GrayCodeAI · Patel230 · Jun 8, 2026 · Jun 8, 2026
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Binaries
 /eyrie
+/basic
 bin/
 *.exe
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -84,7 +84,6 @@ Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) · Versioning:
 - `CODE_OF_CONDUCT.md` — Contributor Covenant 2.1.
 - `.gitattributes` — LF line-ending normalization, binary detection,
   GitHub linguist hints.
-- `.github/dependabot.yml` — weekly `gomod` + `github-actions` updates.
 - `.github/PULL_REQUEST_TEMPLATE.md` — Summary / Changes / Testing /
   Checklist.
 - `.github/ISSUE_TEMPLATE/bug_report.yml` — structured bug report.

diff --git a/README.md b/README.md
@@ -42,7 +42,7 @@ When your app calls a model, eyrie figures out which provider to use, how to tal
 go get github.com/GrayCodeAI/eyrie
 ```
 
-Requires Go 1.26+. Zero external dependencies.
+Requires Go 1.26+. Minimal dependencies (UUID, OpenTelemetry, SQLite, keyring).
 
 ```go
 import "github.com/GrayCodeAI/eyrie/client"

diff --git a/SECURITY.md b/SECURITY.md
@@ -44,8 +44,8 @@ We follow [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/C
 
 ## Security practices in this repo
 
-- **Dependency monitoring:** automated via Dependabot (see
-  `.github/dependabot.yml`).
+- **Dependency monitoring:** vulnerable dependencies are detected by
+  `govulncheck`, which runs on every CI build (see "Vulnerability scanning").
 - **Static analysis:** `golangci-lint` / `ruff` / `mypy` enforced in CI.
 - **Vulnerability scanning:** `govulncheck` (Go) / `pip-audit` (Python) run
   on every CI build.
-Original file line number
+Diff line change
@@ -1,5 +1,6 @@
     # Binaries
     /eyrie
+    /basic
     bin/
     *.exe
@@ Expand Down @@