From 01b08724032f345b8d86d751920473d59e595453 Mon Sep 17 00:00:00 2001
From: Nick Bianchi <nick@jeanarlene.com>
Date: Tue, 17 Mar 2026 03:04:19 +0000
Subject: [PATCH 1/2] fix: remove disputes.chitty.cc custom_domain route

This route conflicted with chittydisputes worker. The disputes.chitty.cc
domain should route to chittydisputes, not chittycommand.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 wrangler.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/wrangler.toml b/wrangler.toml
index ca6937c..e9fda82 100644
--- a/wrangler.toml
+++ b/wrangler.toml
@@ -5,7 +5,6 @@ compatibility_date = "2026-01-15"
 compatibility_flags = ["nodejs_compat"]
 routes = [
   { pattern = "command.chitty.cc", custom_domain = true },
-  { pattern = "disputes.chitty.cc", custom_domain = true },
   { pattern = "command.mychitty.com", custom_domain = true }
 ]
 

From 25f81c846d8604748b7c725c6f1930255833bc18 Mon Sep 17 00:00:00 2001
From: Nick Bianchi <nick@jeanarlene.com>
Date: Tue, 17 Mar 2026 03:28:21 +0000
Subject: [PATCH 2/2] feat: switch deploy workflows to GitHub OIDC (zero
 secrets)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- deploy-pages: add id-token: write, remove api_key input
- deploy-worker: add id-token: write at workflow level, remove
  secrets.CHITTYCONNECT_API_KEY passthrough

Requires chittyops PR #30 (getchitty-creds OIDC migration) to be
merged first. Deploy will use GitHub's native OIDC token validated
by ChittyConnect — no stored secrets needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/deploy-pages.yml  | 2 +-
 .github/workflows/deploy-worker.yml | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml
index cf219fc..f4e446d 100644
--- a/.github/workflows/deploy-pages.yml
+++ b/.github/workflows/deploy-pages.yml
@@ -13,6 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      id-token: write
     outputs:
       cloudflare_token: ${{ steps.creds.outputs.cloudflare_token }}
       account_id: ${{ steps.creds.outputs.account_id }}
@@ -27,7 +28,6 @@ jobs:
         id: creds
         uses: ./.chittyops/.github/actions/getchitty-creds
         with:
-          api_key: ${{ secrets.CHITTYCONNECT_API_KEY }}
           purpose: 'pages-deploy'
           service: 'chittycommand-ui'
 
diff --git a/.github/workflows/deploy-worker.yml b/.github/workflows/deploy-worker.yml
index 1fac2f4..b72ff4d 100644
--- a/.github/workflows/deploy-worker.yml
+++ b/.github/workflows/deploy-worker.yml
@@ -9,11 +9,12 @@ on:
       - 'wrangler.toml'
       - '.github/workflows/deploy-worker.yml'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   deploy:
     uses: CHITTYOS/chittyops/.github/workflows/reusable-worker-deploy.yml@main
     with:
       service_name: chittycommand
-    secrets:
-      CHITTYCONNECT_API_KEY: ${{ secrets.CHITTYCONNECT_API_KEY }}
-