diff --git a/.github/workflows/electron-build.yml b/.github/workflows/electron-build.yml
index 70fe237a..34a4bbf4 100644
--- a/.github/workflows/electron-build.yml
+++ b/.github/workflows/electron-build.yml
@@ -335,6 +335,9 @@ jobs:
       - name: Build macOS DMG
         env:
           ELECTRON_BUILDER_ALLOW_UNRESOLVED_DEPENDENCIES: true
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
         run: |
           # Build DMG without running npm run build again (already built above or skip if no certs)
           if [ "${{ steps.check_certs.outputs.has_certs }}" == "true" ]; then
diff --git a/build/notarize.cjs b/build/notarize.cjs
index 4c072696..9dad9c4b 100644
--- a/build/notarize.cjs
+++ b/build/notarize.cjs
@@ -3,8 +3,9 @@ const { notarize } = require('@electron/notarize');
 exports.default = async function notarizing(context) {
   const { electronPlatformName, appOutDir } = context;
 
-  // Only notarize macOS builds
+  // Only notarize macOS DMG builds (not MAS builds - those go through App Store Connect)
   if (electronPlatformName !== 'darwin') {
+    console.log(`Skipping notarization: platform is ${electronPlatformName}, not darwin`);
     return;
   }
 
@@ -15,12 +16,18 @@ exports.default = async function notarizing(context) {
 
   if (!appleId || !appleIdPassword || !teamId) {
     console.log('Skipping notarization: Apple ID credentials not provided');
+    console.log(`  APPLE_ID: ${appleId ? 'SET' : 'NOT SET'}`);
+    console.log(`  APPLE_ID_PASSWORD: ${appleIdPassword ? 'SET' : 'NOT SET'}`);
+    console.log(`  APPLE_TEAM_ID: ${teamId ? 'SET' : 'NOT SET'}`);
     return;
   }
 
   const appName = context.packager.appInfo.productFilename;
 
-  console.log(`Notarizing ${appName}...`);
+  console.log(`Starting notarization for ${appName}...`);
+  console.log(`  App Bundle ID: com.karmaa.termix`);
+  console.log(`  App Path: ${appOutDir}/${appName}.app`);
+  console.log(`  Team ID: ${teamId}`);
 
   try {
     await notarize({
@@ -31,9 +38,10 @@ exports.default = async function notarizing(context) {
       teamId: teamId,
     });
 
-    console.log(`Successfully notarized ${appName}`);
+    console.log(`✅ Successfully notarized ${appName}`);
   } catch (error) {
-    console.error('Notarization failed:', error);
+    console.error('❌ Notarization failed:', error);
+    console.error('Build will continue, but app may show Gatekeeper warnings');
     // Don't fail the build if notarization fails
   }
 };