Edit/s fix

.github/workflows/release.yml

@@ -201,7 +201,7 @@ jobs:
           ORIG_SHA=$(git rev-parse HEAD)
 
           git add -f target
-          git rm -f -r --cached --ignore-unmatch .github .idea _generate _run cli gen.go go.work .gitignore
+          git rm -f -r --cached --ignore-unmatch .github .idea _generate _run cli cmd gen.go go.work .gitignore
 
           git commit -m "release(${BUILD_VER}): strip heavy assets"
           git tag -a "${BUILD_VER}" -m "Release ${BUILD_VER}"

CONTRIBUTING.md

@@ -0,0 +1,45 @@
+# Contributing
+
+Thanks for your interest in improving ratatoskr!
+
+## Quick Start
+
+* **Fork** the repo and create a feature branch: `git checkout -b feat/short-descriptor`.
+* **Make changes** in small, focused commits.
+* **Format** code with `gofmt` and keep imports tidy (`go fmt ./...`).
+* **Test** everything: `go test ./...`. Add/adjust tests for any behavior you change.
+* **Cross-build**: the CI verifies compilation on 25 platform targets — run `GOOS=linux GOARCH=arm64 go build ./...`
+  locally if you're touching platform-sensitive code.
+* **Document** public APIs and update README examples if behavior changes. Both `README.md` (English) and
+  `README.RU.md` (Russian) must be kept in sync.
+
+## Style & Scope
+
+* Prefer small PRs that solve one problem.
+* All Go struct names must end with `Obj`, all interface names must end with `Interface`.
+* Avoid tautological names — don't repeat the package name in identifiers (e.g., `telemetry.Obj` not
+  `telemetry.TelemetryObj`).
+* Comments, errors, and logs must be in English.
+* Keep dependencies minimal; stick to the standard library when possible.
+* See `CLAUDE.md` for the full set of code conventions.
+
+## Commit Messages
+
+* Use clear, imperative subjects, e.g., `fix: handle empty peer list`.
+* If a change is breaking, include `BREAKING CHANGE:` in the body and explain the migration.
+
+## Pull Requests
+
+* Describe **what** and **why** (link related issues).
+* Include usage notes and test coverage.
+* CI runs tests on Linux, macOS, and Windows, plus cross-compilation for 25 targets — all checks must pass.
+* Be ready to address review feedback; we aim for constructive, concise reviews.
+
+## Reporting Issues
+
+* Provide steps to reproduce, expected vs. actual behavior, environment details (Go version, OS, architecture), and logs
+  if relevant.
+
+## Licensing
+
+By submitting a contribution, you agree that it will be licensed under the project's **LGPL-2.1** license.

SECURITY.md

@@ -0,0 +1,38 @@
+# Security Policy
+
+## Supported Versions
+
+We support the latest minor release on the default branch. Please update to the most recent version before filing a
+report.
+
+## Reporting a Vulnerability
+
+Email **git@sunsung.fun** with subject `SECURITY: <short summary>`. Include affected version, environment, impact, clear
+reproduction steps, and a minimal PoC if possible. **Do not open public issues or PRs** for security reports.
+
+**We will:**
+
+* Acknowledge your report within **72 hours**.
+* Provide an initial assessment or mitigation plan within **14 days**.
+* Aim to fix or provide mitigations within **90 days** (timeline may vary with complexity).
+
+## Disclosure
+
+Please keep your report private until a fix is released. We will coordinate a public advisory and **credit you** (unless
+you request otherwise).
+
+## Out of Scope
+
+* Social engineering or physical attacks.
+* Pure DoS/spam without a concrete, actionable fix.
+* Automated scan results without demonstrated exploitability.
+* Issues affecting only unsupported versions or non-default configs.
+* Vulnerabilities in third-party dependencies (please report upstream).
+
+## Safe Harbor
+
+If you follow this policy and act in good faith, we will not pursue legal action or block your research.
+
+## Security Updates
+
+Security fixes are shipped as **patch releases** and noted in the changelog/release notes.