Davincc77 · Davincc77 · May 25, 2026 · May 25, 2026
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,98 @@
+name: Bug report
+description: Report incorrect behaviour in a reference implementation, test vector failure, or other defect.
+title: "[bug] "
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to file a bug report.
+
+        **Before submitting:**
+        - Search [existing issues](https://github.com/Davincc77/klickdskill/issues) to avoid duplicates.
+        - For **security vulnerabilities**, do NOT use this form — see [`SECURITY.md`](https://github.com/Davincc77/klickdskill/blob/main/SECURITY.md).
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: A clear, concise description of the bug.
+    validations:
+      required: true
+
+  - type: dropdown
+    id: component
+    attributes:
+      label: Affected component
+      multiple: true
+      options:
+        - Specification (SPEC.md / SPEC_v30.md)
+        - JSON schemas
+        - Python SDK
+        - TypeScript SDK
+        - Test vectors
+        - Migrator (v3.x → v4)
+        - Registry
+        - Documentation
+        - CI / workflows
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Version / commit
+      description: Spec version, package version, or git commit SHA where the bug was observed.
+      placeholder: "e.g. v4.0.0-preview, commit 76a2ff4"
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Reproduction steps
+      description: Minimal, deterministic steps to reproduce. Include code snippets, sample payloads (redact secrets), or commands.
+      placeholder: |
+        1. ...
+        2. ...
+        3. ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behaviour
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual behaviour
+      description: Include error messages, stack traces, or vector diffs. Redact any passphrases or private keys.
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: OS, runtime version (Node / Python), and any relevant tooling.
+      placeholder: |
+        - OS:
+        - Runtime:
+        - Package version:
+
+  - type: checkboxes
+    id: confirmations
+    attributes:
+      label: Confirmations
+      options:
+        - label: I have searched existing issues and this is not a duplicate.
+          required: true
+        - label: This is not a security vulnerability (security reports follow `SECURITY.md`).
+          required: true
+        - label: I have redacted any secrets, passphrases, or personal data from the report.
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability (private disclosure)
+    url: https://github.com/Davincc77/klickdskill/security/policy
+    about: Do NOT open a public issue for security vulnerabilities. See SECURITY.md for the private disclosure process.
+  - name: Questions and discussion
+    url: https://github.com/Davincc77/klickdskill/discussions
+    about: For open-ended questions, design discussion, or help, please use GitHub Discussions.
+  - name: Specification (SPEC.md)
+    url: https://github.com/Davincc77/klickdskill/blob/main/SPEC.md
+    about: Read the .klickd specification before filing spec-related issues.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,59 @@
+name: Feature request
+description: Suggest a non-normative enhancement (tooling, documentation, ergonomics). For spec changes, use the "Spec change / RFC" template.
+title: "[feature] "
+labels: ["enhancement", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this template for SDK ergonomics, tooling, documentation, or workflow improvements.
+
+        For **normative changes to the `.klickd` specification, schemas, or wire format**, please use the **Spec change / RFC** template instead.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem / motivation
+      description: What problem does this solve? Who is affected?
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed solution
+      description: Describe the change you would like to see. Include API sketches or example code where applicable.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Other approaches you have considered, and why they were not selected.
+
+  - type: dropdown
+    id: component
+    attributes:
+      label: Affected component
+      multiple: true
+      options:
+        - Python SDK
+        - TypeScript SDK
+        - Migrator
+        - Registry
+        - Documentation
+        - CI / workflows
+        - Other
+    validations:
+      required: true
+
+  - type: checkboxes
+    id: scope
+    attributes:
+      label: Scope confirmation
+      options:
+        - label: This proposal does NOT change the `.klickd` wire format, JSON schemas, or test vectors. (If it does, use the Spec change / RFC template.)
+          required: true
+        - label: I have searched existing issues and this is not a duplicate.
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/spec_rfc.yml b/.github/ISSUE_TEMPLATE/spec_rfc.yml
@@ -0,0 +1,85 @@
+name: Spec change / RFC
+description: Propose a normative change to the .klickd specification, JSON schemas, test vectors, or wire format.
