chore

Author: denisecase

.editorconfig

@@ -1,3 +1,6 @@
+# ============================================================
+# .editorconfig (Standardize across editors and IDEs)
+# ============================================================
 # REQ.UNIVERSAL: All professional GitHub project repositories MUST include .editorconfig.
 # WHY: Establish a cross-editor baseline so diffs stay clean and formatting is consistent.
 # ALT: Repository may omit .editorconfig ONLY if formatting is enforced equivalently by CI and formatter tooling.

.gitattributes

@@ -1,7 +1,20 @@
-# WHY-FILE: Normalize line endings and GitHub language classification
-# to ensure cross-platform consistency and predictable CI behavior.
+# ============================================================
+# .gitattributes (Keep files consistent across operating systems)
+# ============================================================
 
-# === Core: Text normalization ===
+# REQ.UNIVERSAL: All professional GitHub project repositories MUST include .gitattributes.
+# WHY: Ensure consistent line endings, diff behavior, and file classification
+# across Windows, macOS, and Linux environments.
+# ALT: Repository may omit .gitattributes ONLY if equivalent normalization is
+# enforced reliably by tooling and CI (rare and fragile).
+# CUSTOM: Update file-type rules only when introducing new languages,
+# binary artifacts, or documentation formats.
+# NOTE: Rules are ordered by impact and generality, not alphabetically.
+# Git attributes are documented at https://git-scm.com/docs/gitattributes
+
+# === Core defaults (always apply) ===
+
+# WHY: Auto-detect text files and normalize line endings to avoid cross-platform drift.
 * text=auto
 
 # WHY-SECTION: Explicit EOL rules avoid platform-specific diffs and tool failures.

.github/dependabot.yml

@@ -1,21 +1,26 @@
+# ============================================================
+# .github/dependabot.yml (Check for GitHub Actions updates)
+# ============================================================
+# SOURCE: https://github.com/denisecase/templates
+#
 # REQ.PROJECT: This repository SHOULD track GitHub Actions updates automatically.
-# WHY: GitHub Actions are executable dependencies and may receive security or behavior updates.
-# OBS: This repository has no language-level dependencies (Python, JS, Rust, etc.).
-# OBS: GitHub Actions are the only dependency class currently in scope.
+# WHY-FILE: GitHub Actions are executable dependencies and may receive security or behavior updates.
+# OBS: Language-level dependencies (e.g., Python packages) are upgraded manually.
+# OBS: GitHub Actions are the only dependency class automated here.
 # ALT: Dependabot could be omitted if workflows are pinned and reviewed manually.
 # CUSTOM: Update interval if CI cadence or security posture changes.
 
-version: 2
+# NOTE: This file automatically updates the versions used in Actions workflows.
+# You don't need to modify this file.
+# To disable: Delete this file or set enabled: false below.
+# enabled: false # Uncomment to disable Dependabot
 
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
+version: 2 # Dependabot configuration version
 
-    # WHY: Monthly cadence balances stability with security updates.
-    # ALT: Use "weekly" for higher-security environments.
+updates:
+  - package-ecosystem: "github-actions" # Dependency type
+    directory: "/" # Location of GitHub Actions workflows
     schedule:
-      interval: "monthly"
-
-    # WHY: Clear commit prefix simplifies changelog review and filtering.
+      interval: "monthly" # ALT: Use "weekly" for higher security when needed
     commit-message:
-      prefix: "(deps)"
+      prefix: "(deps)"  # WHY: enable filtering by commit type

