BrianCLong · BrianCLong · Mar 29, 2026 · Mar 30, 2026
@@ -20,7 +20,7 @@ jobs:
         run: |
           corepack enable
           pnpm -v || npm i -g pnpm
-          pnpm install --ignore-scripts --frozen-lockfile || npm ci --ignore-scripts
+          pnpm install --ignore-scripts --frozen-lockfile || pnpm install --ignore-scripts
       - name: Prettier + ESLint (safe fixes)
         run: |
           npx --yes prettier . -w || true

@@ -21,7 +21,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Semantic Release
         run: npx semantic-release

@@ -354,7 +354,7 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Verify governance docs
-        run: pnpm ci:docs-governance
+        run: ppnpm install:docs-governance
 
       - name: Upload governance docs integrity report
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
@@ -541,7 +541,7 @@ jobs:
       - name: Check branch protection drift
         env:
           GH_TOKEN: ${{ secrets.BRANCH_PROTECTION_READ_TOKEN }}
-        run: pnpm ci:branch-protection:check
+        run: ppnpm install:branch-protection:check
 
       - name: Upload drift artifacts
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6

@@ -613,7 +613,7 @@ jobs:
           JWT_REFRESH_SECRET=weaksecret2 \
           DATABASE_URL=postgresql://summit:devpassword@localhost:5432/summit_dev \
           CORS_ORIGIN=* \
-          pnpm ci:prod-guard
+          ppnpm install:prod-guard
           exit_code=$?
 
           if [ "$exit_code" -eq 0 ]; then

@@ -309,7 +309,7 @@ jobs:
       - name: Verify Workspace Boundary
         run: node scripts/ci/verify_workspace_boundary.mjs
       - name: Verify governance docs
-        run: pnpm ci:docs-governance
+        run: ppnpm install:docs-governance
 
   soc-controls:
     name: SOC Controls (ci-pr)

@@ -65,7 +65,7 @@ jobs:
             ${{ runner.os }}-npm-
 
       - name: Install dependencies
-        run: npm ci --prefer-offline --no-audit
+        run: pnpm install --prefer-offline --no-audit
 
       - name: Run linting
         run: npm run lint --if-present

@@ -26,7 +26,7 @@ jobs:
       - name: Install, Lint, Typecheck, and Build
         if: ${{ steps.changes.outputs.client == 'true' || steps.changes.outputs.server == 'true' }}
         run: |
-          npm ci
+          pnpm install
           npm run lint
           npm run typecheck
           npm run build

@@ -29,7 +29,7 @@ jobs:
 <<<<<<< HEAD
           node-version: 24
           cache: 'npm'
-      - run: npm ci
+      - run: pnpm install
 =======
           fetch-depth: 0
       - name: Verify no merge conflict markers in changed files
@@ -69,7 +69,7 @@ jobs:
 <<<<<<< HEAD
           node-version: 24
           cache: 'npm'
-      - run: npm ci
+      - run: pnpm install
       - run: npm run lint
 =======
           version: 9.15.4
@@ -98,7 +98,7 @@ jobs:
 <<<<<<< HEAD
           node-version: 24
           cache: 'npm'
-      - run: npm ci
+      - run: pnpm install
       - run: npm run typecheck
 
   unit:
@@ -110,7 +110,7 @@ jobs:
         with:
           node-version: 24
           cache: 'npm'
-      - run: npm ci
+      - run: pnpm install
       - run: npm test -- --ci --reporters=default --reporters=jest-junit
 =======
           version: 9.15.4
@@ -139,7 +139,7 @@ jobs:
 <<<<<<< HEAD
       - uses: actions/setup-node@v4
         with: { node-version: 24, cache: 'npm' }
-      - run: npm ci
+      - run: pnpm install
       - run: npm run --workspace gateway/policy-lac policy:lint
       - run: npm run --workspace gateway/policy-lac policy:sim:read
       - run: npm run --workspace gateway/policy-lac policy:sim:export
@@ -153,7 +153,7 @@ jobs:
         with:
           node-version: 24
           cache: 'npm'
-      - run: npm ci
+      - run: pnpm install
       - run: npx playwright install --with-deps
       - run: npm run e2e
 
@@ -163,7 +163,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: grafana/setup-k6-action@v1
-      - run: npm ci
+      - run: pnpm install
       - name: Run k6 smoke (policy hot path)
         run: k6 run k6/policy-hot-path.js
 
@@ -176,7 +176,7 @@ jobs:
         with:
           cache: 'pnpm'
           node-version: 24
-      - run: npm ci
+      - run: pnpm install
       - name: Generate SBOM (CycloneDX)
         run: npx @cyclonedx/cyclonedx-npm --spec-version 1.5 --output-file sbom.json
 =======

@@ -18,7 +18,7 @@ jobs:
           cache: 'pnpm'
           node-version: 24
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
       - name: Install Playwright browsers
         run: npx playwright install --with-deps
       - name: Capture screenshots

@@ -83,8 +83,8 @@ jobs:
 
       - name: Install dependencies
         run: |
-          npm ci --prefix client || true
-          npm ci --prefix server || true
+          pnpm install --prefix client || true
+          pnpm install --prefix server || true
 
       - name: Install Playwright with browsers
         run: |

@@ -86,7 +86,7 @@ jobs:
 
       - name: Install dependencies
         run: |
-          npm ci
+          pnpm install
           pip install numpy scikit-learn hdbscan jaro-winkler
 
