From da045157763d9c9ee110554c38e77ac5840170df Mon Sep 17 00:00:00 2001
From: NiveditJain <nivedit@exosphere.host>
Date: Tue, 7 Apr 2026 21:33:53 +0000
Subject: [PATCH] [ef-42] feat: re-add --provenance to npm publish for public
 repo

The --provenance flag and id-token permission were removed in 407611f
because npm provenance requires a public repository. Now that the repo
is going public, re-enable provenance attestation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/publish.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 303af496..795c4e64 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -10,6 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v6
 
@@ -36,7 +37,7 @@ jobs:
           registry-url: "https://registry.npmjs.org"
 
       - name: Publish
-        run: npm publish
+        run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}