# Contributing

## Working Rules

- Keep changes scoped to the issue or user request.
- Prefer existing project patterns.
- Do not commit secrets, generated credentials, local `.env` files, or private keys.
- Do not create releases unless explicitly requested.
- Preserve unrelated user changes.

## Before Committing

Run the cheapest reliable verification commands for this project.

Current available check:

```bash
git diff --check
```

Once a real stack exists, add and document lint, test, build, and audit commands.

## Pull Requests

Pull requests should include:

- summary of changes,
- verification performed,
- known risks or skipped checks,
- artifact or download notes when relevant.

## Releases

Before release work, update:

```text
CHANGELOG.md
docs/release-checklist.md
docs/security-review.md
README.md
```