netbirdio · obtFusi · Jan 18, 2026 · Jan 18, 2026 · Jan 20, 2026 · Jan 20, 2026
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+echo "Running pre-commit hook..."
+
+# Check for unformatted Go files (only staged files)
+STAGED_GO_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep '\.go$')
+
+if [ -n "$STAGED_GO_FILES" ]; then
+    UNFORMATTED=$(echo "$STAGED_GO_FILES" | xargs gofmt -l 2>/dev/null)
+    if [ -n "$UNFORMATTED" ]; then
+        echo "ERROR: Unformatted Go files:"
+        echo "$UNFORMATTED"
+        echo ""
+        echo "Run 'gofmt -w <file>' to fix, then 'git add' again"
+        echo "Or run 'gofmt -w .' to fix all"
+        exit 1
+    fi
+fi
+
+# Check for secrets in staged files
+SECRETS_PATTERN='(PRIVATE KEY|password.*=|api[_-]?key|secret[_-]?key|-----BEGIN)'
+if git diff --cached --name-only | xargs grep -l -E "$SECRETS_PATTERN" 2>/dev/null; then
+    echo ""
+    echo "WARNING: Potential secrets detected in staged files!"
+    echo "Please review before committing."
+    echo ""
+    echo "To bypass this check (only if you're sure): git commit --no-verify"
+    exit 1
+fi
+
+echo "Pre-commit checks passed!"
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,29 @@
+---
+name: Bug Report
+about: Fehler oder Problem melden
+title: '[Bug] '
+labels: type:bug, priority:high
+assignees: ''
+---
+
+## Beschreibung
+Was ist passiert?
+
+## Schritte zum Reproduzieren
+1. ...
+2. ...
+3. ...
+
+## Erwartetes Verhalten
+Was sollte passieren?
+
+## Tatsächliches Verhalten
+Was passiert stattdessen?
+
+## Umgebung
+- OS: [z.B. Windows 11, Ubuntu 22.04]
+- NetBird Version: [z.B. 0.31.0]
+- Go Version: [z.B. 1.22]
+
+## Logs/Screenshots
+(Optional) Fehlermeldungen oder Screenshots
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: NetBird Documentation
+    url: https://docs.netbird.io
+    about: Official NetBird documentation
+  - name: NetBird Discussions
+    url: https://github.com/netbirdio/netbird/discussions
+    about: Ask questions and discuss NetBird
diff --git a/.github/ISSUE_TEMPLATE/epic.md b/.github/ISSUE_TEMPLATE/epic.md
@@ -0,0 +1,39 @@
+---
+name: Epic
+about: Großes Feature das mehrere Stories umfasst
+title: '[Epic] E-X: '
+labels: type:epic, priority:critical, phase:mvp
+assignees: ''
+---
+
+## Epic Beschreibung
+Was ist das übergeordnete Ziel dieses Epics?
+
+## Business Value
+Welchen Wert bringt dieses Epic für den User/das Projekt?
+
+## Scope
+Was ist Teil dieses Epics? Was ist NICHT Teil?
+
+**In Scope:**
+-
+
+**Out of Scope:**
+-
+
+## Stories
+<!-- Liste der zugehörigen Stories -->
+- [ ] S-1: ...
+- [ ] S-2: ...
+
+## Acceptance Criteria
+<!-- Wann gilt das Epic als abgeschlossen? -->
+- [ ] ...
+
+## Dependencies
+<!-- Abhängigkeiten zu anderen Epics/externen Systemen -->
+-
+
+## Risks
+<!-- Bekannte Risiken -->
+-
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,8 +1,8 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
-title: ''
-labels: ['feature-request']
+title: '[Feature] '
+labels: type:feature
 assignees: ''
 
 ---

diff --git a/.github/ISSUE_TEMPLATE/story.md b/.github/ISSUE_TEMPLATE/story.md
@@ -0,0 +1,32 @@
+---
+name: User Story
+about: Feature aus Nutzersicht beschreiben
+title: '[Story] S-X: '
+labels: type:story, priority:high, phase:mvp
+assignees: ''
+---
+
+## Parent Epic
+<!-- Link zum Epic -->
+Refs #
+
+## User Story
+Als [Rolle]
+möchte ich [Funktion]
+damit [Nutzen]
+
+## Acceptance Criteria
+<!-- Wann gilt die Story als abgeschlossen? -->
+- [ ] ...
