feat: Phase 4+5 — World-class documentation + compliance audit #3

	# Dependabot Auto-Merge
	# Automatically merges minor and patch Dependabot PRs after CI passes.
	# Major version bumps still require human review.

	name: Dependabot Auto-Merge

	on:
	pull_request:

	permissions:
	contents: write
	pull-requests: write

	jobs:
	auto-merge:
	runs-on: ubuntu-latest
	timeout-minutes: 5
	if: github.actor == 'dependabot[bot]'

	steps:
	- name: Fetch Dependabot metadata
	id: metadata
	uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Auto-merge minor and patch updates
	if: steps.metadata.outputs.update-type != 'version-update:semver-major'
	run: gh pr merge --auto --squash "$PR_URL"
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback