# Contributing

## Working Rules

- Keep changes scoped to the issue or user request.
- Prefer existing project patterns.
- Do not commit secrets, generated credentials, local `.env` files, or private keys.
- Do not create releases unless explicitly requested.
- Preserve unrelated user changes.
- Use only the configured Gitea Ubuntu runners for project builds, tests, audits, packages, installers, dependency setup, and releases. Do not run those commands on the local machine.
- Do not add Windows or macOS runners; use Linux-compatible workarounds that run on `ubuntu-latest`, `ubuntu-24.04`, or `ubuntu-22.04`.
- Create focused issues for real follow-up work that is outside the current change or can be worked on independently. Do not put secrets, tokens, private data, or sensitive logs in public issues.

## Before Committing

Run the cheapest reliable project verification commands through Gitea Actions:

```bash
LINT_COMMAND
TEST_COMMAND
BUILD_COMMAND
```

Also run:

```bash
git diff --check
```

Local checks should stay lightweight and must not install dependencies or create build artifacts. If a runner-based command cannot run, document why in the final response or handoff notes.

## Pull Requests

Pull requests should include:

- summary of changes,
- verification performed,
- known risks or skipped checks,
- artifact/download notes when relevant.

## Releases

Before release work, update:

```text
CHANGELOG.md
docs/release-checklist.md
docs/security-review.md
README.md
```