diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 2d867fd..d3ed6f4 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,16 +5,20 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   publish:
+    name: Publish to PyPI
     runs-on: ubuntu-latest
     permissions:
       id-token: write
+      contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.7
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
-      - name: Set up Python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5.3.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
         with:
           python-version: "3.12"
 
@@ -25,4 +29,6 @@ jobs:
         run: python -m build
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0  # v1.12.3
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
+        with:
+          attestations: true
diff --git a/README.md b/README.md
index e6ef832..97ea027 100644
--- a/README.md
+++ b/README.md
@@ -268,6 +268,12 @@ See [`/examples`](examples/) for working code:
 
 ---
 
+## Releases
+
+Releases are published to PyPI with PEP 740 attestations via GitHub Actions Trusted Publishing.
+
+---
+
 ## License
 
 MIT. See [LICENSE](LICENSE).
diff --git a/pyproject.toml b/pyproject.toml
index 1a598ac..1412570 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "cueapi-sdk"
-version = "0.1.0"
+version = "0.1.1"
 description = "The official Python SDK for CueAPI — scheduling infrastructure for agents"
 readme = "README.md"
 license = { text = "MIT" }