diff --git a/.github/workflows/prepare_release.yml b/.github/workflows/prepare_release.yml
new file mode 100644
index 0000000000..a12f0987e2
--- /dev/null
+++ b/.github/workflows/prepare_release.yml
@@ -0,0 +1,82 @@
+name: Prepare Release
+
+permissions: {}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (without v prefix, e.g. 0.1.0 or 0.1.0-alpha.0)'
+        required: true
+        type: string
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  prepare:
+    if: github.repository == 'voidzero-dev/vite-plus'
+    name: Prepare Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - uses: ./.github/actions/clone
+
+      - uses: oxc-project/setup-rust@68c3199c5339f965e6e163924c3c450773eba42b # main (pending v1.0.17 — Swatinem/rust-cache v2.9.1 for node24)
+        with:
+          save-cache: false
+          cache-key: lint
+
+      - uses: oxc-project/setup-node@ab97f03642370d79a7e96dd286bd02a1be40e0ba # v1.3.0
+
+      - name: Bump versions
+        env:
+          VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          update_json() {
+            local file=$1
+            sed -i -E "s/^(\s*\"version\":\s*)\"[^\"]+\"/\1\"$VERSION\"/" "$file"
+            grep -qF "\"version\": \"$VERSION\"" "$file" || { echo "::error::Failed to update $file"; exit 1; }
+            echo "Updated $file"
+          }
+          update_toml() {
+            local file=$1
+            sed -i -E "s/^version\s*=\s*\"[^\"]+\"/version = \"$VERSION\"/" "$file"
+            grep -qF "version = \"$VERSION\"" "$file" || { echo "::error::Failed to update $file"; exit 1; }
+            echo "Updated $file"
+          }
+          update_json packages/cli/package.json
+          update_json packages/core/package.json
+          update_json packages/test/package.json
+          update_toml packages/cli/binding/Cargo.toml
+          update_toml crates/vite_global_cli/Cargo.toml
+
+      - name: Refresh Cargo.lock
+        run: cargo check
+
+      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        id: app-token
+        with:
+          client-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          commit-message: 'release: v${{ inputs.version }}'
+          title: 'release: v${{ inputs.version }}'
+          branch: release/v${{ inputs.version }}
+          base: main
+          sign-commits: true
+          body: |
+            Release vite-plus v${{ inputs.version }}.
+
+            Merging this PR will trigger the release workflow.
+          assignees: fengmk2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4007d2e7c2..1cf037db85 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,84 +1,72 @@
 name: Release
 
 on:
-  workflow_dispatch:
-    inputs:
-      npm_tag:
-        description: 'npm tag for publish'
-        required: true
-        default: 'latest'
-        type: choice
-        options:
-          - latest
-          - alpha
-      version:
-        description: 'Override version (leave empty to auto-compute). Use when retrying a failed publish.'
-        required: false
-        default: ''
-        type: string
+  push:
+    branches: [main]
+    paths:
+      - 'packages/cli/package.json'
 
 permissions: {}
 
 env:
   RELEASE_BUILD: 'true'
   DEBUG: 'napi:*'
-  NPM_TAG: ${{ inputs.npm_tag }}
 
 jobs:
-  prepare:
+  check:
+    if: github.repository == 'voidzero-dev/vite-plus'
+    name: Check version
     runs-on: ubuntu-latest
     permissions:
       contents: read
     outputs:
+      version_changed: ${{ steps.version.outputs.changed }}
       version: ${{ steps.version.outputs.version }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          fetch-tags: true
-          persist-credentials: false
-      - uses: ./.github/actions/set-snapshot-version
-        if: ${{ inputs.version == '' }}
-        id: computed
-        with:
-          npm_tag: ${{ inputs.npm_tag }}
+      - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2
 
-      - name: Set final version
+      - uses: oxc-project/setup-node@ab97f03642370d79a7e96dd286bd02a1be40e0ba # v1.3.0
+
+      - name: Check version changes
+        uses: EndBug/version-check@095362f3cd50f690c8fa0e6afeea81834bd8d320 # v3.0.0
         id: version
-        env:
-          INPUT_VERSION: ${{ inputs.version }}
-          COMPUTED_VERSION: ${{ steps.computed.outputs.version }}
-        run: echo "version=${INPUT_VERSION:-$COMPUTED_VERSION}" >> "$GITHUB_OUTPUT"
+        with:
+          static-checking: localIsNew
+          file-url: https://unpkg.com/vite-plus@latest/package.json
+          file-name: packages/cli/package.json
 
   build-rust:
     name: Build bindings and binaries
-    needs: prepare
+    needs: check
+    if: needs.check.outputs.version_changed == 'true'
     permissions:
       contents: read
     uses: ./.github/workflows/reusable-release-build.yml
     with:
-      version: ${{ needs.prepare.outputs.version }}
+      version: ${{ needs.check.outputs.version }}
       cache-key: release
 
