From b31b6839129deff11806aadaf5faaf053f2dae65 Mon Sep 17 00:00:00 2001
From: hopeatina <hopeatina@gmail.com>
Date: Mon, 13 Apr 2026 22:33:36 -0500
Subject: [PATCH] Fix npm trusted publishing release workflow

---
 .github/workflows/publish.yml | 7 ++++---
 CHANGELOG.md                  | 6 ++++++
 README.md                     | 1 +
 openclaw.plugin.json          | 2 +-
 package-lock.json             | 4 ++--
 package.json                  | 2 +-
 6 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 25976b93..005ead94 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,9 +18,12 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
+      - name: Upgrade npm
+        run: npm install -g npm@latest
+
       - name: Install dependencies
         run: npm ci
 
@@ -32,5 +35,3 @@ jobs:
 
       - name: Publish to NPM
         run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e16d494..48e728c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to `@useorgx/openclaw-plugin` are documented in this file.
 
+## 0.7.32 - 2026-04-13
+
+### Release Management
+- Switched the GitHub release workflow to npm trusted publishing with provenance so releases do not depend on a missing long-lived npm token secret.
+- Patch release bump for npm package, lockfile, and plugin manifest metadata.
+
 ## 0.7.31 - 2026-04-13
 
 ### Release Management
diff --git a/README.md b/README.md
index 6d326ef0..eaf189dd 100644
--- a/README.md
+++ b/README.md
@@ -762,6 +762,7 @@ Not all of the above is accidental. Some context for why the architecture looks
 ## Maintainers: Release to NPM
 
 This repo publishes on GitHub Release via `.github/workflows/publish.yml`.
+The npm package must have trusted publishing configured for this repository and workflow so the release can publish with provenance through GitHub OIDC.
 
 1. Update versions
    - `package.json` version (NPM version)
diff --git a/openclaw.plugin.json b/openclaw.plugin.json
index a0c22ae3..4e2c4270 100644
--- a/openclaw.plugin.json
+++ b/openclaw.plugin.json
@@ -1,7 +1,7 @@
 {
   "id": "orgx",
   "name": "OrgX for OpenClaw",
-  "version": "0.7.31",
+  "version": "0.7.32",
   "description": "Persistent organizational memory and coordinated execution for OpenClaw agents",
   "entry": "./dist/index.js",
   "author": "OrgX Team",
diff --git a/package-lock.json b/package-lock.json
index e4731711..211d8f40 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@useorgx/openclaw-plugin",
-  "version": "0.7.31",
+  "version": "0.7.32",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@useorgx/openclaw-plugin",
-      "version": "0.7.31",
+      "version": "0.7.32",
       "license": "MIT",
       "dependencies": {
         "better-sqlite3": "^11.10.0"
diff --git a/package.json b/package.json
index 16d80d86..47543b95 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@useorgx/openclaw-plugin",
-  "version": "0.7.31",
+  "version": "0.7.32",
   "description": "Persistent organizational memory and coordination for OpenClaw agents",
   "type": "module",
   "main": "./dist/index.js",