       - name: Wait for services

@@ -22,7 +22,7 @@ jobs:
       - name: Install Dependencies
         run: |
           cd server
-          npm ci
+          pnpm install
 
       - name: Lint
         run: |

@@ -129,7 +129,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Run ESLint
         run: npm run lint
@@ -149,7 +149,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Run Unit Tests
         run: npm run test

@@ -28,7 +28,7 @@ jobs:
           node-version: '24'
           cache: 'npm'
           cache-dependency-path: ${{ inputs.working-directory }}/package-lock.json
-      - run: npm ci
+      - run: pnpm install
       - run: npm test
       - run: npm run lint
 

@@ -69,7 +69,7 @@ jobs:
           cache: 'npm'
 
       - name: Install benchmark dependencies
-        run: npm ci
+        run: pnpm install
         working-directory: benchmarks/graph
 
       - name: Wait for Neo4j to be ready

@@ -11,6 +11,6 @@ jobs:
         if: ${{ hashFiles('pnpm-lock.yaml') != '' }}
       - name: Verify npm/yarn/pnpm lockfile
         run: |
-          if [ -f package-lock.json ]; then npm ci --ignore-scripts; fi
+          if [ -f package-lock.json ]; then pnpm install --ignore-scripts; fi
           if [ -f yarn.lock ]; then corepack enable && yarn --immutable; fi
           if [ -f pnpm-lock.yaml ]; then pnpm i --frozen-lockfile; fi
@@ -59,7 +59,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Run bulk import for batch ${{ matrix.batch }}
         env:

@@ -53,7 +53,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Build application
         run: npm run build --if-present
@@ -103,7 +103,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Build application
         run: npm run build --if-present
@@ -157,7 +157,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Build application
         run: npm run build --if-present
@@ -228,7 +228,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Build application
         run: npm run build --if-present
@@ -292,7 +292,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Build and start server
         run: |

@@ -10,7 +10,7 @@ jobs:
           version: 9.15.4.0.0
       - uses: actions/setup-node@v4
         with: { node-version: '24' , cache: 'pnpm' }
-      - run: npm ci || true
+      - run: pnpm install || true
       - run: npx jest tests/contract/pact/policyPack.pact.test.ts || true
       - uses: actions/upload-artifact@v4
         with: { name: pact-pacts, path: pact/pacts }
@@ -19,7 +19,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci || npm install
+        run: pnpm install || npm install
 
       - name: Build Policy Cards
         run: |

@@ -55,7 +55,7 @@ jobs:
           REDIS_PORT=6379 \
           REDIS_PASSWORD=devpassword \
           CORS_ORIGIN=* \
-          pnpm ci:prod-guard
+          ppnpm install:prod-guard
           status=$?
           if [ "$status" -eq 0 ]; then
             echo "Prod guardrails command succeeded unexpectedly"

@@ -51,7 +51,7 @@ jobs:
           REDIS_PORT=6379 \
           REDIS_PASSWORD=devpassword \
           CORS_ORIGIN=* \
-          pnpm ci:prod-guard
+          ppnpm install:prod-guard
           status=$?
           if [ "$status" -eq 0 ]; then
             echo "Prod guardrails command succeeded unexpectedly"

@@ -24,7 +24,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Build project
         run: npm run build
@@ -58,7 +58,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install
 
       - name: Download build artifacts
         uses: actions/download-artifact@v4

@@ -23,7 +23,7 @@ jobs:
         run: |
           corepack enable
           pnpm -v || npm i -g pnpm
-          pnpm install --ignore-scripts --frozen-lockfile || npm ci --ignore-scripts
+          pnpm install --ignore-scripts --frozen-lockfile || pnpm install --ignore-scripts
       - name: Smoke Build
         run: |
           npm run -ws --if-present build:smoke || true

@@ -30,7 +30,7 @@ jobs:
           node-version: 24
 
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: pnpm install --ignore-scripts
 
       - name: Static startup race scan
         run: node scripts/scan-startup-races.mjs --compose docker-compose.yml --json

@@ -41,7 +41,7 @@ jobs:
           if [ -f pnpm-lock.yaml ]; then
             pnpm install --no-frozen-lockfile
           elif [ -f package-lock.json ]; then
-            npm ci
+            pnpm install
           else
             echo "No lockfile; skipping install."
           fi

@@ -102,7 +102,7 @@ jobs:
         if: github.event_name == 'push' && github.ref_type == 'tag'
         run: |
           chmod +x scripts/check-reproducibility.sh
-          ./scripts/check-reproducibility.sh summit-platform "npm ci && npm run build" production 2 /tmp/build-test
+          ./scripts/check-reproducibility.sh summit-platform "pnpm install && npm run build" production 2 /tmp/build-test
 
       # Generate SBOM
       - name: Generate SBOM

@@ -259,7 +259,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: ./monitoring/synthetic
-        run: npm ci
+        run: pnpm install
 
       - name: Run synthetic tests
         working-directory: ./monitoring/synthetic

@@ -62,7 +62,7 @@ jobs:
           REDIS_PORT=6379 \
           REDIS_PASSWORD=devpassword \
           CORS_ORIGIN=* \
-          pnpm ci:prod-guard
+          ppnpm install:prod-guard
           status=$?
           if [ "$status" -eq 0 ]; then
             echo "Prod guardrails command succeeded unexpectedly"

@@ -19,7 +19,7 @@ jobs:
           cache: "npm"
 
       - name: Install dependencies
-        run: npm ci || npm install
+        run: pnpm install || npm install
 
       - name: Build Policy Cards
         run: |