diff --git a/.github/workflows/automerge-sweep.yml b/.github/workflows/automerge-sweep.yml
new file mode 100644
index 0000000..62ec539
--- /dev/null
+++ b/.github/workflows/automerge-sweep.yml
@@ -0,0 +1,84 @@
+# Automerge Sweep
+#
+# GitHub's auto-merge queue sometimes goes stale (RC3): a PR has
+# mergeStateStatus=CLEAN and autoMergeRequest set, but GitHub never
+# executes the merge.  Toggling auto-merge off/on forces re-evaluation.
+#
+# Runs every 10 minutes.  Idempotent — safe to run on any schedule.
+name: automerge-sweep
+
+on:
+  schedule:
+    - cron: "*/10 * * * *"
+  workflow_dispatch:
+
+concurrency:
+  group: automerge-sweep
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  sweep:
+    runs-on: ubuntu-latest
+    permissions: {}
+    strategy:
+      fail-fast: false
+      matrix:
+        repo:
+          - nix-darwin
+          - nix-ai
+          - nix-home
+          - nix-devenv
+          - ai-workflows
+          - ai-assistant-instructions
+          - ansible-proxmox
+          - ansible-proxmox-apps
+          - ansible-splunk
+          - terraform-proxmox
+          - terraform-aws-bedrock
+          - terraform-aws-static-website
+          - terraform-runs-on
+          - orbstack-kubernetes
+    steps:
+      - name: Generate GitHub App Token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.GH_ACTION_JACOBPEVANS_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: JacobPEvans
+          repositories: ${{ matrix.repo }}
+          permission-pull-requests: write
+
+      - name: Poke stuck trusted PRs
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          REPO: ${{ matrix.repo }}
+        run: |
+          gh pr list -R "JacobPEvans/${REPO}" --state open --limit 1000 \
+            --json number,author,autoMergeRequest,mergeStateStatus,isDraft \
+            --jq '
+              .[] | select(
+                .isDraft == false and
+                (.author.login | test("^(renovate\\[bot\\]|dependabot\\[bot\\]|jacobpevans-github-actions\\[bot\\])$")) and
+                (.autoMergeRequest != null) and
+                (.mergeStateStatus == "CLEAN")
+              ) | [.number, .autoMergeRequest.mergeMethod] | @tsv
+            ' | while IFS=$'\t' read -r pr merge_method; do
+              echo "Poking JacobPEvans/${REPO}#${pr}"
+              case "${merge_method}" in
+                MERGE)  merge_flag="--merge"  ;;
+                REBASE) merge_flag="--rebase" ;;
+                SQUASH) merge_flag="--squash" ;;
+                *)
+                  echo "::warning::Unknown merge method '${merge_method}' for JacobPEvans/${REPO}#${pr}; defaulting to --squash"
+                  merge_flag="--squash"
+                  ;;
+              esac
+              gh pr merge "${pr}" -R "JacobPEvans/${REPO}" --disable-auto 2>/dev/null \
+                || echo "::warning::Failed to disable auto-merge for JacobPEvans/${REPO}#${pr}"
+              sleep 2
+              gh pr merge "${pr}" -R "JacobPEvans/${REPO}" --auto "${merge_flag}" \
+                || echo "::warning::Failed to re-enable auto-merge for JacobPEvans/${REPO}#${pr}"
+            done