diff --git a/README.md b/README.md
index ca78a42..218b597 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,9 @@
 # PULSE - Pipelined Unified Logic & Server Engine
 
+[![Lint](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/lint.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=lint.yml)
+[![Test](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/test.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=test.yml)
+[![Security](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/security.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=security.yml)
+
 A distributed workflow orchestration platform for managing and executing complex multi-step operations across server clusters through a retro terminal-themed web interface.
 
 > **Security Notice:** This repository is hosted on Gitea and is version-controlled. **Never commit secrets, credentials, passwords, API keys, or any sensitive information to this repo.** All sensitive configuration belongs exclusively in `.env` files which are listed in `.gitignore` and must never be committed. This includes database passwords, worker API keys, webhook secrets, and internal IP details.
@@ -410,6 +414,22 @@ MIT License - See LICENSE file for details
 
 ---
 
+## CI / CD
+
+| Workflow | Purpose | Triggers |
+|---|---|---|
+| `lint.yml` | ESLint on all `.js` files | Every push and PR |
+| `test.yml` | Jest unit tests (`lib/utils.js`) | Every push and PR |
+| `security.yml` | `npm audit --audit-level=high` | Every push, PR, and weekly Monday 6am |
+| `deploy` job in `lint.yml` | Calls the `pulse-deploy` webhook on CT122 (10.10.10.65) to pull + restart | Push to `main` only, after lint passes |
+
+Branch protection is enabled on `main` — the `lint.yml` check must pass before any PR can merge.
+
+Tests live in `tests/utils.test.js` and cover the pure utility functions in `lib/utils.js`:
+`validateWebhookUrl`, `applyParams`, `evalCondition`, `calculateNextRun`.
+
+---
+
 **PULSE** - Orchestrating your infrastructure, one heartbeat at a time. ⚡
 
 Built with retro terminal aesthetics 🖥️ | Powered by WebSockets 🔌 | Secured by Authelia 🔐