Joshua Shay Kricheli NeuroSymbolic AI
v2 v1

Release · v2.18.1

Don't persist the checkout token on read-only jobs

ci: don't persist the checkout token on read-only jobs

ci v2.18.1 June 23, 2026 Claude 69cc31d

Details

Add persist-credentials: false to every checkout in ci.yml and pr-validation.yml
(all of them are read-only — none push). Keeps the GITHUB_TOKEN out of
.git/config after checkout. agent.yml is intentionally left as-is since it pushes
the work branch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A9nJYCSwtVUrxubiU4VAMN

Files changed (2)

.github/workflows/ci.yml +8 −0
.github/workflows/pr-validation.yml +6 −0