diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1f6efa..124d58f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -176,6 +176,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Update `tests/test_image.py` `EXPECTED_VERSIONS["uv"]` to match uv 0.11.x from the latest release install path in the image build
 - **Container image tests expect current just minor line** ([#423](https://github.com/vig-os/devcontainer/issues/423))
   - Update `tests/test_image.py` `EXPECTED_VERSIONS["just"]` to match just 1.48.x from the latest release install path in the image build
+- **Smoke-test dispatch approves release PR before downstream release** ([#430](https://github.com/vig-os/devcontainer/issues/430))
+  - Grant `pull-requests: write` on `ready-release-pr` and approve with `github.token` (`github-actions[bot]`)
+  - Satisfy `release-core.yml` approval gate without the release app self-approving its own PR
 
 ### Security
 
diff --git a/assets/smoke-test/.github/workflows/repository-dispatch.yml b/assets/smoke-test/.github/workflows/repository-dispatch.yml
index c186def..b9daecd 100644
--- a/assets/smoke-test/.github/workflows/repository-dispatch.yml
+++ b/assets/smoke-test/.github/workflows/repository-dispatch.yml
@@ -487,6 +487,9 @@ jobs:
     name: Prepare release PR
     runs-on: ubuntu-22.04
     timeout-minutes: 35
+    permissions:
+      contents: read
+      pull-requests: write
     env:
       GH_REPO: ${{ github.repository }}
     needs: [validate, trigger-prepare-release]
@@ -545,6 +548,18 @@ jobs:
           gh pr edit "${PR_NUMBER}" --remove-label "release-kind:final" >/dev/null 2>&1 || true
           gh pr edit "${PR_NUMBER}" --add-label "${LABEL}"
 
+      - name: Approve release PR for automated dispatch
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ steps.locate_release_pr.outputs.release_pr }}
+        run: |
+          set -euo pipefail
+          gh pr review "${PR_NUMBER}" --approve \
+            --body "Automated approval by smoke-test dispatch orchestration." || {
+            echo "::error::Auto-approve failed. If you see a permissions error, enable repository (or organization) setting 'Allow GitHub Actions to create and approve pull requests'. See this PR description for context."
+            exit 1
+          }
+
   trigger-release:
     name: Trigger and wait for release workflow
     runs-on: ubuntu-22.04
diff --git a/assets/workspace/.devcontainer/CHANGELOG.md b/assets/workspace/.devcontainer/CHANGELOG.md
index e1f6efa..124d58f 100644
--- a/assets/workspace/.devcontainer/CHANGELOG.md
+++ b/assets/workspace/.devcontainer/CHANGELOG.md
@@ -176,6 +176,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Update `tests/test_image.py` `EXPECTED_VERSIONS["uv"]` to match uv 0.11.x from the latest release install path in the image build
 - **Container image tests expect current just minor line** ([#423](https://github.com/vig-os/devcontainer/issues/423))
   - Update `tests/test_image.py` `EXPECTED_VERSIONS["just"]` to match just 1.48.x from the latest release install path in the image build
+- **Smoke-test dispatch approves release PR before downstream release** ([#430](https://github.com/vig-os/devcontainer/issues/430))
+  - Grant `pull-requests: write` on `ready-release-pr` and approve with `github.token` (`github-actions[bot]`)
+  - Satisfy `release-core.yml` approval gate without the release app self-approving its own PR
 
 ### Security