chore(publish): remove trusted publishing diagnostics

.github/workflows/publish.yaml

@@ -56,85 +56,6 @@ jobs:
         run: |
           # npm trusted publishing requires Node >= 22.14.0 and npm >= 11.5.1.
           npm install --global npm@11.6.2
-          echo "Node: $(node --version)"
-          echo "npm: $(npm --version)"
-
-      - name: Debug npm auth config surface
-        run: |
-          USERCONFIG=$(npm config get userconfig)
-          echo "npm userconfig: $USERCONFIG"
-          if [ -f "$USERCONFIG" ]; then
-            if rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" >/dev/null 2>&1; then
-              echo "npm userconfig contains registry auth-related entries"
-              rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" | sed -E 's/(_authToken=).*/\1***MASKED***/'
-            else
-              echo "npm userconfig has no registry auth-related entries"
-            fi
-          else
-            echo "npm userconfig file not found"
-          fi
-
-      - name: Debug trusted publishing identity
-        run: |
-          echo "GitHub workflow context:"
-          echo "  repository: ${{ github.repository }}"
-          echo "  repository_owner: ${{ github.repository_owner }}"
-          echo "  ref: ${{ github.ref }}"
-          echo "  event_name: ${{ github.event_name }}"
-          echo "  workflow: ${{ github.workflow }}"
-          echo "  workflow_ref: ${{ github.workflow_ref }}"
-          echo "  actor: ${{ github.actor }}"
-          echo "  selected_channel: ${{ inputs.channel || 'n/a' }}"
-          echo "  selected_bump: ${{ inputs.bump || 'n/a' }}"
-          if [ "${NODE_AUTH_TOKEN+x}" = "x" ]; then
-            if [ -n "$NODE_AUTH_TOKEN" ]; then
-              echo "  node_auth_token_state: set-nonempty"
-            else
-              echo "  node_auth_token_state: set-empty"
-            fi
-          else
-            echo "  node_auth_token_state: unset"
-          fi
-
-          WORKFLOW_FILE=$(node -e "
-            const ref = process.argv[1] || '';
-            const match = ref.match(/\.github\/workflows\/([^@]+)@/);
-            process.stdout.write(match ? match[1] : '');
-          " "${{ github.workflow_ref }}")
-          echo "  workflow_filename_for_npm: ${WORKFLOW_FILE:-unknown}"
-
-          echo "OIDC claims (sanitized):"
-          RESPONSE=$(curl -fsS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=npm:registry.npmjs.org")
-          ID_TOKEN=$(node -e "
-            const fs = require('fs');
-            const data = JSON.parse(fs.readFileSync(0, 'utf8'));
-            process.stdout.write(data.value || '');
-          " <<<"$RESPONSE")
-
-          node -e "
-            const token = process.argv[1];
-            if (!token) {
-              console.log(JSON.stringify({ error: 'missing_id_token' }, null, 2));
-              process.exit(0);
-            }
-            const payloadPart = token.split('.')[1] || '';
-            const padded = payloadPart.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat((4 - (payloadPart.length % 4)) % 4);
-            const claims = JSON.parse(Buffer.from(padded, 'base64').toString('utf8'));
-            const out = {
-              iss: claims.iss,
-              sub: claims.sub,
-              aud: claims.aud,
-              repository: claims.repository,
-              repository_owner: claims.repository_owner,
-              workflow: claims.workflow,
-              workflow_ref: claims.workflow_ref,
-              job_workflow_ref: claims.job_workflow_ref,
-              ref: claims.ref,
-              environment: claims.environment || null,
-              runner_environment: claims.runner_environment || null,
-            };
-            console.log(JSON.stringify(out, null, 2));
-          " "$ID_TOKEN"
 
       - name: Configure git user
         if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
@@ -175,17 +96,6 @@ jobs:
         if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
         run: 'npm version ${{ inputs.bump }} -m "chore(release): v%s [skip ci]"'
 
-      - name: Debug publish target and registry state
-        run: |
-          echo "Local package target:"
-          node -e "
-            const pkg = require('./package.json');
-            console.log(JSON.stringify({ name: pkg.name, version: pkg.version }, null, 2));
-          "
-
-          echo "Registry package view (bmad-method):"
-          npm view bmad-method name version dist-tags --json || true
-
       - name: Publish prerelease to npm
         if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.channel == 'next')
         run: npm publish --tag next --provenance
@@ -194,26 +104,6 @@ jobs:
         if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
         run: npm publish --tag latest --provenance
 
-      - name: Print npm debug logs
-        if: always()
-        run: |
-          LOG_DIR="$HOME/.npm/_logs"
-          echo "npm log directory: $LOG_DIR"
-          ls -la "$LOG_DIR" || true
-
-          found=0
-          for file in "$LOG_DIR"/*-debug-0.log; do
-            [ -e "$file" ] || continue
-            found=1
-            echo "::group::npm-debug $(basename "$file")"
-            cat "$file"
-            echo "::endgroup::"
-          done
-
-          if [ "$found" -eq 0 ]; then
-            echo "No npm *-debug-0.log files found."
-          fi
-
       - name: Push version commit and tag
         if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
         run: git push origin main --follow-tags