diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index ae75ab7..d35ed74 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -11,6 +11,9 @@ on:
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-java@v3
@@ -22,7 +25,7 @@ jobs:
           node-version: '19'
           registry-url: https://registry.npmjs.org/
       - run: npm ci
-      - run: npm publish --access public
+      - run: npm publish --provenance --access public
         env:
           BUILD_TYPE: release
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
diff --git a/package.json b/package.json
index 083f068..0ea6179 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@exact-realty/lot",
-	"version": "0.0.18",
+	"version": "0.0.19",
 	"description": "Sandbox for isolating ECMAScript code",
 	"main": "dist/index.js",
 	"module": "./dist/index.mjs",
diff --git a/src/types/index.ts b/src/types/index.ts
index 633d8f9..7bf5ea3 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -13,11 +13,37 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/**
+ * Interface representing a function to perform a task.
+ */
 export interface IPerformTask {
+	/**
+	 * Performs a task.
+	 *
+	 * @param op - The operation to be performed.
+	 * @param args - Variable list of arguments.
+	 * @returns Returns a promise resolving to the result.
+	 */
 	(op: string, ...args: unknown[]): Promise<unknown>;
 }
 
+/**
+ * Interface representing a function to execute a script in a sandboxed
+ * environment.
+ */
 export interface ISandbox {
+	/**
+	 * Executes a script in a sandbox.
+	 *
+	 * @param script - The script to be executed.
+	 * @param allowedGlobals - Optional list of allowed global variables.
+	 * @param externalMethods - Optional dictionary of external methods or
+	 * variables available as globals to the script.
+	 * @param abort - Optional abort signal to terminate the execution.
+	 * @param options - Optional configuration options for the sandbox.
+	 * @returns Returns a promise resolving to a function that can perform
+	 * sandboxed tasks.
+	 */
 	(
 		script: string,
 		allowedGlobals?: string[] | undefined | null,
@@ -27,12 +53,25 @@ export interface ISandbox {
 	): Promise<IPerformTask>;
 }
 
+/**
+ * Type representing the context in which the sandboxed script is executed.
+ */
 export type TContext = Record<PropertyKey, unknown> & {
+	/** The global `this` reference within the context. */
 	globalThis: TContext;
+	/** Represents the commonJS module object with its exports. */
 	module: { exports: unknown };
 };
 
+/**
+ * Type representing the configuration options for the sandbox.
+ */
 export type TSandboxOptions = {
+	/**
+	 * Indicates if the worker should be treated like a browser or node.js worker.
+	 * If true, the worker is a browser worker. Otherwise, it's treated as a node.js worker.
+	 */
 	browserRequireWorker?: boolean;
+	/** The type of the worker to be used (e.g., "classic", "module"). */
 	workerType?: WorkerOptions['type'];
 };