diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..20ba2c8d
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,24 @@
+# Code Owners for FlowFi
+# This file controls who is automatically assigned for review
+# based on the files changed in a pull request.
+
+# Default owners for the entire repository
+* @LabsCrypt
+
+# Backend
+backend/ @LabsCrypt
+
+# Frontend  
+frontend/ @LabsCrypt
+
+# Smart contracts
+contracts/ @LabsCrypt
+
+# Documentation
+docs/ @LabsCrypt
+
+# GitHub workflows and CI/CD
+.github/ @LabsCrypt
+
+# Deployment scripts
+scripts/ @LabsCrypt
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 31fef30e..6f7b052e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -192,6 +192,27 @@ jobs:
           done
         shell: bash
 
+      - name: Check WASM size budget
+        run: |
+          set -euo pipefail
+
+          RELEASE_DIR="contracts/target/wasm32-unknown-unknown/release"
+          WASM_SIZE_LIMIT=200000  # 200KB budget for optimized WASM
+
+          for wasm in "$RELEASE_DIR"/*.optimized.wasm; do
+            if [ -f "$wasm" ]; then
+              size=$(stat -c%s "$wasm")
+              filename=$(basename "$wasm")
+              echo "Optimized WASM size: $filename = $size bytes"
+
+              if [ "$size" -gt "$WASM_SIZE_LIMIT" ]; then
+                echo "Error: $filename exceeds size budget of $WASM_SIZE_LIMIT bytes"
+                exit 1
+              fi
+            fi
+          done
+        shell: bash
+
       - name: Upload optimized WASM artifacts
         uses: actions/upload-artifact@v4
         with:
diff --git a/contracts/Cargo.toml b/contracts/Cargo.toml
index 286aff6d..154c0a72 100644
--- a/contracts/Cargo.toml
+++ b/contracts/Cargo.toml
@@ -17,6 +17,9 @@ panic = "abort"
 codegen-units = 1
 lto = true
 
+# WASM size budget: 200KB (200000 bytes) for optimized contract
+# Enforced in .github/workflows/ci.yml
+
 [profile.release-with-logs]
 inherits = "release"
 debug-assertions = true
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
index 67de0594..621020ea 100644
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -221,11 +221,11 @@ To run the full stack end-to-end, set the following secrets. See [`backend/.env.
 |---|---|
 | `DATABASE_URL` | PostgreSQL connection string (Prisma) |
 | `SOROBAN_RPC_URL` | Soroban RPC endpoint (e.g. Testnet: `https://soroban-testnet.stellar.org`) |
-| `STREAMING_CONTRACT_ADDRESS` | Deployed FlowFi stream contract ID |
+| `STREAM_CONTRACT_ID` | Deployed FlowFi stream contract ID |
 | `KEEPER_SECRET_KEY` | Server wallet secret key used to sign custodial top-up transactions |
 | `JWT_SECRET` | Secret used to sign and verify auth JWTs |
 | `REDIS_URL` | Redis connection string (only needed for multi-instance SSE fanout) |
-| `STELLAR_NETWORK` | `TESTNET` or `MAINNET` |
+| `STELLAR_NETWORK` | `testnet` or `mainnet` |
 
 ### Frontend
 
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
index d449554d..9ccc006e 100755
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -26,10 +26,10 @@ NC='\033[0m' # No Color
 
 # Default values
 NETWORK=""
-DEPLOYER_SECRET=""
-ADMIN_ADDRESS=""
-TREASURY_ADDRESS=""
-FEE_RATE_BPS=""
+DEPLOYER_SECRET="${DEPLOYER_SECRET:-}"
+ADMIN_ADDRESS="${ADMIN_ADDRESS:-}"
+TREASURY_ADDRESS="${TREASURY_ADDRESS:-}"
+FEE_RATE_BPS="${FEE_RATE_BPS:-}"
 
 # Parse command line arguments
 while [[ $# -gt 0 ]]; do