Prepare public alpha release v0.1.0-alpha.1

Author: enkronos

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Report a defect or behavioral regression in GuardMesh
+title: "[Bug] "
+labels: bug
+assignees: ""
+---
+
+## Summary
+
+Describe the bug clearly and briefly.
+
+## Reproduction
+
+1. Command or API call:
+2. Input policy/request:
+3. Actual behavior:
+4. Expected behavior:
+
+## Environment
+
+- Node version:
+- GuardMesh version:
+- OS:
+
+## Additional context
+
+Add logs, decision output, or validation details if helpful.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: Feature request
+about: Propose a scoped improvement to GuardMesh
+title: "[Feature] "
+labels: enhancement
+assignees: ""
+---
+
+## Problem
+
+What user or integration problem are you trying to solve?
+
+## Proposed change
+
+Describe the smallest useful change that would help.
+
+## Why this fits GuardMesh
+
+Explain why this belongs in GuardMesh's narrow public-alpha scope.
+
+## Alternatives considered
+
+List any alternatives or workarounds you considered.

.github/pull_request_template.md

@@ -0,0 +1,14 @@
+## Summary
+
+- what changed
+- why it changed
+
+## Validation
+
+- [ ] `npm run check`
+- [ ] docs updated if behavior changed
+- [ ] example packs or expectations updated if relevant
+
+## Notes
+
+Anything reviewers should pay special attention to.

.github/workflows/ci.yml

@@ -0,0 +1,26 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - "codex/**"
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [20, 22]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - run: npm ci
+      - run: npm run check

.github/workflows/release-hygiene.yml

@@ -0,0 +1,27 @@
+name: Release Hygiene
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  release-dry-run:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - run: npm ci
+      - run: npm run build
+      - run: npm test
+      - run: npm run lint
+      - run: npm run schema:examples
+      - run: npm run verify:examples
+      - run: npm run release:dry-run

.gitignore

@@ -1,4 +1,7 @@
-node_modules
-dist
+node_modules/
+dist/
 .env
 .DS_Store
+*.log
+coverage/
+*.tgz

CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+
+All notable changes to GuardMesh will be documented in this file.
+
+The project is currently in alpha and may still evolve quickly, but behavior changes should still be recorded here.
+
+## 0.1.0-alpha.1
+
+Initial public alpha baseline:
+
+- TypeScript + Node.js implementation for parsing, validation, evaluation, explanation, and CLI workflows
+- decisions: `allow`, `deny`, `escalate`, `kill`
+- JSON schemas for policy, request, and decision artifacts
+- example packs covering all four decision paths
+- policy-pack linting and expectation testing
+- minimal policy composition through `extends`
+- optional runtime schema validation
+- programmatic API and `PolicyEngine`
+- CI, release dry-run, contributor docs, and alpha stability policy

CODE_OF_CONDUCT.md

@@ -0,0 +1,29 @@
+# Code of Conduct
+
+## Our Pledge
+
+We want GuardMesh to be a respectful, practical, and welcoming open-source project.
+
+Contributors, maintainers, and participants are expected to make participation harassment-free for everyone, regardless of age, body size, disability, ethnicity, gender identity, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Expected Behavior
+
+- Be respectful and constructive.
+- Focus on the work, not the person.
+- Assume good intent, but accept correction when impact is pointed out.
+- Keep discussion grounded in the project scope and goals.
+
+## Unacceptable Behavior
+
+- Harassment, discrimination, or abusive language
+- Personal attacks or sustained antagonistic behavior
+- Publishing private information without permission
+- Disruptive conduct that makes collaboration harder for others
+
+## Enforcement
+
+Project maintainers are responsible for clarifying and enforcing this code of conduct and may remove, edit, or reject comments, commits, issues, or other contributions that do not align with it.
+
+## Reporting
+
+If you experience or witness unacceptable behavior, open a private security-style contact route once one is listed in `SECURITY.md`. Until then, use the repository maintainers' private contact method rather than a public issue when possible.

CONTRACT.md

@@ -0,0 +1,41 @@
+# GuardMesh Alpha Stability Policy
+
+GuardMesh is still in alpha. The project aims to be stable enough for experimentation, but not yet frozen.
+
+## Stability expectations
+
+### Most stable in alpha
+
+- core decision names: `allow`, `deny`, `escalate`, `kill`
+- file-based pack workflow using `policy.yaml` and `request.json`
+- example-pack verification model using `decision.expected.json`
+
+### Moderately stable in alpha
+
+- CLI command names
+- exported runtime helpers
+- `PolicyEngine` shape
+- current rule selectors and constraints
+
+These may still evolve when clarity or correctness improves.
+
+### Least stable in alpha
+
+- lint heuristics
+- composition details beyond basic `extends`
+- any future bundle or adapter interfaces
+- exact report field additions for authoring and tooling features
+
+## Compatibility approach
+
+- Prefer additive changes where possible.
+- Document behavior changes in `README.md` and `docs/policy-spec.md`.
+- Update example packs and tests in the same change whenever semantics move.
+
+## Practical guidance
+
+If you are embedding GuardMesh during alpha:
+
+- pin the package version
+- rely on documented fields rather than incidental internals
+- treat minor alpha releases as potentially behavior-changing