Parfii-bot a3f8e1f847 chore(prod-prep): root docs (CHANGELOG/CONTRIBUTING/SECURITY) + cargo update

Root-level docs added per production-readiness audit:
- CHANGELOG.md — unreleased + pointer to git tags
- CONTRIBUTING.md — setup + PR checklist + Constructor Pattern
- SECURITY.md — reporting channel + threat model + known RUSTSEC list

cargo update applied: 19 patch/minor bumps (base64urlsafedata, blake3, cc,
crc-catalog, digest, filetime, h2, hashbrown, hybrid-array, idna_adapter,
js-sys, kqueue-sys, libc, nix, openssl, openssl-sys, pin-project,
pin-project-internal, redox_syscall).

9 RUSTSEC advisories from transitive deps remain (rsa 0.9 Marvin,
rustls-webpki x5, sqlx 0.8 Binary Protocol, async-std discontinued,
lru unsound IterMut, fxhash/instant unmaintained) — require major-version
bumps in direct deps, tracked in SECURITY.md "Known advisories" section.

2026-05-12 20:41:13 +08:00

945 B

Raw Blame History

Contributing

This is a working monorepo (Rust + TypeScript + bash hooks + agent manifests). PRs accepted via Forgejo or GitHub.

Setup

git clone <repo>
cd KeiSeiKit-public
cargo check --workspace
cd _ts_packages && pnpm install

Before opening a PR

cargo check --workspace clean
cargo test --workspace --no-fail-fast all green
cargo audit no critical CVEs
Constructor Pattern: ≤200 LOC per file, ≤30 LOC per function
Conventional commit prefix: feat: / fix: / chore: / refactor: / docs: / test:

Code style

Rust: rustfmt default, clippy -W clippy::all
TypeScript: project-local tsconfig.json, no broad any
Bash: bash -n syntax check, prefer POSIX sh when possible

Security

Never commit secrets. All tokens live in ~/.claude/secrets/.env or <repo>/secrets/*.env — referenced by env var name only. See docs/SECURITY.md for the secret-pattern detector spec.