+title: "[rfc] "
+labels: ["spec", "rfc", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this template for any proposal that affects:
+
+        - The `.klickd` wire format
+        - Normative requirements in `SPEC.md` / `SPEC_v30.md`
+        - JSON schemas under `schema/`
+        - Test vectors under `vectors/`
+        - Cryptographic defaults (KDF, cipher, AAD coverage)
+
+        Breaking changes require a major version bump and a coexistence / migration story. See `CONTRIBUTING.md`.
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: One-paragraph summary of the proposed change.
+    validations:
+      required: true
+
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Motivation
+      description: Why is this change needed? What problem does it solve that cannot be solved without a normative change?
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Detailed proposal
+      description: Specify the change precisely — new fields, modified validation rules, schema diffs, vector additions, etc.
+    validations:
+      required: true
+
+  - type: dropdown
+    id: impact
+    attributes:
+      label: Compatibility impact
+      options:
+        - Additive (backward compatible, no version bump)
+        - Minor (backward compatible, minor version bump)
+        - Breaking (requires major version bump and migration path)
+    validations:
+      required: true
+
+  - type: textarea
+    id: security
+    attributes:
+      label: Security considerations
+      description: Cryptographic implications, threat-model impact, AAD coverage, downgrade resistance.
+    validations:
+      required: true
+
+  - type: textarea
+    id: migration
+    attributes:
+      label: Migration / coexistence story
+      description: For breaking changes, describe how implementations and existing payloads transition. Reference the migrator if applicable.
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+    validations:
+      required: true
+
+  - type: checkboxes
+    id: confirmations
+    attributes:
+      label: Confirmations
+      options:
+        - label: I have read `CONTRIBUTING.md` and the relevant SPEC document.
+          required: true
+        - label: This proposal does not weaken cryptographic defaults (Argon2id floors, GCM tag, AAD coverage).
+          required: true
+        - label: I understand that normative changes require maintainer review and may require a major version bump.
+          required: true
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,60 @@
+<!--
+Thanks for contributing to .klickd!
+
+Please fill in this template. PRs with empty descriptions will be asked for more detail.
+-->
+
+## Summary
+
+<!-- One or two sentences: what does this PR change, and why? -->
+
+## Scope
+
+- [ ] Documentation / community files only
+- [ ] Reference implementation (Python SDK)
+- [ ] Reference implementation (TypeScript SDK)
+- [ ] Migrator
+- [ ] Registry
+- [ ] CI / workflows
+- [ ] Specification (`SPEC*.md`)
+- [ ] JSON schemas (`schema/`)
+- [ ] Test vectors (`vectors/`)
+
+## Linked issue
+
+<!-- e.g. Closes #123, Refs #456. Spec / schema / vector changes should reference an RFC issue. -->
+
+## Schema / SDK / vector impact
+
+- [ ] No change to the `.klickd` wire format
+- [ ] No change to JSON schemas
+- [ ] No change to test vectors
+- [ ] No package version bump
+- [ ] If any of the above are checked **off**, this PR links an approved RFC issue and includes a migration / coexistence note below.
+
+<!-- If applicable, describe the impact: -->
+
+## Testing
+
+<!-- How was this verified? Include commands run, vectors validated, or manual checks. -->
+
+- [ ] Existing CI passes locally / will pass in CI
+- [ ] New tests / vectors added where appropriate
+- [ ] N/A — docs-only change
+
+## Security and secret scan
+
+- [ ] No secrets, passphrases, private keys, or personal data are included in this diff
+- [ ] No cryptographic defaults are weakened (KDF floors, GCM tag, AAD coverage)
+- [ ] If this PR touches the threat model or crypto, `SECURITY.md` was reviewed and updated as needed
+
+## Governance reminders
+
+- [ ] This PR does **not** publish to npm, PyPI, Zenodo, or any package registry
+- [ ] This PR does **not** create a release, tag, or version bump
+- [ ] This PR does **not** modify locked governance files outside its declared scope
+- [ ] I have read [`CONTRIBUTING.md`](../CONTRIBUTING.md) and agree to the [Code of Conduct](../CODE_OF_CONDUCT.md)
+
+## Additional notes
+
+<!-- Anything reviewers should know: trade-offs, follow-ups, screenshots, etc. -->