From 1503c06f66c9ff3b07abe2e8839d27993a7bbb9e Mon Sep 17 00:00:00 2001
From: Jordan Ritter <jpr5@darkridge.com>
Date: Fri, 15 May 2026 10:43:49 -0700
Subject: [PATCH] fix(ci): persist-credentials: false on release,
 agent-restricted, strands-command

Defense-in-depth: stop persisting the GITHUB_TOKEN in the git
credential store on three workflows that previously left it
populated after checkout.

- release.yml (prepare-release + publish-npm): add
  persist-credentials: false and explicit insteadOf step before
  every git push so push still works without the persisted token.
- agent-restricted.yml: add persist-credentials: false; the
  strands-action already configures its own git credentials via
  pat_token input.
- strands-command.yml: same pattern as agent-restricted.
- test-and-build job already had persist-credentials: false and
  is left unchanged.
---
 .github/workflows/agent-restricted.yml |  2 ++
 .github/workflows/release.yml          | 14 ++++++++++++++
 .github/workflows/strands-command.yml  |  1 +
 3 files changed, 17 insertions(+)

diff --git a/.github/workflows/agent-restricted.yml b/.github/workflows/agent-restricted.yml
index 9ba260dac..d222ef36d 100644
--- a/.github/workflows/agent-restricted.yml
+++ b/.github/workflows/agent-restricted.yml
@@ -67,6 +67,8 @@ jobs:
           echo "✅ User $ACTOR is authorized"
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          persist-credentials: false
 
       - name: Run Strands Agent
         uses: ./.github/actions/strands-action
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 89caef3bc..e20605073 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -50,6 +50,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
@@ -117,6 +118,12 @@ jobs:
           npx prettier --write schemas/
           echo "✓ JSON schema regenerated and formatted"
 
+      - name: Configure push credentials
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          git config --global url."https://x-access-token:${GH_TOKEN}@github.com/".insteadOf "https://github.com/"
+
       - name: Create release branch and PR
         env:
           NEW_VERSION: ${{ steps.bump.outputs.version }}
@@ -302,6 +309,7 @@ jobs:
         with:
           ref: main
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Verify we have the merged code
         run: |
@@ -370,6 +378,12 @@ jobs:
           echo "No NPM_TOKEN needed - using GitHub OIDC"
           npm publish --access public --provenance --tag latest
 
+      - name: Configure push credentials
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          git config --global url."https://x-access-token:${GH_TOKEN}@github.com/".insteadOf "https://github.com/"
+
       - name: Create and push tag
         env:
           VERSION: ${{ steps.version.outputs.version }}
diff --git a/.github/workflows/strands-command.yml b/.github/workflows/strands-command.yml
index a964f215e..65583b102 100644
--- a/.github/workflows/strands-command.yml
+++ b/.github/workflows/strands-command.yml
@@ -68,6 +68,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Add strands-running label
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8