.github/workflows/ci-hygiene.yml

@@ -0,0 +1,76 @@
+# ============================================================
+# .github/workflows/ci-md.yml (Continuous Integration)
+# ============================================================
+# SOURCE: https://github.com/denisecase/templates
+#
+# WHY-FILE: Minimal checks for repositories where hygiene is the primary gate.
+# OBS: CI does not introduce additional style rules beyond repo configuration.
+# NOTE: This workflow intentionally avoids requiring Python or pre-commit for contributors.
+
+name: CI Hygiene (Markdown and YAML)
+
+# WHY: Validate repo contents on pushes to main branch and pull requests.
+
+on:
+  push:
+    branches: [main] # WHY: Run when pushing to main branch.
+  pull_request:
+    branches: [main] # WHY: Run on pull requests targeting main branch.
+  workflow_dispatch: # WHY: Allow manual triggering from Actions tab.
+
+permissions: # WHY: Use least privileges required.
+  contents: read
+
+jobs:
+  ci:
+    name: Repository checks (pre-commit)
+    runs-on: ubuntu-latest # WHY: Linux environment matches most production deployments
+    timeout-minutes: 10 # WHY: Prevent hanging jobs. If over, it is likely stuck.
+
+    steps:
+      # ============================================================
+      # ASSEMBLE: Get code
+      # ============================================================
+
+      - name: A1) Checkout repository code
+        # WHY: Needed to access files for checks.
+        uses: actions/checkout@v6
+
+      # ============================================================
+      # BASIC CHECKS: Run basic checks
+      # ============================================================
+
+      - name: B1) Lint Markdown
+        # WHY: Enforce Markdown rules consistently (repo-config driven).
+        uses: DavidAnson/markdownlint-cli2-action@v22
+        with:
+          globs: |
+            **/*.md
+
+
+      - name: B2) Lint YAML (uses .yamllint.yml)
+        # WHY: Validate YAML correctness using repo-defined yamllint.yml rules.
+        # OBS: Ensures GitHub Actions YAML and other YAML files remain valid.
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          config_file: .yamllint.yml # WHY: Use repo policy; avoid drifting defaults.
+          file_or_dir: .            # WHY: Lint YAML across the repository.
+          no_warnings: true         # WHY: CI output should be actionable.
+
+      - name: B3) Detect CITATION.cff
+        # WHY: Verify presence of CITATION.cff for conditional validation.
+        id: detect_citation
+        shell: bash
+        run: |
+          if [ -f "CITATION.cff" ]; then
+            echo "present=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "present=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: B4) Validate CITATION.cff (if present)
+        # WHY: Ensure CITATION.cff is well-formed without making it mandatory.
+        if: ${{ steps.detect_citation.outputs.present == 'true' }}
+        uses: dieghernan/cff-validator@v4
+        with:
+          citation-path: CITATION.cff # WHY: Be explicit about the file validated.

.github/workflows/ci-md.yml

@@ -27,8 +27,8 @@ jobs:
       pull-requests: write
 
     steps:
-      - name: 1) Checkout repository code
-        uses: actions/checkout@v6 # OBS: v6 current as of Dec 2025
+      - name: A1) Checkout repository code
+        uses: actions/checkout@v6
 
       - name: 2) Check links with Lychee
         uses: lycheeverse/lychee-action@v2

.github/workflows/links.yml

@@ -1,38 +1,109 @@
-# REQ.UNIVERSAL: Spec repositories MUST ignore editor, OS, and transient artifacts.
-# WHY: Prevent accidental commits of local or generated noise.
-# ALT: Expand only if the repository adds tooling that generates artifacts.
+# ============================================================
+# .gitignore (Keep unnecessary files out of the repository)
+# ============================================================
 
-# === OS artifacts ===
-.DS_Store
-Thumbs.db
+# REQ.UNIVERSAL: All professional GitHub project repositories MUST include .gitignore.
+# WHY: Prevent committing generated artifacts, local state, secrets, and OS-specific files.
+# ALT: Repository may customize ignores, but MUST preserve universal safety rules.
+# CUSTOM: Logs may be temporarily committed for verification; keep ignored for
+# production use and security.
 
