CharlesPoulin · CharlesPoulin · Jan 14, 2026 · Jan 14, 2026 · Copilot · Jan 14, 2026
@@ -0,0 +1,25 @@
+# CODEOWNERS - Define code ownership for automatic review requests
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default owners for everything in the repo
+* @charlespoulin
+
+# Python source code
+/src/ @charlespoulin
+
+# Tests require review
+/tests/ @your-username
+
+# CI/CD workflows - critical changes
+/.github/workflows/ @your-username
+
+# Security policy changes
+SECURITY.md @your-username
+
+# Dependency changes
+pyproject.toml @your-username
+uv.lock @your-username
+
+# Documentation
+/docs/ @your-username
+README.md @your-username
-/tests/ @your-username
-
-# CI/CD workflows - critical changes
-/.github/workflows/ @your-username
-
-# Security policy changes
-SECURITY.md @your-username
-
-# Dependency changes
-pyproject.toml @your-username
-uv.lock @your-username
-
-# Documentation
-/docs/ @your-username
-README.md @your-username
+/tests/ @charlespoulin
+
+# CI/CD workflows - critical changes
+/.github/workflows/ @charlespoulin
+
+# Security policy changes
+SECURITY.md @charlespoulin
+
+# Dependency changes
+pyproject.toml @charlespoulin
+uv.lock @charlespoulin
+
+# Documentation
+/docs/ @charlespoulin
+README.md @charlespoulin
-/tests/ @your-username
-
-# CI/CD workflows - critical changes
-/.github/workflows/ @your-username
-
-# Security policy changes
-SECURITY.md @your-username
-
-# Dependency changes
-pyproject.toml @your-username
-uv.lock @your-username
-
-# Documentation
-/docs/ @your-username
-README.md @your-username
+/tests/ @charlespoulin
+
+# CI/CD workflows - critical changes
+/.github/workflows/ @charlespoulin
+
+# Security policy changes
+SECURITY.md @charlespoulin
+
+# Dependency changes
+pyproject.toml @charlespoulin
+uv.lock @charlespoulin
+
+# Documentation
+/docs/ @charlespoulin
+README.md @charlespoulin
@@ -1,13 +1,16 @@
 ## Description
+
 Please include a summary of the change and which issue is fixed.
 
 ## Type of change
+
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
 - [ ] Documentation update
 
-## Checklist:
+## Checklist
+
 - [ ] My code follows the style guidelines of this project
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas

@@ -1,14 +1,54 @@
 version: 2
 updates:
+  # Python dependencies
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+      time: "09:00"
+      timezone: "America/New_York"
+    labels:
+      - "dependencies"
+      - "python"
+    commit-message:
+      prefix: "chore(deps)"
     groups:
-       dependencies:
-          patterns:
-            - "*"
+      # Group dev dependencies together (can auto-merge)
+      dev-dependencies:
+        patterns:
+          - "pytest*"
+          - "ruff"
+          - "mypy"
+          - "pre-commit"
+          - "bandit"
+          - "commitizen"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group production dependencies separately
+      production:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "pytest*"
+          - "ruff"
+          - "mypy"
+          - "pre-commit"
+          - "bandit"
+          - "commitizen"
+
+  # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+      time: "09:00"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "chore(deps)"
+    groups:
+      actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,45 @@
+name: Dependabot Auto-Merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot-auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Auto-approve patch updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve minor updates for dev dependencies
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
+          steps.metadata.outputs.dependency-type == 'direct:development'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-merge patch and minor updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          (steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
+           steps.metadata.outputs.dependency-type == 'direct:development')
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}