lippytm · Copilot · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/.github/changelog-config.json b/.github/changelog-config.json
@@ -0,0 +1,63 @@
+{
+  "categories": [
+    {
+      "title": "## 🚀 Features",
+      "labels": ["feat", "feature", "enhancement"]
+    },
+    {
+      "title": "## 🐛 Bug Fixes",
+      "labels": ["fix", "bug", "bugfix"]
+    },
+    {
+      "title": "## 📚 Documentation",
+      "labels": ["docs", "documentation"]
+    },
+    {
+      "title": "## ⚡ Performance",
+      "labels": ["perf", "performance"]
+    },
+    {
+      "title": "## 🔒 Security",
+      "labels": ["security"]
+    },
+    {
+      "title": "## 📦 Dependencies",
+      "labels": ["dependencies"]
+    },
+    {
+      "title": "## 🔧 Maintenance",
+      "labels": ["chore", "refactor", "style"]
+    },
+    {
+      "title": "## 🧪 Tests",
+      "labels": ["test"]
+    },
+    {
+      "title": "## 🔄 CI/CD",
+      "labels": ["ci", "build", "workflows"]
+    }
+  ],
+  "ignore_labels": [
+    "stale",
+    "wontfix",
+    "duplicate"
+  ],
+  "sort": "ASC",
+  "template": "#{{CHANGELOG}}\n\n**Full Changelog**: #{{RELEASE_DIFF}}",
+  "pr_template": "- #{{TITLE}} by @#{{AUTHOR}} in ##{{NUMBER}}",
+  "empty_template": "- No changes",
+  "label_extractor": [
+    {
+      "pattern": "^(feat|feature)(\\(.+\\))?:",
+      "target": "feat"
+    },
+    {
+      "pattern": "^(fix|bugfix)(\\(.+\\))?:",
+      "target": "fix"
+    },
+    {
+      "pattern": "^docs(\\(.+\\))?:",
+      "target": "docs"
+    }
+  ]
+}
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,27 @@
+backend:
+  - changed-files:
+    - any-glob-to-any-file: 'backend/**'
+
+frontend:
+  - changed-files:
+    - any-glob-to-any-file: 'frontend/**'
+
+contracts:
+  - changed-files:
+    - any-glob-to-any-file: 'contracts/**'
+
+documentation:
+  - changed-files:
+    - any-glob-to-any-file: ['*.md', 'docs/**']
+
+dependencies:
+  - changed-files:
+    - any-glob-to-any-file: ['**/package.json', '**/package-lock.json', '**/requirements*.txt']
+
+workflows:
+  - changed-files:
+    - any-glob-to-any-file: '.github/workflows/**'
+
+security:
+  - changed-files:
+    - any-glob-to-any-file: ['.github/workflows/security-scan.yml', 'renovate.json']
diff --git a/.github/lighthouse-config.json b/.github/lighthouse-config.json
@@ -0,0 +1,17 @@
+{
+  "ci": {
+    "collect": {
+      "settings": {
+        "preset": "desktop"
+      }
+    },
+    "assert": {
+      "assertions": {
+        "categories:performance": ["warn", {"minScore": 0.8}],
+        "categories:accessibility": ["warn", {"minScore": 0.9}],
+        "categories:best-practices": ["warn", {"minScore": 0.8}],
+        "categories:seo": ["warn", {"minScore": 0.8}]
+      }
+    }
+  }
+}
diff --git a/.github/workflows/auto-label.yml b/.github/workflows/auto-label.yml
@@ -0,0 +1,27 @@
+name: Auto Label PRs
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    name: Auto Label
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Label PRs
+        uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/labeler.yml
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -0,0 +1,52 @@
+name: Auto-merge Renovate PRs
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, labeled]
+  pull_request_review:
+    types: [submitted]
+  check_suite:
+    types: [completed]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    name: Auto-merge Renovate PRs
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'renovate[bot]'
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Check if PR is from Renovate
+        id: renovate-check
+        run: |
+          if [[ "${{ github.event.pull_request.user.login }}" == "renovate[bot]" ]]; then
+            echo "is_renovate=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_renovate=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Wait for CI checks
+        if: steps.renovate-check.outputs.is_renovate == 'true'
+        uses: lewagon/wait-on-check-action@v1.3.4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 10
+          running-workflow-name: 'Auto-merge Renovate PRs'
+
+      - name: Enable auto-merge for minor and patch updates
+        if: |
+          steps.renovate-check.outputs.is_renovate == 'true' &&
+          (contains(github.event.pull_request.labels.*.name, 'dependencies') ||
+           contains(github.event.pull_request.title, 'Update dependency'))
+        run: |
+          gh pr merge --auto --squash "${{ github.event.pull_request.number }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -10,9 +10,45 @@ permissions:
   contents: read
 
 jobs:
+  # Detect which components have changes
+  changes:
+    name: Detect Changes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    outputs:
+      backend: ${{ steps.filter.outputs.backend }}
+      frontend: ${{ steps.filter.outputs.frontend }}
+      contracts: ${{ steps.filter.outputs.contracts }}
+      workflows: ${{ steps.filter.outputs.workflows }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check for changes
+        uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            backend:
+              - 'backend/**'
+              - 'backend/requirements*.txt'
+            frontend:
+              - 'frontend/**'
+              - 'frontend/package*.json'
+            contracts:
+              - 'contracts/**'
+              - 'contracts/package*.json'
+            workflows:
+              - '.github/workflows/**'
+              - '.pre-commit-config.yaml'
+
   pre-commit:
     name: Pre-commit Hooks Validation
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' || needs.changes.outputs.workflows == 'true'
     permissions:
       contents: read
 
@@ -24,12 +60,21 @@ jobs:
         uses: actions/setup-python@v5
         with:
           python-version: '3.11'
+          cache: 'pip'
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: '20'
 
+      - name: Cache pre-commit hooks
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            pre-commit-
+
       - name: Install pre-commit
         run: pip install pre-commit
 
@@ -39,6 +84,8 @@ jobs:
   python-backend:
     name: Python Backend (Ruff + Pytest)
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.backend == 'true' || needs.changes.outputs.workflows == 'true'
     permissions:
       contents: read
 
@@ -53,6 +100,14 @@ jobs:
           cache: 'pip'
           cache-dependency-path: backend/requirements.txt
 
+      - name: Cache pip packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: pip-${{ runner.os }}-${{ hashFiles('backend/requirements*.txt') }}
+          restore-keys: |
+            pip-${{ runner.os }}-
+
       - name: Install backend dependencies
         working-directory: ./backend
         run: |
@@ -86,11 +141,21 @@ jobs:
           ETH_RPC_URL: https://eth.llamarpc.com
           NETWORK: mainnet
         run: |
-          pytest
+          pytest --verbose --tb=short
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: pytest-results
+          path: backend/pytest.xml
+          retention-days: 30
 
   node-frontend:
     name: Node Frontend (ESLint + Tests)
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.frontend == 'true' || needs.changes.outputs.workflows == 'true'
     permissions:
       contents: read
 
@@ -129,10 +194,19 @@ jobs:
       - name: Build frontend
         working-directory: ./frontend
         run: npm run build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-build
+          path: frontend/.next
+          retention-days: 7
 
   contracts:
     name: Smart Contracts (Hardhat)
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.contracts == 'true' || needs.changes.outputs.workflows == 'true'
     permissions:
       contents: read
 
@@ -158,3 +232,10 @@ jobs:
       - name: Run contract tests
         working-directory: ./contracts
         run: npm test
+
+      - name: Upload contract artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: contract-artifacts
+          path: contracts/artifacts
+          retention-days: 7