-# === Editor artifacts ===
-*.swp
+
+# === Universal (all projects, all languages) ===
+
+# WHY: Logs are useful during debugging and verification.
+# ALT: Comment if logs must be inspected or validated.
+*.log
+logs/
+PRIVATE_NOTES.md
+PRIVATE-NOTES.md
+
+# WHY: Temporary and swap files are machine-local noise and create meaningless diffs.
 *.swo
-*.bak
+*.swp
+*.tmp
 *~
+
+# === VS Code (special case) ===
+
+# WHY: Ignore editor state while allowing a shared baseline configuration.
 .vscode/
+
+# WHY: Commit recommended extensions (opt-in) for consistent development experience.
+# NOTE: Share recommendations, not personal editor styles or preferences.
+!.vscode/extensions.json
+!.vscode/settings.json
+
+# === OS-specific files (macOS / Windows) ===
+
+# WHY: OS-generated metadata files should never be tracked.
+.AppleDouble
+.DS_Store
+.LSOverride
+Icon\r
+._*
+.Spotlight-V100/
+.Trashes
+desktop.ini
+ehthumbs.db
+Thumbs.db
+
+# === Editors / IDEs (non-VS Code) ===
+
+# WHY: IDE metadata is machine-local and should not be tracked.
+*.code-workspace
 .idea/
 
-# === Temporary files ===
-.tmp/
-.temp/
+# === Environment variables and secrets ===
 
-# === LaTeX build artifacts (if SPEC is rendered locally) ===
-*.aux
-*.bbl
-*.blg
-*.log
-*.out
-*.toc
-*.fls
-*.fdb_latexmk
-
-# === PDF previews ===
-*.pdf
-
-# === Proof assistant artifacts (defensive, non-binding) ===
-*.olean
-*.ilean
-*.trace
-.lake/
+# WHY: Never commit credentials or environment-specific configuration.
+.env
+.env.*
+*.env
+
+# === Documentation build output ===
+
+# WHY: Static site build output is generated.
+site/
+
+# === Generic caches ===
+
+# WHY: Generic caches are machine-local and should not be tracked.
+.cache/
+
+# === Python ===
+
+# WHY: Virtual environments are machine-local and reproducible.
+.venv/
+venv/
+
+# REQ.PYTHON: Do NOT git ignore uv.lock. Commit it and use it in CI/CD pipelines.
+
+# WHY: Python version when using scm matches any repo depth and any package name
+**/src/**/_version.py
+
+# WHY: Python bytecode is generated.
+__pycache__/
+*.pyc
+*.pyd
+*.pyo
+
+# WHY: Build and packaging artifacts are generated.
+.eggs/
+build/
+dist/
+*.egg
+*.egg-info/
+*.whl
+
+# WHY: Tooling caches should not be tracked.
+.coverage
+.coverage.*
+.mypy_cache/
+.pytest_cache/
+.pytype/
+.ruff_cache/
+.tox/
+
+# WHY: Notebook checkpoint state is generated.
+.ipynb_checkpoints/

.gitignore

@@ -0,0 +1,11 @@
+# ============================================================
+# .markdownlint.yml (Markdown linting configuration)
+# ============================================================
+
+# WHY-FILE: Markdown lint rules for Markdown source repos such as specs.
+# WHY: Avoid enforcing line length; specs include long identifiers and URLs.
+# OBS: MD013 fails on identifier tables and unbreakable tokens (e.g., requirement IDs).
+# WHY: Allow inline HTML; specs may use semantic markers in normative text.
+
+MD013: false  # Line length
+MD033: false  # Inline HTML

.markdownlint.yml

@@ -1,3 +1,7 @@
+# ============================================================
+# .yamllint.yml (YAML linting configuration)
+# ============================================================
+
 # WHY: Enforce YAML correctness without arbitrary style constraints.
 # OBS: Default yamllint rules conflict with GitHub Actions YAML.
 #      Line length, document start, truthy, and comment spacing are intentionally disabled.

.yamllint.yml

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Denise M. Case
+Copyright (c) 2025-2026 Denise M. Case
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal