diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..2409d98
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: Report a bug in this plugin
+title: '[Bug] '
+labels: bug
+assignees: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To reproduce
+
+Steps to reproduce the behavior:
+1. Config used (redact any secrets)
+2. Command run
+3. Error output
+
+## Expected behavior
+
+What you expected to happen.
+
+## Environment
+
+- workflow engine version: <!-- e.g. 0.3.51 -->
+- plugin version: <!-- e.g. 1.0.0 -->
+- Go version: <!-- go version -->
+- OS: <!-- e.g. linux/amd64, darwin/arm64 -->
+
+## Additional context
+
+Add any other context or logs here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..bfcf5e9
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest a new capability for this plugin
+title: '[Feature] '
+labels: enhancement
+assignees: ''
+---
+
+## Summary
+
+A one-sentence description of the feature.
+
+## Motivation
+
+Why is this feature needed? What problem does it solve?
+
+## Proposed solution
+
+How would you like it to work? Include config schema changes if relevant.
+
+## Alternatives considered
+
+Any alternative approaches you considered and why you ruled them out.
+
+## Additional context
+
+Links, screenshots, or related issues.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..a510115
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,20 @@
+## Summary
+
+<!-- What does this PR do? 1-3 bullet points. -->
+
+## Motivation
+
+<!-- Why is this change needed? Link to issue if applicable. Closes #NNN -->
+
+## Test plan
+
+- [ ] `go build ./...` passes
+- [ ] `go vet ./...` passes
+- [ ] `go test ./...` passes
+- [ ] Manual smoke test (describe)
+
+## Checklist
+
+- [ ] CHANGELOG.md updated (Keep-a-Changelog format)
+- [ ] No secrets or credentials included
+- [ ] One feature or bugfix per PR
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..fb730fb
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,12 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.2] - 2026-04-22
+
+Initial CHANGELOG entry tracking the current release. See git tags for prior versions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..b379f0d
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,27 @@
+# Contributing to workflow-plugin-tofu
+
+This plugin is part of the [GoCodeAlone/workflow](https://github.com/GoCodeAlone/workflow) ecosystem.
+
+## Before contributing
+
+Read the [upstream CONTRIBUTING.md](https://github.com/GoCodeAlone/workflow/blob/main/CONTRIBUTING.md) for general conventions, signing, and review expectations.
+
+## Local development
+
+```sh
+git clone https://github.com/GoCodeAlone/workflow-plugin-tofu.git
+cd workflow-plugin-tofu
+go build ./...
+go test ./...
+```
+
+## Pull requests
+
+- One feature or bugfix per PR.
+- Update CHANGELOG.md with a Keep-a-Changelog entry.
+- Add tests covering new behavior.
+- Run `go vet ./...` before pushing.
+
+## Reporting issues
+
+See the issue templates under `.github/ISSUE_TEMPLATE/`.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0c43294
--- /dev/null
+++ b/README.md
@@ -0,0 +1,54 @@
+# workflow-plugin-tofu
+
+> ⚠️ **Experimental** — This plugin compiles and passes its unit tests but has not been validated in any active GoCodeAlone-internal production deployment. Use with caution. Please [open an issue](https://github.com/GoCodeAlone/workflow-plugin-tofu/issues/new) if you adopt it so we can promote it to **verified** status.
+
+[![License](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Go Reference](https://pkg.go.dev/badge/github.com/GoCodeAlone/workflow-plugin-tofu.svg)](https://pkg.go.dev/github.com/GoCodeAlone/workflow-plugin-tofu)
+
+OpenTofu/Terraform adapter for workflow IaC — generates HCL from abstract infra specs, executes plan/apply, and handles state import/export.
+
+## What it provides
+
+**Pipeline step types:**
+- `step.iac_generate_hcl` — Generate HCL configuration from abstract workflow infra specs
+- `step.tofu_init` — Run `tofu init` (downloads providers + modules)
+- `step.tofu_plan` — Run `tofu plan` and capture the execution plan
+- `step.tofu_apply` — Run `tofu apply` to provision infrastructure
+- `step.tofu_state_import` — Import existing resources into Tofu state
+- `step.tofu_state_export` — Export Tofu state for use by other workflow steps
+
+## Prerequisites
+
+- [OpenTofu](https://opentofu.org/docs/intro/install/) or [Terraform](https://developer.hashicorp.com/terraform/install) installed and on `$PATH`
+- Provider credentials configured via env vars (e.g. `AWS_ACCESS_KEY_ID`, `GOOGLE_CREDENTIALS`, `ARM_CLIENT_ID`)
+
+## Install
+
+```yaml
+# In your wfctl.yaml
+version: 1
+plugins:
+  - name: workflow-plugin-tofu
+    version: v0.1.2
+    source: github.com/GoCodeAlone/workflow-plugin-tofu
+```
+
+Then:
+
+```sh
+wfctl plugin install
+```
+
+## Minimal example
+
+See [`examples/minimal/config.yaml`](examples/minimal/config.yaml).
+
+## Documentation
+
+- [Plugin authoring guide (upstream)](https://github.com/GoCodeAlone/workflow/blob/main/docs/PLUGIN_AUTHORING.md)
+- [Workflow engine docs](https://github.com/GoCodeAlone/workflow)
+- [IaC guide](https://github.com/GoCodeAlone/workflow/blob/main/docs/iac/)
+
+## License
+
+MIT. See [LICENSE](LICENSE).
diff --git a/examples/minimal/config.yaml b/examples/minimal/config.yaml
new file mode 100644
index 0000000..9621abe
--- /dev/null
+++ b/examples/minimal/config.yaml
@@ -0,0 +1,39 @@
+# workflow-plugin-tofu minimal example
+# Demonstrates HCL generation and plan/apply execution via OpenTofu/Terraform.
+# Validate with: wfctl validate --skip-unknown-types examples/minimal/config.yaml
+#
+# Prerequisites: tofu (or terraform) on $PATH + provider credentials
+#
+# step.tofu_plan config keys: working_dir, binary_path, tool, var_file
+# step.tofu_plan output:      plan_file (= <working_dir>/plan.tfplan), stdout, stderr, exit_code
+# step.tofu_apply config keys: working_dir, binary_path, tool, plan_file (optional)
+
+workflows:
+  pipeline:
+    trigger:
+      type: http
+      config:
+        path: /iac/apply
+        method: POST
+    steps:
+      - name: generate-hcl
+        type: step.iac_generate_hcl
+        config:
+          provider: aws
+          output_dir: /tmp/tofu-out
+
+      - name: init
+        type: step.tofu_init
+        config:
+          working_dir: /tmp/tofu-out
+
+      - name: plan
+        type: step.tofu_plan
+        config:
+          working_dir: /tmp/tofu-out
+
+      - name: apply
+        type: step.tofu_apply
+        config:
+          working_dir: /tmp/tofu-out
+          plan_file: /tmp/tofu-out/plan.tfplan