From e8f2dd54c2eb05e7e142f535b5ce3ccf7cd7ab15 Mon Sep 17 00:00:00 2001
From: Coding-Dev-Tools <algorithmictradingsolutions@gmail.com>
Date: Mon, 18 May 2026 11:51:33 -0400
Subject: [PATCH] Remove npm-publish.yml, add Python 3.13 to CI, harden
 checkout permissions

- Remove .github/workflows/npm-publish.yml (Python repo, no npm package)
- Add Python 3.13 to CI test matrix
- Add persist-credentials: false to all checkout steps
- Add permissions: contents: read to ci.yml top level
---
 .github/workflows/ci.yml          |  8 ++++++--
 .github/workflows/npm-publish.yml | 28 ----------------------------
 .github/workflows/publish.yml     |  3 ++-
 3 files changed, 8 insertions(+), 31 deletions(-)
 delete mode 100644 .github/workflows/npm-publish.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 65508a6..18cc60d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,15 +6,20 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
 
     steps:
       - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v6
@@ -30,4 +35,3 @@ jobs:
       - name: Run tests
         run: |
           python -m pytest tests/ -v --cov=src --cov-report=term-missing
-
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
deleted file mode 100644
index ffc3b66..0000000
--- a/.github/workflows/npm-publish.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: Publish to npm
-
-on:
-  release:
-    types: [published]
-  workflow_dispatch:
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: "22"
-          registry-url: "https://registry.npmjs.org"
-
-      - name: Publish to npm
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          npm publish --access public
-
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index b2d572b..0698ade 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -22,6 +22,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Set up Python 3.11
         uses: actions/setup-python@v6
@@ -54,4 +56,3 @@ jobs:
           TWINE_PASSWORD: ${{ secrets.TEST_PYPI_API_TOKEN }}
         run: |
           twine upload --repository testpypi dist/* --verbose
-