From e4d77cdba0268e060b3cd6af7e13140dba0de61d Mon Sep 17 00:00:00 2001
From: gavrielc <gabicohen22@yahoo.com>
Date: Sun, 15 Feb 2026 17:11:39 +0200
Subject: [PATCH] fix: use GitHub App token for token count workflow

Switches from default GITHUB_TOKEN to a scoped GitHub App token
so the workflow can push to the protected main branch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/update-tokens.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update-tokens.yml b/.github/workflows/update-tokens.yml
index f841cd5..5f0f4b6 100644
--- a/.github/workflows/update-tokens.yml
+++ b/.github/workflows/update-tokens.yml
@@ -5,14 +5,19 @@ on:
     branches: [main]
     paths: ['src/**', 'container/**', 'launchd/**', 'CLAUDE.md']
 
-permissions:
-  contents: write
-
 jobs:
   update-tokens:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
 
       - uses: actions/setup-python@v5
         with: