diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index c96bb4fd..9c6cea0f 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -1,7 +1,8 @@
 # Unified workflow for pushes to main.
 #
 # Phase 1 (normal push): Lint + Test → Docs + Versioning
-#   Versioning commits with message "Update package version", triggering Phase 2.
+#   Versioning commits with message "Update package version".
+#   The commit pushes to main, re-triggering this workflow for Phase 2.
 #
 # Phase 2 (sentinel commit): Lint + Test → Publish to PyPI + GitHub Release
 
@@ -97,7 +98,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.POLICYENGINE_GITHUB }}
+          token: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
@@ -118,7 +119,7 @@ jobs:
     needs: [Lint, Test]
     if: github.event.head_commit.message == 'Update package version'
     env:
-      GH_TOKEN: ${{ secrets.POLICYENGINE_GITHUB }}
+      GH_TOKEN: ${{ github.token }}
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
diff --git a/changelog.d/fix-github-token.fixed.md b/changelog.d/fix-github-token.fixed.md
new file mode 100644
index 00000000..e213902e
--- /dev/null
+++ b/changelog.d/fix-github-token.fixed.md
@@ -0,0 +1 @@
+Use GITHUB_TOKEN instead of missing POLICYENGINE_GITHUB PAT in push workflow