diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b50ef95b39..9f4b0afa45 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,4 +1,8 @@
 name: CI
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 
 on:
   push:
@@ -18,7 +22,8 @@ jobs:
         go-version: ['1.21', '1.22']
     
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Refresh models catalog
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        name: Refresh models catalog
         run: |
           git fetch --depth 1 https://github.com/router-for-me/models.git main
           mkdir -p pkg/llmproxy/registry/models
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 64704c9d27..d928edcf7b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -19,7 +19,8 @@ jobs:
         language: [go]
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Initialize CodeQL
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        name: Initialize CodeQL
         uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4with:
           languages: ${{ matrix.language }}
           config-file: .github/codeql/codeql-config.yml
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index b05492eccf..b6d2103ecc 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -19,7 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Setup Node
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        name: Setup Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4with:
           node-version: "20"
           cache: "npm"
@@ -40,7 +41,7 @@ jobs:
 
       - name: Install dependencies
         working-directory: docs
-        run: npm install --frozen-lockfile
+        run: npm ci --frozen-lockfile
 
       - name: Build docs
         working-directory: docs
@@ -71,6 +72,7 @@ jobs:
       url: ${{ steps.deployment.outputs.page_url }}
     steps:
       - name: Configure Pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5- name: Deploy
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
+         name: Deploy
         id: deployment
         uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
\ No newline at end of file
diff --git a/.github/workflows/journey-gate.yml b/.github/workflows/journey-gate.yml
index c26f5838da..775619e27d 100644
--- a/.github/workflows/journey-gate.yml
+++ b/.github/workflows/journey-gate.yml
@@ -19,6 +19,10 @@
 # =============================================================================
 
 name: Journey Gate
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 
 on:
   push:
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000000..8f5031a1a1
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,18 @@
+name: lint
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+jobs:
+  golangci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
diff --git a/.github/workflows/policy-gate.yml b/.github/workflows/policy-gate.yml
index fe8fc69368..a01c246a25 100644
--- a/.github/workflows/policy-gate.yml
+++ b/.github/workflows/policy-gate.yml
@@ -1,4 +1,8 @@
 name: policy-gate
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on: [workflow_dispatch]
 permissions:
   contents: read
diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml
index 76484b963c..466b015b78 100644
--- a/.github/workflows/quality-gate.yml
+++ b/.github/workflows/quality-gate.yml
@@ -1,4 +1,8 @@
 name: quality-gate
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on: [workflow_dispatch]
 permissions:
   contents: read
diff --git a/.github/workflows/sast-quick.yml b/.github/workflows/sast-quick.yml
index 3e7df455c4..0cd67ea978 100644
--- a/.github/workflows/sast-quick.yml
+++ b/.github/workflows/sast-quick.yml
@@ -1,4 +1,8 @@
 name: SAST Quick Check
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 
 on:
   pull_request:
@@ -41,7 +45,8 @@ jobs:
     # Tier 3: Advisory - security enrichment only
     continue-on-error: true
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Analyze licenses
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        name: Analyze licenses
         uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4continue-on-error: true  # Allow findings but don't fail
       - name: Check for non-reusable licenses
         run: |
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index ccd2add8b9..2529e768b9 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -1,4 +1,8 @@
 name: OpenSSF Scorecard
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   branch_protection_rule:
   schedule:
diff --git a/.github/workflows/self-merge-gate.yml b/.github/workflows/self-merge-gate.yml
index 4bcc3e18f5..1e71de8f38 100644
--- a/.github/workflows/self-merge-gate.yml
+++ b/.github/workflows/self-merge-gate.yml
@@ -1,4 +1,8 @@
 name: self-merge-gate
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on: [workflow_dispatch]
 permissions:
   contents: read
diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
index 2b440b2f78..2ef5e12f9d 100644
--- a/.github/workflows/trufflehog.yml
+++ b/.github/workflows/trufflehog.yml
@@ -1,4 +1,8 @@
 name: Trufflehog Secrets Scan
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches: [main]
@@ -11,7 +15,10 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           fetch-depth: 0
-      - uses: trufflehog/actions/setup@main
+      - uses: actions/setup-go@0a12ed9e1a4ce4b1a02a5f2dd1e3a9c9e6c7f8b1
+        with:
+          go-version: 'stable'
+      - run: go install github.com/trufflehog/trufflehog/v3@latest
       - run: trufflehog github --only-verified --no-update
         env:
           GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}