diff --git a/.github/workflows/fix-ci.yaml b/.github/workflows/fix-ci.yaml
index fe08902..7090ae1 100644
--- a/.github/workflows/fix-ci.yaml
+++ b/.github/workflows/fix-ci.yaml
@@ -13,14 +13,22 @@ permissions:
 jobs:
   attempt-fix:
     if: >-
-      ${{ github.event.workflow_run.conclusion == 'failure' && 
+      ${{ github.event.workflow_run.conclusion == 'failure' &&
           github.event.workflow_run.event == 'pull_request' &&
           github.event.workflow_run.name != 'Fix CI Failures' }}
     runs-on: ubuntu-latest
     steps:
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.ADMIN_APP_ID }}
+          private-key: ${{ secrets.ADMIN_APP_PRIVATE_KEY }}
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
+          token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0
 
       - name: Install Cursor CLI
@@ -30,8 +38,8 @@ jobs:
 
       - name: Configure git identity
         run: |
-          git config user.name "Cursor Agent"
-          git config user.email "cursor-agent@onkernel.com"
+          git config user.name "kernel-internal[bot]"
+          git config user.email "260533166+kernel-internal[bot]@users.noreply.github.com"
 
       - name: Setup Go
         uses: actions/setup-go@v5
@@ -41,7 +49,7 @@ jobs:
       - name: Fix CI failure
         env:
           CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           BRANCH_PREFIX: ci-fix
         run: |
           cursor-agent -p "You are operating in a GitHub Actions runner for the Kernel CLI repository.
@@ -79,7 +87,7 @@ jobs:
              - Example format:
                \"🔧 CI Fix Available
                I've pushed a fix for the CI failure.
-               
+
                👉 Click here to create a PR with the fix\"
              - Do NOT include any git merge instructions or manual merge commands
              - Only include the compare link (e.g., https://github.com/.../compare/...)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8898eae..b4158c9 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,6 +13,14 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.ADMIN_APP_ID }}
+          private-key: ${{ secrets.ADMIN_APP_PRIVATE_KEY }}
+          repositories: cli,homebrew-tap
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -43,5 +51,5 @@ jobs:
           version: '~> v2'
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}