diff --git a/README.md b/README.md
index 4aa9fdd..acb7a27 100644
--- a/README.md
+++ b/README.md
@@ -61,4 +61,14 @@ Self-hosted [Renovate](https://docs.renovatebot.com) that keeps dependencies ali
 
 Listed in `renovate.yml` under `RENOVATE_REPOSITORIES` (the six games + `plaza`). Add the shared packages (`app-ui`, `games-registry`, `api-core`, …) to that list to manage them too, or switch to `RENOVATE_AUTODISCOVER=true` with `RENOVATE_AUTODISCOVER_FILTER=played/*`.
 
-> The bot only keeps versions *current* together (it opens PRs). For hard parity — failing CI when any repo drifts — pair it with a [`syncpack`](https://github.com/JamieMason/syncpack) check.
+### Automerge
+
+Third-party non-major (minor/patch) updates and weekly lockfile maintenance automerge (`platformAutomerge` → Gitea's "auto-merge"); `@played/*` bumps and majors stay manual (a `@played` minor can be breaking pre-1.0, and merging redeploys the game).
+
+> ⚠️ There's currently no PR-level build check, so an automerged PR isn't validated before it lands on `main` (and triggers the deploy). If a bump breaks the build you'll find out at deploy time, not at merge. To make automerge safe, add a lightweight "build on PR" workflow and a required status check — then Renovate only merges green PRs.
+
+### Registry resolution
+
+`@played`/`@unom`/etc. scopes are mapped to the Gitea registry via a committed `bunfig.toml` in each repo (token-free). Without it, Renovate's lockfile `bun install` falls back to `registry.npmjs.org` and 404s. Auth comes from `RENOVATE_NPMRC` (the `NPMRC` secret), the gitignored local `.npmrc`, and the mounted build secret.
+
+> Keeping versions *current* together isn't *hard parity*. For "every repo on the exact same version, CI red on drift", pair this with a [`syncpack`](https://github.com/JamieMason/syncpack) check.
diff --git a/renovate-config.json b/renovate-config.json
index 579b762..d34b948 100644
--- a/renovate-config.json
+++ b/renovate-config.json
@@ -4,17 +4,20 @@
 	"timezone": "Europe/Berlin",
 	"rangeStrategy": "bump",
 	"labels": ["dependencies"],
+	"platformAutomerge": true,
 	"packageRules": [
 		{
-			"description": "Bump the internal @played/* packages together, promptly.",
+			"description": "Bump the internal @played/* packages together. Manual merge — 0.x bumps can be breaking and merging redeploys the game.",
 			"matchPackageNames": ["/^@played//"],
-			"groupName": "@played packages"
+			"groupName": "@played packages",
+			"automerge": false
 		},
 		{
-			"description": "Batch third-party non-major updates into one PR to cut noise.",
+			"description": "Batch third-party non-major updates into one PR and automerge.",
 			"matchUpdateTypes": ["minor", "patch"],
 			"matchPackageNames": ["!/^@played//"],
-			"groupName": "non-major dependencies"
+			"groupName": "non-major dependencies",
+			"automerge": true
 		},
 		{
 			"description": "Internal Gitea reusable workflow (pinned @main) — not a github.com action, don't manage it.",
@@ -25,6 +28,7 @@
 	],
 	"lockFileMaintenance": {
 		"enabled": true,
+		"automerge": true,
 		"schedule": ["before 9am on monday"]
 	}
 }