useorgx · hopeatina · Apr 14, 2026 · Apr 14, 2026
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -18,11 +18,10 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: '24'
 
-      - name: Upgrade npm
-        run: npm install -g npm@latest
+      - name: Verify npm runtime
+        run: npm --version
 
       - name: Install dependencies
         run: npm ci
@@ -34,4 +33,4 @@ jobs:
         run: npm run build
 
       - name: Publish to NPM
-        run: npm publish --provenance --access public
+        run: npm publish --access public
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to `@useorgx/openclaw-plugin` are documented in this file.
 
+## 0.7.33 - 2026-04-13
+
+### Release Management
+- Switched the publish workflow to Node 24 so the release job uses an npm runtime that supports trusted publishing without a fragile global npm self-upgrade.
+- Removed token-oriented npm registry setup from the release workflow so GitHub OIDC trusted publishing can drive npm authentication.
+- Patch release bump after the `v0.7.32` release workflow failed before publish during the npm upgrade step.
+
 ## 0.7.32 - 2026-04-13
 
 ### Release Management

diff --git a/README.md b/README.md
@@ -762,7 +762,7 @@ Not all of the above is accidental. Some context for why the architecture looks
 ## Maintainers: Release to NPM
 
 This repo publishes on GitHub Release via `.github/workflows/publish.yml`.
-The npm package must have trusted publishing configured for this repository and workflow so the release can publish with provenance through GitHub OIDC.
+The npm package must have trusted publishing configured for this repository and workflow so the Node 24 release job can publish through GitHub OIDC without `NPM_TOKEN`.
 
 1. Update versions
    - `package.json` version (NPM version)
@@ -774,7 +774,7 @@ The npm package must have trusted publishing configured for this repository and
    - `npm run build`
    - Optional: `npm run verify:clean-install`
 3. Publish
-   - Create a GitHub release for the tag (workflow publishes with provenance)
+   - Create a GitHub release for the tag (the workflow publishes through npm trusted publishing)
 4. Smoke test
    - `openclaw plugins install @useorgx/openclaw-plugin@<version>`
    - Verify `http://127.0.0.1:18789/orgx/live` pairing and `http://127.0.0.1:18789/orgx/mcp` MCP bridge

diff --git a/openclaw.plugin.json b/openclaw.plugin.json
@@ -1,7 +1,7 @@
 {
   "id": "orgx",
   "name": "OrgX for OpenClaw",
-  "version": "0.7.32",
+  "version": "0.7.33",
   "description": "Persistent organizational memory and coordinated execution for OpenClaw agents",
   "entry": "./dist/index.js",
   "author": "OrgX Team",

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@useorgx/openclaw-plugin",
-  "version": "0.7.32",
+  "version": "0.7.33",
   "description": "Persistent organizational memory and coordination for OpenClaw agents",
   "type": "module",
   "main": "./dist/index.js",