chore: sync lint config and docs

.gitignore

@@ -9,6 +9,7 @@ bin/
 dist/
 # Stray example binaries (e.g. `go build` run inside examples/* leaving the binary at repo root)
 /basic
+/examples/basic/basic
 /examples/*/main
 examples/**/*.bin
 

.golangci.yml

@@ -14,6 +14,23 @@ linters:
     - whitespace
     - bodyclose
     - noctx
+  settings:
+    errcheck:
+      check-type-assertions: true
+      check-blank: false
+    gocritic:
+      enabled-tags:
+        - diagnostic
+        - performance
+      disabled-checks:
+        - hugeParam
+        - rangeValCopy
+        - appendAssign
+        # appendCombine hurts readability when each appended item is a
+        # documented struct literal.
+        - appendCombine
+    staticcheck:
+      checks: ["all", "-SA1019"]
   exclusions:
     presets:
       - comments
@@ -26,21 +43,6 @@ linters:
           - noctx
           - bodyclose
 
-linters-settings:
-  errcheck:
-    check-type-assertions: true
-    check-blank: false
-  gocritic:
-    enabled-tags:
-      - diagnostic
-      - performance
-    disabled-checks:
-      - hugeParam
-      - rangeValCopy
-      - appendAssign
-  staticcheck:
-    checks: ["all", "-SA1019"]
-
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0

CHANGELOG.md

@@ -30,8 +30,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `.github/workflows/ci.yml` — race tests + coverage upload + lint
     (golangci-lint v2) + multi-platform build matrix
     (linux/darwin/windows × amd64/arm64) + govulncheck.
-  - `.github/dependabot.yml` — weekly `gomod` + `github-actions`
-    updates.
   - `.github/PULL_REQUEST_TEMPLATE.md` — Summary / Changes / API impact
     / Daemon compatibility / Testing / Checklist.
   - `.github/ISSUE_TEMPLATE/bug_report.yml` — structured bug report.

SECURITY.md

@@ -44,8 +44,8 @@ We follow [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/C
 
 ## Security practices in this repo
 
-- **Dependency monitoring:** automated via Dependabot (see
-  `.github/dependabot.yml`).
+- **Dependency monitoring:** vulnerable dependencies are detected by
+  `govulncheck`, which runs on every CI build (see "Vulnerability scanning").
 - **Static analysis:** `golangci-lint` / `ruff` / `mypy` enforced in CI.
 - **Vulnerability scanning:** `govulncheck` (Go) / `pip-audit` (Python) run
   on every CI build.

docs/architecture.md

@@ -57,7 +57,7 @@ resp, err := c.Chat(ctx, hawksdk.ChatRequest{Message: "list files"})
 // 📡 Streaming chat
 stream, err := c.ChatStream(ctx, hawksdk.ChatRequest{Message: "explain this code"})
 defer stream.Close()
-for stream.Next() { fmt.Print(stream.Event().Data) }
+for { ev, err := stream.Next(); if err != nil { break }; fmt.Print(ev.Data) }
 
 // 📋 Sessions
 sessions, _ := c.Sessions(ctx, hawksdk.ListOptions{Limit: 10})