfile already encodes the `*`
form.
## Validation
Run in `agents/` on Node 22 locally, matching the CI command:
$ npm ci
added 179 packages, and audited 184 packages in 6s
(no errors)
$ npx tsc --noEmit
(no errors, exit 0)
Both commands that the Agents CI job runs now succeed.
## Scope
Three files, 5 line delta total. Does not touch:
- `agents/package-lock.json` (already correct)
- `agents/package.json` (workspaces array at root is already correct)
- `agents/packages/core/package.json` (no internal deps)
- Any TypeScript source
- Any CI workflow
- Lands in: `agents/packages/*/package.json`
- Changes: replace 5 `workspace:*` specifiers with `*` so `npm ci` can parse them
- Validate: `cd agents && npm ci && npx tsc --noEmit`
brawlaphant
added a commit
to brawlaphant/agentic-tokenomics
that referenced
this pull request
Apr 11, 2026
…sm-size)
Two pre-existing bugs in the CI workflow YAMLs have been producing
red check marks on every PR regardless of the content. This PR
fixes both.
## Bug 1: `verify-specs` runs `npm ci` at a root with no lockfile
The `Verify Specs` job in `.github/workflows/ci.yml` runs:
- name: Install root dependencies
run: npm ci
The repository root has a `package.json` (declaring only `scripts`,
zero dependencies), but **no `package-lock.json`**. `npm ci`
strictly requires a lockfile even when there is nothing to install:
npm error code EUSAGE
npm error The `npm ci` command can only install with an existing
npm error package-lock.json or npm-shrinkwrap.json with
npm error lockfileVersion >= 1.
The `Run verify script` step only calls `node scripts/verify.mjs`,
and that script only imports `node:fs`, `node:path`, and
`node:child_process`. No external dependencies are involved.
**Fix:** remove the `Install root dependencies` step entirely. It
was never doing any work, and the job now runs `node scripts/
verify.mjs` directly against the repository.
## Bug 2: `wasm-size` can't substitute multi-line report into JS
The `Report WASM Binary Sizes` job in `.github/workflows/
wasm-size.yml` uses `actions/github-script@v7` to post a PR
comment. The script is passed the multi-line WASM size report via
GitHub Actions template substitution:
script: |
...
'${{ steps.sizes.outputs.report }}',
...
GitHub Actions substitutes the value directly into the JavaScript
source text BEFORE execution. The report is a multi-line Markdown
table (one line per contract). When the substituted text is
dropped into a JavaScript single-quoted string literal, the
literal ends at the first newline and the remaining lines become
invalid JavaScript:
SyntaxError: Invalid or unexpected token
at new AsyncFunction (<anonymous>)
...
**Fix:** pass the report via an environment variable instead.
`actions/github-script` exposes the job's `env:` map to the
script via `process.env`, so the multi-line string survives as
an opaque runtime value. The script reads
`process.env.REPORT || '(no report)'` and uses it as-is. This
pattern is the one the `actions/github-script` docs recommend
for untrusted or multi-line inputs.
## Scope
Two YAML files, ~14 line delta total. Does not touch any
TypeScript, Rust, or reference-impl code.
## Validation
- Bug 1 validated by running `node scripts/verify.mjs` from the
repo root — exits 0 with "agentic-tokenomics verify: PASS".
The fix removes the broken step; no alternative to test
because the script never needed dependencies.
- Bug 2 cannot be end-to-end validated locally (it requires a
real PR to post a comment), but the JavaScript change is
mechanical: `'${{ output }}'` →
`process.env.REPORT || '(no report)'`. The env var is set via
the `env:` map which `actions/github-script@v7` documents as
the canonical way to pass multi-line/rich values.
## Related
Part of the CI-repair sweep alongside regen-network#90 (contracts clippy + 3
orphaned workspace members) and regen-network#91 (`agents/` workspace:*
protocol). Together these three PRs should clear every CI failure
on every open PR.
- Lands in: `.github/workflows/ci.yml`, `.github/workflows/wasm-size.yml`
- Changes: remove broken `npm ci` in verify-specs; pass wasm-size report via env var
- Validate: `node scripts/verify.mjs` (bug 1); wasm-size bug 2 runs end-to-end on this PR's CI
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the dependency versioning in several package.json files within the agents workspace, changing the version specifiers for @regen/core, @regen/plugin-ledger-mcp, and @regen/plugin-koi-mcp from workspace:* to *. I have no feedback to provide.
brawlaphant
added a commit
to brawlaphant/agentic-tokenomics
that referenced
this pull request
Apr 13, 2026
Combines three independent fixes that each need the others to produce
a fully green CI run:
1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
redundant closures, op_ref on Uint128, manual_range_contains,
unnecessary_map_or. Refactor too_many_arguments into param structs
for credit-class-voting, contribution-rewards, service-escrow.
Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
validator-governance) into the workspace so cargo clippy --workspace
actually lints them.
2. Agents (Node) — replace workspace:* protocol with * in agent
package.json files. npm ci on GitHub Actions doesn't support the
workspace: protocol (pnpm-only feature).
3. Verify Specs — remove the npm ci step that fails because the root
package.json has no lock file. The verify scripts only import
built-in node:* modules, so no install is needed.
4. WASM Size Report — pass multi-line report through env var instead
of inline ${{ }} substitution which breaks JS string literals.
Supersedes PRs regen-network#90, regen-network#91, regen-network#92 which each fix one job but fail the others.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
5 tasks
Contributor
Author
4 tasks
glandua
pushed a commit
that referenced
this pull request
Apr 25, 2026
* fix: resolve all 4 CI job failures on main
Combines three independent fixes that each need the others to produce
a fully green CI run:
1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
redundant closures, op_ref on Uint128, manual_range_contains,
unnecessary_map_or. Refactor too_many_arguments into param structs
for credit-class-voting, contribution-rewards, service-escrow.
Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
validator-governance) into the workspace so cargo clippy --workspace
actually lints them.
2. Agents (Node) — replace workspace:* protocol with * in agent
package.json files. npm ci on GitHub Actions doesn't support the
workspace: protocol (pnpm-only feature).
3. Verify Specs — remove the npm ci step that fails because the root
package.json has no lock file. The verify scripts only import
built-in node:* modules, so no install is needed.
4. WASM Size Report — pass multi-line report through env var instead
of inline ${{ }} substitution which breaks JS string literals.
Supersedes PRs #90, #91, #92 which each fix one job but fail the others.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(wasm-size): mark comment-on-PR step as continue-on-error
PRs opened from forks run with a read-only GITHUB_TOKEN (GitHub
security policy), so the Comment on PR step returns 403 and fails
the job. The WASM build itself already succeeded — the report is
informational only, not a merge gate.
With continue-on-error the comment attempts to post (works on
branches inside the base repo) but won't fail the check when it
can't (fork PRs). That lets fork PRs show a fully green CI run
instead of a red check for a non-blocking reason.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(agents): pin internal @regen/* deps to ^0.1.0 for reproducible installs
Replace "*" with "^0.1.0" for the three internal workspace deps. The
original workaround was just to escape the workspace:* protocol that
npm ci rejects, and "*" does that — but it also matches any future
version, so an accidental major bump inside the workspace would still
resolve. Pinning to ^0.1.0 keeps the workspace-resolution behavior
(all three packages are versioned 0.1.0, private:true) while giving
npm ci a stable range to lock against.
Addresses Gemini review on fix/ci-green-all-jobs:
- agents/packages/agents/package.json:8-10
- agents/packages/plugin-koi-mcp/package.json:9
- agents/packages/plugin-ledger-mcp/package.json:9
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: brawlaphant <brawlaphant@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The `Agents` CI job has been failing on every PR against `main` with `npm error code EUNSUPPORTEDPROTOCOL / Unsupported URL Type "workspace:": workspace:`. Root cause: three internal `package.json` files used the `workspace:` protocol (pnpm/yarn syntax), but CI runs plain `npm ci` which does not recognize it. The existing `agents/package-lock.json` is already in the correct state — it records these internal deps as `""`, not `"workspace:"`. This PR aligns the package.json files with the lockfile.
The fix
Five specifiers across three files:
The `` specifier is the npm-workspaces idiomatic form: when the root `agents/package.json` declares a `workspaces` array (it already does), npm resolves internal dependencies locally by name rather than hitting the registry. No lockfile regeneration is needed — the lockfile already encodes the `` form, which means someone regenerated it at some point but never updated the individual package.json files.
Validation
Run in `agents/` on Node 22 locally, matching the exact CI commands:
```
$ npm ci
added 179 packages, and audited 184 packages in 6s
(no errors)
$ npx tsc --noEmit
(no errors, exit 0)
```
Both commands that the `Agents` CI job runs now succeed. This PR and #90 together should turn the whole PR queue's CI green.
Scope
Three files, 5 line delta total. Does not touch:
Related
This is the second half of a two-PR CI fix. The first half (#90) repairs contracts CI (clippy + 3 orphaned workspace members). Together they close out the pre-existing CI breakage that's been blocking every PR.