diff --git a/.gitea/renovate.yml b/.gitea/renovate.yml
new file mode 100644
index 0000000..5181ff6
--- /dev/null
+++ b/.gitea/renovate.yml
@@ -0,0 +1,128 @@
+# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# FILE INFORMATION
+# DEFGROUP: Gitea.Workflow
+# INGROUP: MokoStandards-API.Automation
+# REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
+# PATH: /.gitea/workflows/renovate.yml
+# BRIEF: Run Renovate Bot across all governed repos for dependency updates
+#
+# +========================================================================+
+# |                    RENOVATE DEPENDENCY UPDATES                         |
+# +========================================================================+
+# |                                                                        |
+# |  Runs Renovate CLI against all governed repos to create PRs for        |
+# |  outdated dependencies (composer, npm).                                |
+# |                                                                        |
+# |  - Scheduled: weekly Wednesday 04:00 UTC                               |
+# |  - Manual: dispatch with optional repo filter                          |
+# |  - Patch updates auto-merge, minor/major require review                |
+# |                                                                        |
+# +========================================================================+
+
+name: Renovate Dependency Updates
+
+on:
+  schedule:
+    - cron: '0 4 * * 3'  # Weekly Wednesday 04:00 UTC
+  workflow_dispatch:
+    inputs:
+      repos:
+        description: 'Comma-separated repo names (empty = all governed)'
+        required: false
+        type: string
+        default: ''
+      dry_run:
+        description: 'Preview mode (log only, no PRs)'
+        required: false
+        type: boolean
+        default: false
+
+env:
+  GITEA_URL: https://git.mokoconsulting.tech
+  GITEA_ORG: MokoConsulting
+  RENOVATE_VERSION: '39'
+
+permissions:
+  contents: read
+
+jobs:
+  renovate:
+    name: Run Renovate
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Determine target repos
+        id: repos
+        env:
+          GA_TOKEN: ${{ secrets.GA_TOKEN }}
+        run: |
+          API="${GITEA_URL}/api/v1"
+
+          EXCLUDE="gitea-org-config org-profile gitea-private .mokogitea-private MokoStandards MokoStandards-API MokoTesting"
+          EXCLUDE="$EXCLUDE MokoStandards-Template-Client MokoStandards-Template-Dolibarr MokoStandards-Template-Generic MokoStandards-Template-Joomla MokoDoliProjTemplate"
+
+          if [ -n "${{ inputs.repos }}" ]; then
+            REPOS=$(echo "${{ inputs.repos }}" | tr ',' ' ')
+          else
+            PAGE=1
+            REPOS=""
+            while true; do
+              BATCH=$(curl -sS \
+                -H "Authorization: token ${GA_TOKEN}" \
+                "${API}/orgs/${GITEA_ORG}/repos?page=${PAGE}&limit=50" \
+                | jq -r '.[].name // empty')
+              [ -z "$BATCH" ] && break
+              REPOS="$REPOS $BATCH"
+              PAGE=$((PAGE + 1))
+            done
+
+            FILTERED=""
+            for REPO in $REPOS; do
+              SKIP=false
+              for EX in $EXCLUDE; do
+                [ "$REPO" = "$EX" ] && SKIP=true && break
+              done
+              [ "$SKIP" = "false" ] && FILTERED="$FILTERED $REPO"
+            done
+            REPOS="$FILTERED"
+          fi
+
+          # Build comma-separated list for Renovate
+          REPO_LIST=""
+          for REPO in $REPOS; do
+            if [ -n "$REPO_LIST" ]; then
+              REPO_LIST="${REPO_LIST},${GITEA_ORG}/${REPO}"
+            else
+              REPO_LIST="${GITEA_ORG}/${REPO}"
+            fi
+          done
+
+          echo "repo_list=$REPO_LIST" >> "$GITHUB_OUTPUT"
+          COUNT=$(echo "$REPOS" | wc -w)
+          echo "📋 Target repos (${COUNT})"
+
+      - name: Run Renovate
+        if: steps.repos.outputs.repo_list != ''
+        env:
+          RENOVATE_TOKEN: ${{ secrets.GA_TOKEN }}
+          RENOVATE_PLATFORM: gitea
+          RENOVATE_ENDPOINT: ${{ env.GITEA_URL }}/api/v1
+          RENOVATE_GIT_AUTHOR: 'Renovate Bot <renovate@mokoconsulting.tech>'
+          RENOVATE_REPOSITORIES: ${{ steps.repos.outputs.repo_list }}
+          RENOVATE_DRY_RUN: ${{ inputs.dry_run == 'true' && 'full' || 'null' }}
+          LOG_LEVEL: info
+        run: |
+          npx --yes renovate@${RENOVATE_VERSION} \
+            --platform=gitea \
+            --endpoint="${GITEA_URL}/api/v1" \
+            --token="${RENOVATE_TOKEN}" \
+            --git-author="Renovate Bot <renovate@mokoconsulting.tech>" \
+            --autodiscover=false \
+            ${{ inputs.dry_run == 'true' && '--dry-run=full' || '' }} \
+            2>&1 | tee /tmp/renovate.log
+
+          echo "### Renovate Summary" >> $GITHUB_STEP_SUMMARY
+          grep -E "(INFO|WARN|ERROR)" /tmp/renovate.log | tail -30 >> $GITHUB_STEP_SUMMARY || true