diff --git a/autodeploy/TODO.md b/autodeploy/TODO.md
index 55b67d6..e08ece6 100644
--- a/autodeploy/TODO.md
+++ b/autodeploy/TODO.md
@@ -52,12 +52,25 @@ Currently, this will trigger an additional autodeployer run which does nothing.
 
 Can we instead trigger the autodeployer only if `pixi.yml` changes?
 
+gitlab webhooks are not that fine grained. Filter on specific file would need to happen in Simon's webhook handler web server. Might be too complicated a change. Can we stay with the extra do-nothing run?
+
 - [ ] ## Commit from the Autodeployer
 
 In case of changes to the env, the lock file (`pixi.lock`) should be committed at the end of the setup script to have a history and reproducibility.
 
 We need to allow the autodeployer to make commits.
 
+**Options**:
+
+1. One Project Access Token per repo. Potentially more complicated since each repo needs its own token and we'd manage a long list of them in the docker container.
+2. Personal Access Token of a special account (like the DevOps account). The special account only needs to be added as developer to each repo. Potentially easier since it's a single token that needs to be added to the docker container. There's a mechanism we can use in form of `~/.netrc` (with `chmod 600 `):
+
+```
+machine git.psi.ch
+  login oauth2
+  password personal-access-token-for-special-account
+```
+
 - [x] ## Mounts
 
 ### Problem