diff --git a/.github/workflows/mirror-reusable.yml b/.github/workflows/mirror-reusable.yml
index ce5f831e..da2b8777 100644
--- a/.github/workflows/mirror-reusable.yml
+++ b/.github/workflows/mirror-reusable.yml
@@ -60,6 +60,7 @@ jobs:
         with:
           ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }}
       - name: Mirror to GitLab
+        if: ${{ secrets.GITLAB_SSH_KEY != '' }}
         # continue-on-error: GitLab branch protection on the mirror repo may block
         # force-push even for a deploy key. Owner action required: in GitLab go to
         # Settings → Repository → Protected branches → main and either allow force-push
diff --git a/.github/workflows/registry-verify.yml b/.github/workflows/registry-verify.yml
index cd693c04..0fd7c7b1 100644
--- a/.github/workflows/registry-verify.yml
+++ b/.github/workflows/registry-verify.yml
@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# SPDX-License-Identifier: MPL-2.0
 # registry-verify — fail the build if the spec registry or the DERIVED
 # topology map has drifted from the file tree. This is the in-repo half of
 # the drift-detection loop (the estate half is Hypatia rule HYP-S006).