+
+## Tasks
+<!-- Liste der zugehörigen Tasks -->
+- [ ] T-X.1: ...
+- [ ] T-X.2: ...
+
+## Technical Notes
+<!-- Technische Hinweise für die Implementierung -->
+-
+
+## Branch
+`feature/...`
diff --git a/.github/ISSUE_TEMPLATE/task.md b/.github/ISSUE_TEMPLATE/task.md
@@ -0,0 +1,31 @@
+---
+name: Technical Task
+about: Technische Aufgabe für die Implementierung
+title: '[Task] T-X.Y: '
+labels: type:task, phase:mvp
+assignees: ''
+---
+
+## Parent Story
+<!-- Link zur Story -->
+Refs #
+
+## Beschreibung
+Was muss technisch umgesetzt werden?
+
+## Dateien/Komponenten
+<!-- Welche Files werden geändert/erstellt? -->
+-
+
+## Implementation Notes
+<!-- Technische Details -->
+-
+
+## Definition of Done
+- [ ] Code implementiert
+- [ ] Tests geschrieben
+- [ ] Code reviewed
+- [ ] Dokumentation aktualisiert (falls nötig)
+
+## Estimated Complexity
+<!-- Simple | Medium | Complex -->
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,31 @@
+version: 2
+updates:
+  # Go dependencies
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "deps"
+    labels:
+      - "type:deps"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "ci"
+    labels:
+      - "type:ci"
+
+  # Docker dependencies
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "deps"
+    labels:
+      - "type:deps"
diff --git a/.github/workflows/auto-label.yml b/.github/workflows/auto-label.yml
@@ -0,0 +1,97 @@
+name: Auto Label
+
+on:
+  issues:
+    types: [opened]
+  pull_request:
+    types: [opened]
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  label-issues:
+    if: github.event_name == 'issues'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const title = context.payload.issue.title.toLowerCase();
+            const labels = ['status:backlog'];
+
+            // Epic/Story/Task detection (Machine Tunnel Plan)
+            if (title.includes('[epic]') || title.startsWith('e-')) {
+              labels.push('type:epic', 'priority:critical');
+            } else if (title.includes('[story]') || title.startsWith('s-')) {
+              labels.push('type:story', 'priority:high');
+            } else if (title.includes('[task]') || title.startsWith('t-')) {
+              labels.push('type:task');
+            }
+
+            // Type detection from title prefix
+            if (title.includes('[bug]') || title.startsWith('bug:') || title.startsWith('fix:')) {
+              labels.push('type:bug', 'priority:high');
+            } else if (title.includes('[feature]') || title.startsWith('feat:')) {
+              labels.push('type:feature');
+            } else if (title.includes('[docs]') || title.startsWith('docs:')) {
+              labels.push('type:docs');
+            } else if (title.includes('[refactor]') || title.startsWith('refactor:')) {
+              labels.push('type:refactor');
+            } else if (title.includes('[ci]') || title.startsWith('ci:')) {
+              labels.push('type:ci');
+            } else if (title.includes('[spike]') || title.startsWith('spike:')) {
+              labels.push('type:spike');
+            }
+
+            // Phase detection
+            if (title.includes('[mvp]') || title.includes('phase:mvp')) {
+              labels.push('phase:mvp');
+            }
+
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: labels
+            });
+
+  label-prs:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const title = context.payload.pull_request.title.toLowerCase();
+            const labels = [];
+
+            // Type detection from Conventional Commit prefix
+            if (title.startsWith('feat:') || title.startsWith('feat(')) {
+              labels.push('type:feature');
+            } else if (title.startsWith('fix:') || title.startsWith('fix(')) {
+              labels.push('type:bug');
+            } else if (title.startsWith('docs:') || title.startsWith('docs(')) {
+              labels.push('type:docs');
+            } else if (title.startsWith('refactor:') || title.startsWith('refactor(')) {
+              labels.push('type:refactor');
+            } else if (title.startsWith('ci:') || title.startsWith('ci(')) {
+              labels.push('type:ci');
+            } else if (title.startsWith('deps:') || title.startsWith('chore(deps)')) {
+              labels.push('type:deps');
+            }
+
+            // Dependabot PRs
+            if (context.payload.pull_request.user.login === 'dependabot[bot]') {
+              labels.push('type:deps');
+            }
+
+            if (labels.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: labels
+              });
+            }