ci(npm-publish): add environment: production to publish job (fix OIDC ENEEDAUTH)

[jaysin586]

Problem

Publish run 28196102507 built the tarball, bumped the version, and created the release — then Publish failed with:

npm error code ENEEDAUTH
npm error need auth This command requires you to be logged in to https://registry.npmjs.org/

Root cause

The npm Trusted Publisher for this package is configured for the production environment (Settings → Trusted Publisher: npm-publish.yml, env production). But the publish-github-packages job was missing environment: production, so the OIDC token GitHub minted carried no matching environment claim and npm rejected the trusted publish.

This was config drift — every other repo in the fleet already declares environment: production on its publish job; this is the only one that didn't.

Fix

Add environment: production to the publish-github-packages job (one line). No other change.

Note

main already has a Bump version to v0.1.3 commit from the failed run (the README ecosystem footer landed fine). The failed run's cleanup removed the git tag + GitHub release but not the commit, so the next successful publish will land as 0.1.4 and 0.1.3 will be skipped on npm — harmless.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 74bee571-8123-4720-8244-140ea8ac5d07

📥 Commits

Reviewing files that changed from the base of the PR and between 413c46c and 81ce7c0.

📒 Files selected for processing (1)

• .github/workflows/npm-publish.yml

---

📝 Walkthrough

Walkthrough

The npm publish workflow now sets the publish-github-packages job to use the production environment.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the workflow change and the OIDC publish failure it fixes.
Description check	✅ Passed	The description is directly related to the change and explains the production environment fix clearly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands.}