diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
new file mode 100644
index 0000000..d35cc2d
--- /dev/null
+++ b/.github/workflows/release-please.yml
@@ -0,0 +1,39 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: release-please-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Create Release Please app token
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.RP_APP_ID }}
+          private-key: ${{ secrets.RP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          permission-contents: write
+          permission-issues: write
+          permission-pull-requests: write
+
+      - name: Run Release Please
+        id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          target-branch: main
+          config-file: release-please-config.json
+          manifest-file: .release-please-manifest.json
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
new file mode 100644
index 0000000..e60bf2a
--- /dev/null
+++ b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.2.9"
+}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b6e70d4..b11e9e3 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -54,6 +54,25 @@ pnpm run release:check
 
 This verifies the source test suite, the compiled CLI entrypoint at `dist/cli/index.js`, and the package contents that would be published.
 
+## Release Automation
+
+DepGraph uses Release Please on pushes to `main`. Release Please maintains the release PR, and merging that PR creates the version bump commit, `v*` tag, and GitHub Release. The npm publish workflow remains separate and runs from the resulting GitHub Release event.
+
+Repository settings required for the Release Please app:
+
+- Variable: `RELEASE_PLEASE_APP_ID`
+- Secret: `RELEASE_PLEASE_APP_PRIVATE_KEY`
+
+If you previously used `RP_APP_ID` / `RP_APP_PRIVATE_KEY`, rename them in **Settings → Secrets and variables → Actions** to the names above so the workflow can resolve them.
+
+GitHub App permissions should be limited to:
+
+- `Contents`: read and write
+- `Pull requests`: read and write
+- `Issues`: read and write
+
+If the repository uses protected tag or ref rulesets, allow the app identity to create `v*` tags and update the `release-please--branches--main` release branch.
+
 ## Commit Quality
 
 Prefer small, reviewable changes. If a change affects scoring, output contracts, or exit codes, call that out explicitly in the pull request description.
diff --git a/release-please-config.json b/release-please-config.json
new file mode 100644
index 0000000..b726e13
--- /dev/null
+++ b/release-please-config.json
@@ -0,0 +1,9 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "release-type": "node",
+      "include-v-in-tag": true
+    }
+  }
+}