Summary
Running the l9-repo-preflight remediation loop on a fresh checkout, the only autofix (Gate 6 — install) fails: npm ci cannot install the private dependency @quantum-l9/llm-router@1.0.0 from GitHub Packages because no auth token is available. Without node_modules, the project cannot build, typecheck, or run the pipeline.
Reproduction
$ npm ci
npm warn deprecated prebuild-install@7.1.3: No longer maintained...
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm error code E401
npm error 401 Unauthorized - GET https://npm.pkg.github.com/download/@quantum-l9/llm-router/1.0.0/...
unauthenticated: User cannot be authenticated with the token provided.
Root cause
.npmrc routes the @quantum-l9 scope to GitHub Packages and authenticates via ${NODE_AUTH_TOKEN}:
@quantum-l9:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}
always-auth=true
NODE_AUTH_TOKEN is not set in the preflight/CI-style environment, so the private @quantum-l9/llm-router@1.0.0 dependency (declared in package.json) returns 401.
Impact
npm ci / npm install fails on any environment without NODE_AUTH_TOKEN.
- Downstream
npm run typecheck, npm run pipeline, and npm run validate cannot run — no node_modules.
- Fresh clones and CI runners are blocked until a token with
read:packages on the quantum-l9 org is provided.
Suggested remediation
- Provide
NODE_AUTH_TOKEN (a token/PAT with read:packages on quantum-l9) to local dev and CI environments, and document it in README.md / DEVELOPMENT.md.
- If CI already exposes
GITHUB_TOKEN, map it into the npm auth step (e.g. NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}) provided that token has package read access to the org.
- Optionally add a preflight/setup check that fails fast with a clear message when
NODE_AUTH_TOKEN is unset.
Preflight metadata
- Skill:
l9-repo-preflight v2.0.0, mode applied, 1 iteration
- Gate 6 (install-succeeded): autofix
npm_install → npm ci → rc=1
- Note: the fail-open engine still reported
blocker_count: 0 / ready_after_remediation: true despite the failed install — arguably it should have promoted the persistently failing install backend to a genuine Gate-6 blocker.
Filed from an l9-repo-preflight run.
Summary
Running the
l9-repo-preflightremediation loop on a fresh checkout, the only autofix (Gate 6 — install) fails:npm cicannot install the private dependency@quantum-l9/llm-router@1.0.0from GitHub Packages because no auth token is available. Withoutnode_modules, the project cannot build, typecheck, or run the pipeline.Reproduction
Root cause
.npmrcroutes the@quantum-l9scope to GitHub Packages and authenticates via${NODE_AUTH_TOKEN}:NODE_AUTH_TOKENis not set in the preflight/CI-style environment, so the private@quantum-l9/llm-router@1.0.0dependency (declared inpackage.json) returns 401.Impact
npm ci/npm installfails on any environment withoutNODE_AUTH_TOKEN.npm run typecheck,npm run pipeline, andnpm run validatecannot run — nonode_modules.read:packageson thequantum-l9org is provided.Suggested remediation
NODE_AUTH_TOKEN(a token/PAT withread:packagesonquantum-l9) to local dev and CI environments, and document it inREADME.md/DEVELOPMENT.md.GITHUB_TOKEN, map it into the npm auth step (e.g.NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}) provided that token has package read access to the org.NODE_AUTH_TOKENis unset.Preflight metadata
l9-repo-preflightv2.0.0, modeapplied, 1 iterationnpm_install→npm ci→ rc=1blocker_count: 0 / ready_after_remediation: truedespite the failed install — arguably it should have promoted the persistently failing install backend to a genuine Gate-6 blocker.Filed from an
l9-repo-preflightrun.