diff --git a/automation/cloudflared-sync.sh b/automation/cloudflared-sync.sh
index ee35dd5..c25aab2 100644
--- a/automation/cloudflared-sync.sh
+++ b/automation/cloudflared-sync.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-# 📦 Install required tools (run via Woodpecker .woodpecker.yml)
+# 📦 Install required tools
 apk add --no-cache git bash curl yq jq
 
 echo "🔍 Scanning for apps with cname.yaml..."
@@ -44,7 +44,6 @@ find "$SANDBOX_CLONE/manifests" -name cname.yaml | while read -r cname_file; do
 
     echo "✅ Found $hostname → $service"
 
-    # Append new entry to generated ingress list
     yq eval ".ingress += [{\"hostname\": \"$hostname\", \"service\": \"$service\"}]" -i "$GENERATED_FILE"
   fi
 done
@@ -52,21 +51,17 @@ done
 echo "📄 Generated Ingress:"
 cat "$GENERATED_FILE"
 
-# === STEP 3: Merge with existing cloudflared values ===
+# === STEP 3: Merge into original ingress ===
 echo "🔁 Merging new entries into: $ORIGINAL_FILE"
 
 TEMP_FILE=$(mktemp)
-
-# Extract original ingress
 yq eval '.cloudflare.ingress' "$ORIGINAL_FILE" > "$TEMP_FILE"
 
-# Append new unique entries
 yq eval '.ingress' "$GENERATED_FILE" | yq eval -o=json '.' - | jq -c '.[]' | while read -r new_entry; do
   hostname=$(echo "$new_entry" | jq -r '.hostname')
   service=$(echo "$new_entry" | jq -r '.service')
 
   exists=$(yq e ".cloudflare.ingress[] | select(.hostname == \"$hostname\")" "$ORIGINAL_FILE")
-
   if [ -z "$exists" ]; then
     echo "➕ Adding $hostname → $service"
     yq eval ". += [{\"hostname\": \"$hostname\", \"service\": \"$service\"}]" -i "$TEMP_FILE"
@@ -75,26 +70,19 @@ yq eval '.ingress' "$GENERATED_FILE" | yq eval -o=json '.' - | jq -c '.[]' | whi
   fi
 done
 
-# === STEP 4: Load preserved values ===
-TUNNEL_NAME=$(yq e '.cloudflare.tunnelName' "$ORIGINAL_FILE")
-ENABLE_WARP=$(yq e '.cloudflare.enableWarp' "$ORIGINAL_FILE")
-SECRET_NAME=$(yq e '.cloudflare.secretName' "$ORIGINAL_FILE")
-CLOUDFLARED_BLOCK=$(yq e '.cloudflared' "$ORIGINAL_FILE")
-
-# === STEP 5: Write final merged values ===
+# === STEP 4: Write final merged values file (safe merge) ===
 echo "📝 Writing merged file to $MERGED_FILE"
-yq eval "
-.cloudflare.ingress = load(\"$TEMP_FILE\") |
-.cloudflare.tunnelName = \"$TUNNEL_NAME\" |
-.cloudflare.enableWarp = \"$ENABLE_WARP\" |
-.cloudflare.secretName = \"$SECRET_NAME\" |
-.cloudflared = $CLOUDFLARED_BLOCK
-" "$ORIGINAL_FILE" > "$MERGED_FILE"
+yq eval-all '
+  select(fileIndex == 0) as $orig |
+  select(fileIndex == 1) as $newIngress |
+  $orig * {
+    cloudflare: {
+      ingress: $newIngress
+    }
+  }
+' "$ORIGINAL_FILE" "$TEMP_FILE" > "$MERGED_FILE"
 
-echo "✅ Final merged values.yaml:"
-cat "$MERGED_FILE"
-
-# === STEP 6: Optional Git push ===
+# === STEP 5: Optional push to Git ===
 echo "📤 Pushing updated values.yaml to infra repo..."
 
 cd "$INFRA_CLONE"
@@ -109,4 +97,4 @@ if ! git diff --quiet manifests/cloudflared/values.yaml; then
   echo "✅ Changes pushed successfully."
 else
   echo "ℹ️  No changes to commit."
-fi
\ No newline at end of file
+fi