diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
new file mode 100644
index 0000000..983fb6b
--- /dev/null
+++ b/.github/workflows/publish-to-pypi.yaml
@@ -0,0 +1,70 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+jobs:
+  publish:
+    name: Build
+    runs-on: ubuntu-latest
+
+    # This environment is required as an input to pypa/gh-action-pypi-publish
+    environment:
+      name: pypi
+      url: https://pypi.org/p/seclab-taskflow-agent
+
+    env:
+      GITHUB_REPO: ${{ github.repository }}
+
+    permissions:
+      contents: write
+      id-token: write  # For trusted publishing
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        persist-credentials: false
+
+    - name: Set up Python
+      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      with:
+        python-version: "3.13"
+
+    - name: Install Hatch
+      run: pip install --upgrade hatch
+
+    - name: Build the wheel
+      run: python3 -m hatch build
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      with:
+        name: python-package-distributions
+        path: dist/
+
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+      with:
+        verbose: true
+
+    - name: Sign with sigstore
+      uses: sigstore/gh-action-sigstore-python@f832326173235dcb00dd5d92cd3f353de3188e6c # v3.1.0
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        RELEASE_NAME: ${{ github.ref_name }}
+      run: gh release create $RELEASE_NAME --repo $GITHUB_REPO --generate-notes
+
+    - name: Upload GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        RELEASE_NAME: ${{ github.ref_name }}
+      run: gh release upload $RELEASE_NAME dist/** --repo $GITHUB_REPO
diff --git a/.github/workflows/publish-to-testpypi.yaml b/.github/workflows/publish-to-testpypi.yaml
index b2e9c43..36b2863 100644
--- a/.github/workflows/publish-to-testpypi.yaml
+++ b/.github/workflows/publish-to-testpypi.yaml
@@ -63,8 +63,7 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         RELEASE_NAME: ${{ steps.create_release_name.outputs.RELEASE_NAME }}
-        NOTES: "Test Release"
-      run: gh release create $RELEASE_NAME --repo $GITHUB_REPO --notes $NOTES
+      run: gh release create $RELEASE_NAME --repo $GITHUB_REPO --prerelease --generate-notes
 
     - name: Upload GitHub Release
       env: