diff --git a/.github/workflows/audit-fix-auto-merge.yml b/.github/workflows/audit-fix-auto-merge.yml
deleted file mode 100644
index ff0c8af..0000000
--- a/.github/workflows/audit-fix-auto-merge.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Audit fix Auto-merge
-
-on:
-  pull_request:
-    branches: ["main"]
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  auto-merge:
-    name: Auto-merge audit fix pull requests
-    runs-on: ubuntu-latest
-    if: "contains(github.event.pull_request.labels.*.name, 'audit: fix')"
-    steps:
-      - name: Approve
-        run: gh pr review "$PR_URL" --approve --comment --body "Auto-approve audit fix pull requests"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
-      - name: Enable auto-merge
-        run: gh pr merge "$PR_URL" --auto --squash
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
diff --git a/.github/workflows/audit-fix.yml b/.github/workflows/audit-fix.yml
index 111c7bc..4d82274 100644
--- a/.github/workflows/audit-fix.yml
+++ b/.github/workflows/audit-fix.yml
@@ -26,7 +26,9 @@ jobs:
         run: npm ci
 
       - name: Run npm audit fix
-        run: npm audit fix || npm audit fix --force || true
+        run: |
+          npm audit 2>&1 > audit-report.txt || true
+          npm audit fix || npm audit fix --force || true
 
       - name: Create pull request
         env:
@@ -38,7 +40,7 @@ jobs:
             exit 0
           fi
 
-          BRANCH="npm-audit-fix-$(date +%Y%m%d)"
+          BRANCH="npm-audit-fix-$(date +%Y%m%d-%H%M%S)"
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git checkout -b "$BRANCH"
@@ -46,9 +48,19 @@ jobs:
           git commit -m "chore(deps): npm audit fix"
           git push origin "$BRANCH"
 
+          cat > pr-body.md << 'BODYEOF'
+          Automated security fixes via `npm audit fix`.
+
+          ## Audit Report
+
+          ```
+          BODYEOF
+          cat audit-report.txt >> pr-body.md
+          echo '```' >> pr-body.md
+
           gh pr create \
             --title "chore(deps): npm audit fix" \
-            --body "Automated security fixes via \`npm audit fix\`." \
+            --body-file pr-body.md \
             --label "audit: fix" \
             --base main \
             --head "$BRANCH"
diff --git a/.github/workflows/auto-approve-merge.yml b/.github/workflows/auto-approve-merge.yml
new file mode 100644
index 0000000..f09bbc7
--- /dev/null
+++ b/.github/workflows/auto-approve-merge.yml
@@ -0,0 +1,31 @@
+name: Auto approve and merge
+
+on:
+  pull_request_target:
+    types:
+      - labeled
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    name: Auto approve and merge
+    runs-on: ubuntu-latest
+    if: "github.actor == 'dependabot[bot]' || (github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.labels.*.name, 'audit: fix'))"
+    steps:
+      - name: Approve
+        run: gh pr review "$PR_NUMBER" --approve
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
+      - name: Enable auto-merge
+        run: gh pr merge "$PR_NUMBER" --auto --squash
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
diff --git a/.github/workflows/pull-request-lint.yml b/.github/workflows/pull-request-lint.yml
index 345fc03..1d14c12 100644
--- a/.github/workflows/pull-request-lint.yml
+++ b/.github/workflows/pull-request-lint.yml
@@ -1,15 +1,18 @@
 name: Pull Request Lint
 
 on:
-  pull_request:
-    branches: ["main"]
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - reopened
 
 jobs:
   validate:
     name: Validate PR title
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: write
+      pull-requests: read
     steps:
       - uses: amannn/action-semantic-pull-request@v6
         env:
diff --git a/.github/workflows/release-auto-merge.yml b/.github/workflows/release-auto-merge.yml
index 42c1c0c..c175ebd 100644
--- a/.github/workflows/release-auto-merge.yml
+++ b/.github/workflows/release-auto-merge.yml
@@ -25,7 +25,7 @@ jobs:
             --json number \
             --jq '.[].number' | \
           while read -r pr; do
-            echo "Enabling auto-merge on PR #$pr"
+            echo "Approving and enabling auto-merge on PR #$pr"
             gh pr review "$pr" --approve --comment --body "Auto-approve weekly releases"
             gh pr merge "$pr" --auto --squash
           done