diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml
index fae1dc0..7d62d4c 100644
--- a/.github/workflows/quality-gate.yml
+++ b/.github/workflows/quality-gate.yml
@@ -8,7 +8,14 @@ on:
   workflow_call:
 
 concurrency:
-  group: quality-${{ github.ref }}
+  # github.workflow is the CALLER's workflow name ("Quality Gate" on a direct
+  # push/PR, "Publish" when invoked via `uses:` from publish.yml). Keying the
+  # group on it keeps the publish-embedded gate out of the standalone gate's
+  # group, so the release push's gate isn't cancelled by the follow-up publish
+  # run (which renders as a red ✗ on main even though nothing failed).
+  # NOTE: this relies on each caller declaring an explicit `name:` — without one
+  # GitHub falls back to the file path and the group silently changes.
+  group: quality-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 283763e..ce0516b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,11 @@ See [docs/RELEASING.md](docs/RELEASING.md) for the release procedure.
 - Added the NASDE branding source assets and updated the README and
   documentation website to use the new brand. ([#73])
 
+### Fixed
+- Quality Gate no longer shows a spurious red ✗ on `main` after a release: the
+  concurrency group is now scoped per calling workflow so the publish-embedded
+  gate no longer cancels the standalone push-triggered one. ([#74])
+
 ## [0.5.0] — 2026-06-24
 
 ### Added
@@ -602,4 +607,5 @@ Initial release under the **nasde-toolkit** name (rebrand from
 [#70]: https://github.com/NoesisVision/nasde-toolkit/pull/70
 [#71]: https://github.com/NoesisVision/nasde-toolkit/pull/71
 [#73]: https://github.com/NoesisVision/nasde-toolkit/pull/73
+[#74]: https://github.com/NoesisVision/nasde-toolkit/pull/74
 [gh-litellm-2026-04]: https://github.com/BerriAI/litellm/security/advisories/GHSA-xqmj-j6mv-4862