From 871c045ea2795f82459f375467f5215b222244ca Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Wed, 18 Feb 2026 20:49:49 +0000
Subject: [PATCH] chore: Add GitHub hardening files (CODEOWNERS, SECURITY.md,
 dependabot)

Part of Phase 4 - GitHub structure hardening for Orcest AI ecosystem.

Co-Authored-By: Danial Piterson <danial.samiei@gmail.com>
---
 .github/CODEOWNERS     |  3 +++
 .github/dependabot.yml | 12 ++++++++++++
 SECURITY.md            | 27 +++++++++++++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/dependabot.yml
 create mode 100644 SECURITY.md

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..3010d42a
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# Default code owners for all files
+* @danialsamiei
+
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..99b0c21c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..608839cf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest  | Yes       |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT** open a public GitHub issue
+2. Use [GitHub Security Advisories](https://github.com/orcest-ai/Orcide/security/advisories/new) to report privately
+3. Or email: support@orcest.ai
+
+We will acknowledge receipt within 48 hours and provide a timeline for resolution.
+
+## Security Best Practices
+
+- All secrets must be stored in environment variables, never in code
+- All services require SSO authentication via login.orcest.ai
+- API keys must be rotated regularly
+- All traffic must use HTTPS/TLS
+
+Part of the [Orcest AI](https://orcest.ai) ecosystem.
+