lippytm · Copilot · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,87 @@
+---
+name: Bug Report / Feature Request
+about: Create a report to help us improve or suggest a new feature
+title: '[TYPE] Brief description'
+labels: ''
+assignees: ''
+---
+
+## Issue Type
+<!-- Mark the appropriate type with an 'x' -->
+- [ ] Bug Report
+- [ ] Feature Request
+- [ ] Documentation Update
+- [ ] Question
+
+---
+
+## For Bug Reports
+
+### Description
+A clear and concise description of what the bug is.
+
+### Steps to Reproduce
+1. Go to '...'
+2. Click on '...'
+3. Scroll down to '...'
+4. See error
+
+### Expected Behavior
+A clear and concise description of what you expected to happen.
+
+### Actual Behavior
+A clear and concise description of what actually happened.
+
+### Screenshots
+If applicable, add screenshots to help explain your problem.
+
+### Environment
+- **OS**: [e.g., macOS 13.0, Ubuntu 22.04, Windows 11]
+- **Browser** (if applicable): [e.g., Chrome 120, Firefox 121]
+- **Node.js version**: [e.g., 20.10.0]
+- **Python version**: [e.g., 3.11.5]
+- **Project component**: [Backend / Frontend / Contracts]
+
+### Additional Context
+Add any other context about the problem here.
+
+---
+
+## For Feature Requests
+
+### Problem Statement
+A clear and concise description of the problem you're trying to solve.
+Ex. I'm always frustrated when [...]
+
+### Proposed Solution
+A clear and concise description of what you want to happen.
+
+### Alternative Solutions
+A clear and concise description of any alternative solutions or features you've considered.
+
+### Benefits
+Describe the benefits of implementing this feature.
+- Who will benefit?
+- How will it improve the project?
+
+### Additional Context
+Add any other context, screenshots, or examples about the feature request here.
+
+---
+
+## Checklist
+<!-- Mark items with an 'x' as you complete them -->
+- [ ] I have searched existing issues to avoid duplicates
+- [ ] I have provided all relevant information
+- [ ] I have added appropriate labels (if I have permission)
+- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
+- [ ] I have read the [Contributing Guidelines](/CONTRIBUTING.md)
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
+- [ ] I have read the [Contributing Guidelines](/CONTRIBUTING.md)
+- [ ] For bugs: I can reproduce this issue consistently
+- [ ] For features: I have considered the implementation complexity
+
+---
+
+## Related Issues
+<!-- Link any related issues here -->
+- Related to #
+- Blocks #
+- Blocked by #
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,143 @@
+## Description
+<!-- Provide a clear and concise description of your changes -->
+
+### What does this PR do?
+<!-- Explain the purpose and scope of this PR -->
+
+### Why is this change needed?
+<!-- Explain the motivation and context for this change -->
+
+### How has this been tested?
+<!-- Describe the tests you ran and how to reproduce them -->
+
+---
+
+## Type of Change
+<!-- Mark the appropriate type(s) with an 'x' -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Code refactoring
+- [ ] Performance improvement
+- [ ] Test addition/update
+- [ ] CI/CD change
+- [ ] Dependency update
+
+---
+
+## Checklist
+<!-- Mark items with an 'x' as you complete them -->
+
+### Code Quality
+- [ ] My code follows the project's coding standards
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] My changes generate no new warnings or errors
+- [ ] I have removed any debugging code or console logs
+
+### Testing
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] I have run the linters and they pass (`npm run lint`, `ruff check`)
+- [ ] I have run the formatters (`npm run format`, `ruff format`)
+
+### Backend Specific (if applicable)
+- [ ] Backend tests pass (`pytest`)
+- [ ] Python code follows PEP 8 standards
+- [ ] Type hints are added for new functions
+- [ ] API changes are backward compatible (or breaking changes are documented)
+
+### Frontend Specific (if applicable)
+- [ ] Frontend tests pass (`npm test`)
+- [ ] TypeScript type checking passes (`npm run type-check`)
+- [ ] Build succeeds (`npm run build`)
+- [ ] UI changes are responsive and accessible
+- [ ] Screenshots are included for UI changes
+
+### Smart Contracts Specific (if applicable)
+- [ ] Contract tests pass (`npm test`)
+- [ ] Contracts compile without warnings (`npm run compile`)
