chore: apply repository hygiene standard

.github/dependabot.yaml

@@ -1,11 +1,6 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
-  - package-ecosystem: "" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "npm"
+    directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"

.github/workflows/main.yaml

@@ -1,36 +1,76 @@
-name: Build and Test
+name: CI
 
 on:
   push:
+    branches: [main]
   pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  CI: true
+
+permissions:
+  contents: read
 
 jobs:
-  test:
+  quality:
+    name: Quality (lint/format)
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: npm
+
+      - name: Install
+        run: npm ci
 
+      - name: Lint
+        run: npm run lint:check
+
+      - name: Format check
+        run: npm run format:check
+
+  test-build:
+    name: Test + Build (Node ${{ matrix.node }})
+    runs-on: ubuntu-latest
+    needs: [quality]
     strategy:
+      fail-fast: false
       matrix:
-        node-version: [20.19.0, 21.x, 22.x, 23.x]
+        node: ['20', '22', '24']
+
+    permissions:
+      contents: read
+      actions: read
 
     steps:
-      - name: Checkout code
+      - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup Node.js ${{ matrix.node-version }}
+      - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: ${{ matrix.node-version }}
-          cache: "npm"
+          node-version: ${{ matrix.node }}
+          cache: npm
 
-      - name: Install dependencies
+      - name: Install
         run: npm ci
 
-      - name: Build project
-        run: npm run build
-
-      - name: Run tests
+      - name: Test
         run: npm test
 
+      - name: Build
+        run: npm run build
+
       - name: Test CLI - Merge
         run: node dist/cli.js merge test-reports
 
@@ -55,67 +95,37 @@ jobs:
       - name: Publish Test Report
         uses: ctrf-io/github-test-reporter@v1
         with:
-          report-path: "./ctrf/*.json"
+          report-path: './ctrf/*.json'
           summary-delta-report: true
           github-report: true
-          failed-report: true
-          flaky-report: true
           insights-report: true
-          fail-rate-report: true
           flaky-rate-report: true
-          slowest-report: true
           previous-results-report: true
           upload-artifact: true
-          artifact-name: ctrf-test-report-${{ matrix.node-version }}
-
+          artifact-name: ctrf-test-report-node-${{ matrix.node }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        if: always()
-
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20.19.0"
-          cache: "npm"
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Type check
-        run: npx tsc --noEmit
-
-      - name: Run linter
-        run: npm run lint:check
-
-      - name: Check formatting
-        run: npm run format:check
+        if: always() && hashFiles('ctrf/*.json') != ''
 
   security:
+    name: Security (deps audit)
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: read
     steps:
-      - name: Checkout code
+      - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup Node.js
+      - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: "20.19.0"
-          cache: "npm"
+          node-version: '22'
+          cache: npm
 
-      - name: Install dependencies
+      - name: Install
         run: npm ci
 
-      - name: Run security audit
-        run: npm audit --audit-level=moderate
-
-      - name: Check for known vulnerabilities
-        run: npx audit-ci --moderate
+      - name: npm audit (prod)
+        run: npm audit --omit=dev
+        continue-on-error: true
 

.gitignore

@@ -2,4 +2,10 @@ dist
 node_modules
 coverage
 ctrf
-.DS_Store
+.DS_Store
+agent
+agent.*
+skills
+skills.*
+instructions
+instructions.*

CONTRIBUTING.md

@@ -22,6 +22,41 @@ If you don't see your idea listed, and you think it fits into the goals of this
 3. Make sure your code lints.
 4. Issue that pull request!
 
+## Local Development
+
+To set up the project for local development:
+
+1. **Install dependencies**:
+
+   ```bash
+   npm install
+   ```
+
+2. **Run linting checks**:
+
+   ```bash
+   npm run lint:check
+   ```
+
+3. **Run formatting checks**:
+
+   ```bash
+   npm run format:check
+   ```
+
+4. **Run tests**:
+
+   ```bash
+   npm test
+   ```
+
+5. **Build the package**:
+   ```bash
+   npm run build
+   ```
+
+Make sure all checks pass before submitting a pull request.
+
 ### Commit Messages
 
 Write meaningful commit messages that provide insight into the changes made.
@@ -38,6 +73,10 @@ Feature requests are welcome. But take a moment to find out whether your idea fi
 
 By contributing to this project, you agree that your contributions will be licensed under MIT.
 
+## Contributing to the CTRF Specification
+
+If you'd like to contribute to the CTRF specification itself, please see the [main CTRF repository](https://github.com/ctrf-io/ctrf).
+
 ## Acknowledgments
 
 Your contributions are sincerely appreciated. We want to make contributing to this project as easy and transparent as possible, whether it's: