diff --git a/.github/actions/setup-jfrog-pypi/action.yml b/.github/actions/setup-jfrog-pypi/action.yml
new file mode 100644
index 000000000..8855a1733
--- /dev/null
+++ b/.github/actions/setup-jfrog-pypi/action.yml
@@ -0,0 +1,21 @@
+name: Setup JFrog PyPI proxy
+description: Authenticate to JFrog via OIDC and configure uv to use the db-pypi proxy
+
+runs:
+  using: composite
+  steps:
+    - name: Setup JFrog CLI with OIDC
+      id: jfrog
+      uses: jfrog/setup-jfrog-cli@279b1f629f43dd5bc658d8361ac4802a7ef8d2d5 # v4.9.1
+      env:
+        JF_URL: https://databricks.jfrog.io
+      with:
+        oidc-provider-name: github-actions
+
+    - name: Configure uv for JFrog
+      shell: bash
+      run: |
+        # Route uv package resolution through the JFrog PyPI proxy. Hardened
+        # runners block direct access to pypi.org, so all index queries go
+        # through this authenticated mirror instead.
+        echo "UV_INDEX_URL=https://${{ steps.jfrog.outputs.oidc-user }}:${{ steps.jfrog.outputs.oidc-token }}@databricks.jfrog.io/artifactory/api/pypi/db-pypi/simple" >> "$GITHUB_ENV"
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 1b6b389eb..a80d39885 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -6,6 +6,10 @@ on:
   merge_group:
     types: [checks_requested]
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   tests-ubuntu:
     uses: ./.github/workflows/test.yml
@@ -39,9 +43,20 @@ jobs:
         with:
           version: "0.6.5"
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      - name: Re-lock for JFrog
+        run: uv lock
+
       - name: Format all files
         run: make dev fmt
 
+      - name: Restore lockfiles and fix proxy URLs
+        run: |
+          git checkout -- '*.lock'
+          make fix-lockfile
+
       - name: Fail on differences
         run: git diff --exit-code
 
@@ -57,5 +72,11 @@ jobs:
         with:
           version: "0.6.5"
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      - name: Re-lock for JFrog
+        run: uv lock
+
       - name: Check MANIFEST.in
         run: make dev && uv run check-manifest .
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 57d8db779..489cf2a33 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,6 +15,11 @@ jobs:
     strategy:
         fail-fast: false
     runs-on: ${{ inputs.os }}
+
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
@@ -28,6 +33,15 @@ jobs:
           version: "0.6.5"
           python-version: ${{ inputs.pyVersion }}
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      # Re-lock so uv.lock matches the JFrog-configured UV_INDEX_URL.
+      # Keeps the same versions; only registry URLs change. Ephemeral (not committed).
+      - name: Re-lock for JFrog
+        shell: bash
+        run: uv lock
+
       - name: Run tests
         run: make dev test
 
diff --git a/Makefile b/Makefile
index b2d404851..c657e524c 100644
--- a/Makefile
+++ b/Makefile
@@ -30,5 +30,13 @@ benchmark:
 coverage: test
 	open htmlcov/index.html
 
+fix-lockfile:
+	@# Replace JFrog proxy URLs with public equivalents in lockfiles.
+	@# Prevents proxy URLs from being accidentally committed.
+	find . -type f -name '*.lock' -not -path './.github/*' \
+	  -exec sed -i 's|databricks\.jfrog\.io/artifactory/api/pypi/db-pypi/simple|pypi.org/simple|g' {} +
+	find . -type f -name '*.lock' -not -path './.github/*' \
+	  -exec sed -i 's|databricks\.jfrog\.io/artifactory/api/pypi/db-pypi/packages|files.pythonhosted.org|g' {} +
+
 clean:
 	rm -fr dist *.egg-info .pytest_cache build htmlcov .venv