# Contributing

## Working Rules

- Keep changes scoped to the issue or user request.
- Prefer existing project patterns.
- Do not commit secrets, generated credentials, local `.env` files, or private keys.
- Do not create releases unless explicitly requested.
- Preserve unrelated user changes.
- Create focused issues for real follow-up work that is outside the current change or can be worked on independently. Do not put secrets, tokens, private data, or sensitive logs in public issues.

## Before Committing

Run the cheapest reliable verification commands for this project:

```bash
LINT_COMMAND
TEST_COMMAND
BUILD_COMMAND
```

Also run:

```bash
git diff --check
```

If a command cannot run, document why in the final response or handoff notes.

## Pull Requests

Pull requests should include:

- summary of changes,
- verification performed,
- known risks or skipped checks,
- artifact/download notes when relevant.

## Releases

Before release work, update:

```text
CHANGELOG.md
docs/release-checklist.md
docs/security-review.md
README.md
```