fix(ci): repair two pre-existing workflow failures (verify-specs + wasm-size)#92
Closed
brawlaphant wants to merge 1 commit into
Closed
Conversation
…sm-size)
Two pre-existing bugs in the CI workflow YAMLs have been producing
red check marks on every PR regardless of the content. This PR
fixes both.
## Bug 1: `verify-specs` runs `npm ci` at a root with no lockfile
The `Verify Specs` job in `.github/workflows/ci.yml` runs:
- name: Install root dependencies
run: npm ci
The repository root has a `package.json` (declaring only `scripts`,
zero dependencies), but **no `package-lock.json`**. `npm ci`
strictly requires a lockfile even when there is nothing to install:
npm error code EUSAGE
npm error The `npm ci` command can only install with an existing
npm error package-lock.json or npm-shrinkwrap.json with
npm error lockfileVersion >= 1.
The `Run verify script` step only calls `node scripts/verify.mjs`,
and that script only imports `node:fs`, `node:path`, and
`node:child_process`. No external dependencies are involved.
**Fix:** remove the `Install root dependencies` step entirely. It
was never doing any work, and the job now runs `node scripts/
verify.mjs` directly against the repository.
## Bug 2: `wasm-size` can't substitute multi-line report into JS
The `Report WASM Binary Sizes` job in `.github/workflows/
wasm-size.yml` uses `actions/github-script@v7` to post a PR
comment. The script is passed the multi-line WASM size report via
GitHub Actions template substitution:
script: |
...
'${{ steps.sizes.outputs.report }}',
...
GitHub Actions substitutes the value directly into the JavaScript
source text BEFORE execution. The report is a multi-line Markdown
table (one line per contract). When the substituted text is
dropped into a JavaScript single-quoted string literal, the
literal ends at the first newline and the remaining lines become
invalid JavaScript:
SyntaxError: Invalid or unexpected token
at new AsyncFunction (<anonymous>)
...
**Fix:** pass the report via an environment variable instead.
`actions/github-script` exposes the job's `env:` map to the
script via `process.env`, so the multi-line string survives as
an opaque runtime value. The script reads
`process.env.REPORT || '(no report)'` and uses it as-is. This
pattern is the one the `actions/github-script` docs recommend
for untrusted or multi-line inputs.
## Scope
Two YAML files, ~14 line delta total. Does not touch any
TypeScript, Rust, or reference-impl code.
## Validation
- Bug 1 validated by running `node scripts/verify.mjs` from the
repo root — exits 0 with "agentic-tokenomics verify: PASS".
The fix removes the broken step; no alternative to test
because the script never needed dependencies.
- Bug 2 cannot be end-to-end validated locally (it requires a
real PR to post a comment), but the JavaScript change is
mechanical: `'${{ output }}'` →
`process.env.REPORT || '(no report)'`. The env var is set via
the `env:` map which `actions/github-script@v7` documents as
the canonical way to pass multi-line/rich values.
## Related
Part of the CI-repair sweep alongside regen-network#90 (contracts clippy + 3
orphaned workspace members) and regen-network#91 (`agents/` workspace:*
protocol). Together these three PRs should clear every CI failure
on every open PR.
- Lands in: `.github/workflows/ci.yml`, `.github/workflows/wasm-size.yml`
- Changes: remove broken `npm ci` in verify-specs; pass wasm-size report via env var
- Validate: `node scripts/verify.mjs` (bug 1); wasm-size bug 2 runs end-to-end on this PR's CI
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
brawlaphant
added a commit
to brawlaphant/agentic-tokenomics
that referenced
this pull request
Apr 13, 2026
Combines three independent fixes that each need the others to produce
a fully green CI run:
1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
redundant closures, op_ref on Uint128, manual_range_contains,
unnecessary_map_or. Refactor too_many_arguments into param structs
for credit-class-voting, contribution-rewards, service-escrow.
Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
validator-governance) into the workspace so cargo clippy --workspace
actually lints them.
2. Agents (Node) — replace workspace:* protocol with * in agent
package.json files. npm ci on GitHub Actions doesn't support the
workspace: protocol (pnpm-only feature).
3. Verify Specs — remove the npm ci step that fails because the root
package.json has no lock file. The verify scripts only import
built-in node:* modules, so no install is needed.
4. WASM Size Report — pass multi-line report through env var instead
of inline ${{ }} substitution which breaks JS string literals.