+- [ ] Gas optimization has been considered
+- [ ] Security best practices have been followed
+- [ ] NatSpec documentation is complete
+
+### Documentation
+- [ ] I have updated the documentation accordingly
+- [ ] I have updated the README if needed
+- [ ] I have added/updated code comments where necessary
+- [ ] API documentation is updated (if applicable)
+
+### Security
+- [ ] I have considered security implications of my changes
+- [ ] I have not committed any secrets or credentials
+- [ ] Dependencies are up to date and have no known vulnerabilities
+- [ ] Input validation is implemented where needed
+- [ ] No SQL injection, XSS, or other common vulnerabilities introduced
+
+### Git & PR Hygiene
+- [ ] My branch is up to date with the base branch
+- [ ] I have resolved any merge conflicts
+- [ ] Commit messages follow the [Conventional Commits](https://www.conventionalcommits.org/) specification
+- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
+- [ ] I have read the [Contributing Guidelines](/CONTRIBUTING.md)
- [ ] I have read the [Contributing Guidelines](../CONTRIBUTING.md)
+- [ ] I have read the [Contributing Guidelines](/CONTRIBUTING.md)
+- [ ] I have linked related issues (if applicable)
+
+---
+
+## Related Issues
+<!-- Link related issues using keywords like 'Closes', 'Fixes', 'Resolves' -->
+Closes #
+Fixes #
+Related to #
+
+---
+
+## Screenshots (if applicable)
+<!-- Add screenshots to demonstrate UI changes -->
+
+### Before
+<!-- Screenshot or description of current behavior -->
+
+### After
+<!-- Screenshot or description of new behavior -->
+
+---
+
+## Breaking Changes
+<!-- If this PR introduces breaking changes, describe them here -->
+<!-- Include migration steps if necessary -->
+
+**Does this PR introduce breaking changes?** 
+- [ ] Yes
+- [ ] No
+
+<!-- If yes, describe the breaking changes and migration path -->
+
+---
+
+## Additional Notes
+<!-- Any additional information that reviewers should know -->
+
+### Performance Impact
+<!-- Describe any performance implications -->
+
+### Deployment Notes
+<!-- Any special deployment considerations -->
+
+### Future Work
+<!-- Any follow-up work that should be done -->
+
+---
+
+## Reviewer Notes
+<!-- Specific areas you'd like reviewers to focus on -->
+
+---
+
+## PR Author Checklist
+<!-- Final check before submitting -->
+- [ ] I have filled out all relevant sections of this template
+- [ ] I have marked all completed checklist items
+- [ ] I have assigned appropriate reviewers
+- [ ] I have added appropriate labels
+- [ ] CI checks are passing
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,78 @@
+name: "CodeQL Security Analysis"
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+  schedule:
+    # Run CodeQL analysis every Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      # Required for all workflows
+      security-events: write
+      # Required to fetch internal or private CodeQL packs
+      packages: read
+      # Required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # CodeQL supports: 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        language: [ 'javascript-typescript', 'python' ]
+        # Add 'solidity' analysis if using third-party Solidity analyzer
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    # If the Autobuild fails above, remove it and uncomment the following three lines.
+    # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - name: Build Python
+    #   if: matrix.language == 'python'
+    #   run: |
+    #     pip install -r backend/requirements.txt
+
+    # - name: Build JavaScript/TypeScript
+    #   if: matrix.language == 'javascript-typescript'
+    #   run: |
+    #     cd frontend && npm ci && npm run build
+    #     cd ../contracts && npm ci && npm run compile
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,34 @@
+name: Dependency Review
+
+on:
+  pull_request:
+    branches: [ main, develop ]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          # Fail the action if vulnerabilities are found
+          fail-on-severity: moderate
+          # Allow licenses (customize based on your requirements)
+          # deny-licenses: GPL-2.0, LGPL-2.0
+          # Comment on PR with dependency changes
+          comment-summary-in-pr: always
+          # Configuration options:
+          # fail-on-scopes: runtime, development
+          # vulnerability-check: true
+          # license-check: true