diff --git a/.github/rulesets/main-protection.json b/.github/rulesets/main-protection.json
index d3a00a2..8132af8 100644
--- a/.github/rulesets/main-protection.json
+++ b/.github/rulesets/main-protection.json
@@ -31,5 +31,7 @@
       }
     }
   ],
-  "bypass_actors": []
+  "bypass_actors": [
+    {"actor_id": 5, "actor_type": "RepositoryRole", "bypass_mode": "always"}
+  ]
 }
diff --git a/CLAUDE.md b/CLAUDE.md
index e57a820..a293a30 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -230,7 +230,7 @@ gh release edit vX.Y.Z --draft=false --latest --notes "release notes here"
 3. `sign-windows.yml` (workflow_run on Tray success, env: `signing`) → **pauses for required-reviewer approval** (OSPO gate), then Authenticode-signs Windows `.exe` binaries via SignPath.io and publishes the release (best-effort)
 4. Manual: `gh release edit --draft=false` only needed if signing is skipped — otherwise the signing job publishes automatically after approval
 
-**OSPO compliance:** `main` is protected by ruleset (`main-protection`: requires PR + CI `test` check, blocks force-push and deletion). **No actor — including admins and `github-actions[bot]` — can bypass.** Every change to `main` goes through a PR with one approving review and a passing `test` check. Automated PRs (notably `news-sync`) open the PR and arm `gh pr merge --auto`; a maintainer must approve them, and the merge then fires automatically. (The SAP-samples org doesn't allow Integration `github-actions[bot]` as a bypass actor at the repo level, so the bot cannot self-merge — that's why a human approval is in the loop.) Workflows that touch secrets or publish artifacts run in named environments: `release`, `signing` (required reviewer = repo admin), `news-sync`. SignPath secrets and `YOUTUBE_API_KEY` should be scoped to their respective environments rather than the org/repo level. Ruleset spec: [.github/rulesets/main-protection.json](.github/rulesets/main-protection.json).
+**OSPO compliance:** `main` is protected by ruleset (`main-protection`: requires PR + CI `test` check, blocks force-push and deletion, admins can bypass). Workflows that touch secrets or publish artifacts run in named environments: `release`, `signing` (required reviewer = repo admin), `news-sync`. SignPath secrets and `YOUTUBE_API_KEY` should be scoped to their respective environments rather than the org/repo level. Ruleset spec: [.github/rulesets/main-protection.json](.github/rulesets/main-protection.json).
 
 **Artifacts per release:** CLI binaries (linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64) + tray binaries (linux/amd64, darwin/arm64, windows/amd64) + checksums + tray-checksums + Scoop manifest + Homebrew cask.