Supersedes PRs regen-network#90, regen-network#91, regen-network#92 which each fix one job but fail the others.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Apr 13, 2026
Contributor
Author
glandua
pushed a commit
that referenced
this pull request
Apr 25, 2026
* fix: resolve all 4 CI job failures on main
Combines three independent fixes that each need the others to produce
a fully green CI run:
1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
redundant closures, op_ref on Uint128, manual_range_contains,
unnecessary_map_or. Refactor too_many_arguments into param structs
for credit-class-voting, contribution-rewards, service-escrow.
Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
validator-governance) into the workspace so cargo clippy --workspace
actually lints them.
2. Agents (Node) — replace workspace:* protocol with * in agent
package.json files. npm ci on GitHub Actions doesn't support the
workspace: protocol (pnpm-only feature).
3. Verify Specs — remove the npm ci step that fails because the root
package.json has no lock file. The verify scripts only import
built-in node:* modules, so no install is needed.
4. WASM Size Report — pass multi-line report through env var instead
of inline ${{ }} substitution which breaks JS string literals.
Supersedes PRs #90, #91, #92 which each fix one job but fail the others.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(wasm-size): mark comment-on-PR step as continue-on-error
PRs opened from forks run with a read-only GITHUB_TOKEN (GitHub
security policy), so the Comment on PR step returns 403 and fails
the job. The WASM build itself already succeeded — the report is
informational only, not a merge gate.
With continue-on-error the comment attempts to post (works on
branches inside the base repo) but won't fail the check when it
can't (fork PRs). That lets fork PRs show a fully green CI run
instead of a red check for a non-blocking reason.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(agents): pin internal @regen/* deps to ^0.1.0 for reproducible installs
Replace "*" with "^0.1.0" for the three internal workspace deps. The
original workaround was just to escape the workspace:* protocol that
npm ci rejects, and "*" does that — but it also matches any future
version, so an accidental major bump inside the workspace would still
resolve. Pinning to ^0.1.0 keeps the workspace-resolution behavior
(all three packages are versioned 0.1.0, private:true) while giving
npm ci a stable range to lock against.
Addresses Gemini review on fix/ci-green-all-jobs:
- agents/packages/agents/package.json:8-10
- agents/packages/plugin-koi-mcp/package.json:9
- agents/packages/plugin-ledger-mcp/package.json:9
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: brawlaphant <brawlaphant@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two pre-existing bugs in the CI workflow YAMLs have been producing red check marks on every PR regardless of content. This PR fixes both with a ~14 line diff across two YAML files.
Bug 1: `verify-specs` runs `npm ci` at a root with no lockfile
`.github/workflows/ci.yml` verify-specs job runs:
```yaml
run: npm ci
```
The repository root has a `package.json` (declaring only `scripts`, zero dependencies) and no `package-lock.json`. `npm ci` strictly requires a lockfile even when there's nothing to install:
```
npm error code EUSAGE
npm error The `npm ci` command can only install with an existing
npm error package-lock.json or npm-shrinkwrap.json with
npm error lockfileVersion >= 1.
```
The actual work in this job is `node scripts/verify.mjs`, which only imports `node:fs`, `node:path`, and `node:child_process`. No external dependencies. Fix: remove the step entirely.
Bug 2: `wasm-size` can't substitute a multi-line report into a JS string literal
`.github/workflows/wasm-size.yml` uses `actions/github-script@v7` with this pattern:
```yaml
script: |
...
'${{ steps.sizes.outputs.report }}',
...
```
GitHub Actions substitutes the value into the JavaScript source text before execution. The report is a multi-line Markdown table (one row per contract). When the multi-line text is inlined into a JavaScript single-quoted string literal, the literal ends at the first newline and everything after becomes invalid JS:
```
SyntaxError: Invalid or unexpected token
at new AsyncFunction ()
...
```
Fix: pass the report via an `env:` map instead of template substitution. `actions/github-script` exposes the job's env to the script via `process.env`, so the multi-line string survives as an opaque runtime value:
```diff
uses: actions/github-script@v7
with:
script: |
...
```
This is the pattern `actions/github-script` documents for untrusted or multi-line inputs.
Scope
Two YAML files. No TypeScript, no Rust, no reference-impl changes.
Related
Part of the CI-repair sweep alongside #90 (contracts clippy + 3 orphaned workspace members) and #91 (`agents/` `workspace:*` protocol). Together these three PRs should clear every CI failure on every open PR.