diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f3b0c9a
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,34 @@
+# Stage 1: Build
+FROM python:3.12-slim-bookworm AS build
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+# Stage 2: Runtime
+FROM python:3.12-slim-bookworm AS runtime
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY models ./models
+COPY routes ./routes
+COPY schemas ./schemas
+COPY services ./services
+COPY data ./data
+COPY main.py .
+
+# Add non-root 'fastapi' user (optional for hardening)
+RUN adduser --disabled-password --gecos '' fastapi \
+    && chown -R fastapi:fastapi /app
+USER fastapi
+
+EXPOSE 9000
+ENV PYTHONUNBUFFERED=1
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "9000"]
diff --git a/commitlint.config.mjs b/commitlint.config.mjs
new file mode 100644
index 0000000..9617c32
--- /dev/null
+++ b/commitlint.config.mjs
@@ -0,0 +1,16 @@
+// .commitlint.config.mjs
+import conventional from '@commitlint/config-conventional';
+
+export default {
+    ...conventional,
+    rules: {
+        'header-max-length': [2, 'always', 80],
+        'body-max-line-length': [2, 'always', 80],
+    },
+    ignores: [
+        // skip any commit whose body contains the Dependabot signature
+        (message) => message.includes('Signed‑off‑by: dependabot[bot]'),
+        // skip any Dependabot‑style bump header
+        (message) => /^chore\(deps(-dev)?\): bump /.test(message),
+    ],
+};