diff --git a/.github/workflows/public-publish.yml b/.github/workflows/public-publish.yml
new file mode 100644
index 0000000..a0ceae7
--- /dev/null
+++ b/.github/workflows/public-publish.yml
@@ -0,0 +1,33 @@
+name: Release to public npm
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+jobs:
+  approve-release:
+    if: "${{ github.event.pull_request.merged == true && startsWith(github.event.pull_request.title, 'Release: ') }}"
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          persist-credentials: false
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        with:
+          node-version: lts/*
+          registry-url: 'https://registry.npmjs.org'
+      - run: |
+          VERSION=$(node -p "require('./package.json').version")
+          npm version $VERSION --no-git-tag-version --allow-same-version
+          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+          if ! git ls-remote --tags origin | grep -q "refs/tags/v$VERSION$"; then
+            git tag "v$VERSION"
+            git push origin "v$VERSION"
+          fi
+          npm publish --access public --provenance --tag latest --ignore-scripts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
deleted file mode 100644
index 1dae277..0000000
--- a/.github/workflows/publish.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: publish
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      
-      - name: Set up Node 22.19.0
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.19.0'
-          cache: 'npm'
-          registry-url: 'https://registry.npmjs.org'
-      
-      - name: Install dependencies
-        run: npm clean-install
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-      
-      - name: Lint code with standard
-        run: npm run lint
-      
-      - name: Run tests
-        run: npm test
-
-  publish:
-    needs: test
-    runs-on: ubuntu-latest
-    environment: npm-publish
-    
-    steps:
-      - uses: actions/checkout@v3
-      
-      - name: Set up Node 22.19.0
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.19.0'
-          cache: 'npm'
-          registry-url: 'https://registry.npmjs.org'
-      
-      - name: Install dependencies
-        run: npm clean-install
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Publish to npm
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file