From 18279b5619f6547b6bd8d5a84e1bd6b39927e0b9 Mon Sep 17 00:00:00 2001
From: Surya Prashanth <prashantsurya002@gmail.com>
Date: Fri, 27 Mar 2026 15:18:23 +0530
Subject: [PATCH] chore: switch npm publish to trusted publishers via OIDC

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/publish-node-sdk.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish-node-sdk.yml b/.github/workflows/publish-node-sdk.yml
index 47976c5..0eb65e1 100644
--- a/.github/workflows/publish-node-sdk.yml
+++ b/.github/workflows/publish-node-sdk.yml
@@ -3,6 +3,10 @@ name: Publish Node SDK to npm
 on:
   workflow_dispatch:
 
+permissions:
+  contents: write
+  id-token: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -27,9 +31,7 @@ jobs:
         run: pnpm build
 
       - name: Publish to npm
-        run: pnpm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: pnpm publish --access public --provenance
 
       - name: Get version from package.json
         id: package-version