diff --git a/.github/workflows/publish-dists.yml b/.github/workflows/publish-dists.yml
index 98993c6f5..8423ce4c4 100644
--- a/.github/workflows/publish-dists.yml
+++ b/.github/workflows/publish-dists.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     steps:
       - uses: actions/checkout@v4
@@ -85,3 +87,27 @@ jobs:
 
             cd -
           done
+          
+  validate:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Validate commit messages
+        run: |
+          commit_range="${{ github.event.before }}..HEAD"
+          git log $commit_range --pretty=format:%s | while read -r msg; do
+            echo "$msg" | grep -E '^(feat|fix|docs|chore|test|refactor): .+' || { echo "Invalid commit message: $msg"; exit 1; }
+          done
+
+      - name: Validate file paths
+        run: |
+          invalid_files=$(git diff --name-only HEAD~1 | grep -vE '^(src/|test/|config/)')
+          if [ -n "$invalid_files" ]; then
+            echo "Invalid file paths: $invalid_files"
+            exit 1
+          fi