# Contributing

## Working Rules

- Keep changes scoped to the issue or user request.
- Prefer existing project patterns once application code exists.
- Do not commit secrets, generated credentials, local `.env` files, or private keys.
- Do not create releases unless explicitly requested.
- Preserve unrelated user changes.

## Before Committing

Run the cheapest reliable verification commands for this project. No stack-specific commands are defined yet.

When the directory is a Git repository, also run:

```bash
git diff --check
```

If a command cannot run, document why in the final response or handoff notes.

## Pull Requests

Pull requests should include:

- summary of changes,
- verification performed,
- known risks or skipped checks,
- artifact/download notes when relevant.

## Releases

Before release work, update:

```text
CHANGELOG.md
docs/release-checklist.md
docs/security-review.md
README.md
```