From 612dee9d63d48b1f1f0c1ff32e134ea1207c33a3 Mon Sep 17 00:00:00 2001
From: Yury Akudovich <ya@matterlabs.dev>
Date: Wed, 14 Jan 2026 13:30:48 +0100
Subject: [PATCH 1/2] ci: Migrated to npmjs trusted-publishers OIDC

---
 .github/workflows/release.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9153191..13e4843 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,10 @@ on:
         required: true
         default: "main"
 
+permissions:
+  contents: write
+  id-token: write # Required for OIDC
+  
 env:
   HUSKY: 0
   CI: true
@@ -31,6 +35,4 @@ jobs:
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPMJS_NPM_MATTERLABS_AUTOMATION_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPMJS_NPM_MATTERLABS_AUTOMATION_TOKEN }}
         run: npx semantic-release

From 5a47b93a343f40556bf4dce1ad0e565db29bf28c Mon Sep 17 00:00:00 2001
From: Yury Akudovich <ya@matterlabs.dev>
Date: Wed, 14 Jan 2026 13:32:33 +0100
Subject: [PATCH 2/2] Add provenance field to publishConfig

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index e464cc0..5d42681 100644
--- a/package.json
+++ b/package.json
@@ -76,6 +76,7 @@
     "vitest": "^2.0.4"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   }
 }