   request-approval:
     runs-on: ubuntu-latest
-    needs: [prepare, build-rust]
+    needs: [check, build-rust]
+    if: needs.check.outputs.version_changed == 'true'
     steps:
       - uses: tsickert/discord-webhook@b217a69502f52803de774ded2b1ab7c282e99645 # v7.0.0
         with:
           webhook-url: ${{ secrets.DISCORD_RELEASES_WEBHOOK_URL }}
-          content: 'Requesting approval: ${{ github.server_url }}/${{ github.repository }}/actions/workflows/release.yml'
+          content: 'Requesting approval for vite-plus v${{ needs.check.outputs.version }}: ${{ github.server_url }}/${{ github.repository }}/actions/workflows/release.yml'
 
   Release:
     runs-on: ubuntu-latest
     environment: release
-    needs: [prepare, build-rust, request-approval]
+    needs: [check, build-rust, request-approval]
+    if: needs.check.outputs.version_changed == 'true'
     permissions:
       contents: write
       packages: write
       id-token: write # Required for OIDC
     env:
-      VERSION: ${{ needs.prepare.outputs.version }}
+      VERSION: ${{ needs.check.outputs.version }}
     steps:
       - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2
       - uses: ./.github/actions/clone
@@ -168,22 +156,17 @@ jobs:
 
       - name: Publish
         run: |
-          pnpm publish --filter=./packages/core --tag "${NPM_TAG}" --access public --no-git-checks
-          pnpm publish --filter=./packages/test --tag "${NPM_TAG}" --access public --no-git-checks
-          pnpm publish --filter=./packages/cli --tag "${NPM_TAG}" --access public --no-git-checks
+          pnpm publish --filter=./packages/core --tag latest --access public --no-git-checks
+          pnpm publish --filter=./packages/test --tag latest --access public --no-git-checks
+          pnpm publish --filter=./packages/cli --tag latest --access public --no-git-checks
 
       - name: Create release body
         env:
           REPOSITORY: ${{ github.repository }}
           COMMIT_SHA: ${{ github.sha }}
         run: |
-          if [[ "${NPM_TAG}" == "latest" ]]; then
-            INSTALL_BASH="curl -fsSL https://vite.plus | bash"
-            INSTALL_PS1="irm https://vite.plus/ps1 | iex"
-          else
-            INSTALL_BASH="curl -fsSL https://vite.plus | VP_VERSION=${VERSION} bash"
-            INSTALL_PS1="\\\$env:VP_VERSION=\\\"${VERSION}\\\"; irm https://vite.plus/ps1 | iex"
-          fi
+          INSTALL_BASH="curl -fsSL https://vite.plus | bash"
+          INSTALL_PS1="irm https://vite.plus/ps1 | iex"
           cat > ./RELEASE_BODY.md <<EOF
           ## vite-plus v${VERSION}
 
@@ -216,8 +199,8 @@ jobs:
         with:
           body_path: ./RELEASE_BODY.md
           draft: true
-          make_latest: ${{ inputs.npm_tag == 'latest' }}
-          prerelease: ${{ inputs.npm_tag == 'alpha' }}
+          make_latest: true
+          prerelease: false
           name: vite-plus v${{ env.VERSION }}
           tag_name: v${{ env.VERSION }}
           target_commitish: ${{ github.sha }}
@@ -230,7 +213,6 @@ jobs:
         run: gh release edit "v${VERSION}" --draft=false --repo "${{ github.repository }}"
 
       - name: Send Discord notification
-        if: ${{ inputs.npm_tag == 'latest' }}
         uses: tsickert/discord-webhook@b217a69502f52803de774ded2b1ab7c282e99645 # v7.0.0
         with:
           webhook-url: ${{ secrets.DISCORD_RELEASES_WEBHOOK_URL }}
diff --git a/packages/cli/publish-native-addons.ts b/packages/cli/publish-native-addons.ts
index 4ccb6c9996..ed9c5c51f2 100644
--- a/packages/cli/publish-native-addons.ts
+++ b/packages/cli/publish-native-addons.ts
@@ -53,15 +53,7 @@ if (existsSync(rustCliArtifactsDir)) {
   }
 }
 
-// Stamp VERSION into the publishable package.json files. napi prePublish and
-// the cli-binary packages below both read packages/cli/package.json#version.
-for (const p of ['core', 'test', 'cli']) {
-  const pkgPath = join(repoRoot, 'packages', p, 'package.json');
-  const content = readFileSync(pkgPath, 'utf-8');
-  writeFileSync(pkgPath, content.replace('"version": "0.0.0"', `"version": "${VERSION}"`));
-}
-
-// Build test package against the just-stamped versions.
+// Build test package — versions are already bumped on main by prepare_release.yml.
 execSync('pnpm --filter=@voidzero-dev/vite-plus-test build', {
   cwd: repoRoot,
   stdio: 'inherit',