diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 3f0a0c9..7f95afc 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,5 +1,4 @@
 * @a5chin
 
-.github/
 pyproject.toml
 uv.lock
diff --git a/.github/protection.json b/.github/protection.json
new file mode 100644
index 0000000..ba49d1c
--- /dev/null
+++ b/.github/protection.json
@@ -0,0 +1,25 @@
+{
+    "main": {
+        "allow_deletions": false,
+        "allow_force_pushes": false,
+        "enforce_admins": false,
+        "required_pull_request_reviews": {
+            "dismiss_stale_reviews": false,
+            "require_code_owner_reviews": false,
+            "required_approving_review_count": 1
+        },
+        "required_status_checks": {
+            "contexts": [],
+            "strict": true
+        },
+        "restrictions": null
+    },
+    "gh-pages": {
+        "allow_deletions": false,
+        "allow_force_pushes": true,
+        "enforce_admins": false,
+        "required_pull_request_reviews": null,
+        "required_status_checks": null,
+        "restrictions": null
+    }
+}
diff --git a/.github/workflows/approve.yml b/.github/workflows/approve.yml
new file mode 100644
index 0000000..610615a
--- /dev/null
+++ b/.github/workflows/approve.yml
@@ -0,0 +1,18 @@
+name: Approver
+
+on:
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+
+    if: endsWith(github.actor, '[bot]')
+
+    steps:
+      - name: Approve
+        run: gh pr review ${{ github.event.number }} --approve
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/gh-deploy.yml b/.github/workflows/gh-deploy.yml
index 93f5020..27cecc5 100644
--- a/.github/workflows/gh-deploy.yml
+++ b/.github/workflows/gh-deploy.yml
@@ -11,6 +11,7 @@ on:
       - "mkdocs.yml"
       - "pyproject.toml"
       - "uv.lock"
+  workflow_dispatch:
 
 permissions:
   contents: write
diff --git a/.github/workflows/setting.yml b/.github/workflows/setting.yml
new file mode 100644
index 0000000..df488bb
--- /dev/null
+++ b/.github/workflows/setting.yml
@@ -0,0 +1,88 @@
+name: Repository Settings
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/setting.yml
+      - .github/protection.json
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  delete-branch:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Enable auto-delete head branches
+        run: |
+          gh repo edit ${{ github.repository }} --delete-branch-on-merge
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+  pages:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Set GitHub Pages Source
+        run: |
+          gh api -X POST "repos/${{ github.repository }}/pages" \
+            -f "source[branch]=${{ env.BRANCH }}" \
+            -f "source[path]=${{ env.TARGET_PATH }}" --silent \
+          || \
+          gh api -X PUT "repos/${{ github.repository }}/pages" \
+            -f "source[branch]=${{ env.BRANCH }}" \
+            -f "source[path]=${{ env.TARGET_PATH }}"
+        env:
+          BRANCH: gh-pages
+          TARGET_PATH: /
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+  protection:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Apply Branch Protection Rules
+        run: |
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "Error: $CONFIG_FILE not found!"
+            exit 1
+          fi
+
+          BRANCHES=$(jq -r 'keys[]' "$CONFIG_FILE")
+
+          for BRANCH in $BRANCHES; do
+            if ! gh api "repos/${{ github.repository }}/branches/$BRANCH" --silent >/dev/null 2>&1; then
+              echo "Warning: Branch '$BRANCH' does not exist in this repository. Skipping..."
+              continue
+            fi
+
+            jq -c ".\"$BRANCH\"" "$CONFIG_FILE" | gh api -X PUT "repos/${{ github.repository }}/branches/$BRANCH/protection" --input -
+          done
+        env:
+          CONFIG_FILE: .github/protection.json
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 94f5d09..7e7959a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -36,8 +36,17 @@ jobs:
       contents: read
 
     steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Setup Python with uv
         uses: ./.github/actions/setup-python-with-uv
diff --git a/.sqlfluffignore b/.sqlfluffignore
index 4d6df9a..85d3f0c 100644
--- a/.sqlfluffignore
+++ b/.sqlfluffignore
@@ -194,3 +194,4 @@ cython_debug/
 # dbt
 dbt_packages/
 logs/
+target/