add CI, issue templates, contributing guide, security policy

Author: shillshady

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: shillshady

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug Report
+about: Report a bug or unexpected behavior
+title: ""
+labels: bug
+assignees: ""
+---
+
+**Describe the bug**
+A clear description of what went wrong.
+
+**To reproduce**
+Steps to reproduce the behavior:
+1. Run `solblade ...`
+2. See error
+
+**Expected behavior**
+What you expected to happen.
+
+**Environment**
+- OS: [e.g., macOS 15, Ubuntu 24.04, Windows 11]
+- Bun version: [e.g., 1.2.0]
+- Solblade version: [e.g., 0.1.0]
+- RPC provider: [e.g., Helius, QuickNode, public]
+
+**Logs**
+If applicable, paste relevant terminal output or audit log entries.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature Request
+about: Suggest a new feature or improvement
+title: ""
+labels: enhancement
+assignees: ""
+---
+
+**What problem does this solve?**
+A clear description of the problem or use case.
+
+**Proposed solution**
+How you'd like it to work.
+
+**Alternatives considered**
+Any other approaches you've thought about.
+
+**Additional context**
+Screenshots, links, or examples from other tools.

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+## What
+
+Brief description of the change.
+
+## Why
+
+Why is this needed?
+
+## How
+
+How was it implemented? Any notable design decisions?
+
+## Testing
+
+- [ ] `bun run build` passes
+- [ ] Tested manually with `bun run dev`

.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - run: bun install --frozen-lockfile
+
+      - run: bun run build

CONTRIBUTING.md

@@ -0,0 +1,36 @@
+# Contributing to Solblade
+
+Thanks for your interest in contributing.
+
+## Getting Started
+
+```bash
+git clone https://github.com/shillshady/solblade.git
+cd solblade
+bun install
+bun run dev
+```
+
+## Pull Requests
+
+1. Fork the repo and create a branch from `main`
+2. Keep changes focused — one feature or fix per PR
+3. Make sure `bun run build` passes before submitting
+4. Write a clear PR description explaining what changed and why
+
+## Issues
+
+- Use the bug report template for bugs
+- Use the feature request template for ideas
+- Search existing issues before opening a new one
+
+## Code Style
+
+- TypeScript with strict mode
+- Descriptive variable names
+- Functions under 30 lines where possible
+- Guard clauses over deep nesting
+
+## Security
+
+If you find a security vulnerability, **do not open a public issue**. See [SECURITY.md](SECURITY.md) for responsible disclosure instructions.

README.md

@@ -8,10 +8,11 @@
 </p>
 
 <p align="center">
-  <a href="https://www.npmjs.com/package/solblade"><img src="https://img.shields.io/npm/v/solblade?style=flat-square&color=00ffc8" alt="npm" /></a>
+  <a href="https://github.com/shillshady/solblade/actions/workflows/ci.yml"><img src="https://img.shields.io/github/actions/workflow/status/shillshady/solblade/ci.yml?style=flat-square&label=CI" alt="CI" /></a>
   <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-blue?style=flat-square" alt="license" /></a>
   <a href="https://bun.sh"><img src="https://img.shields.io/badge/runtime-Bun-f472b6?style=flat-square" alt="bun" /></a>
   <a href="https://modelcontextprotocol.io"><img src="https://img.shields.io/badge/protocol-MCP-7c3aed?style=flat-square" alt="MCP" /></a>
+  <a href="https://github.com/shillshady/solblade/stargazers"><img src="https://img.shields.io/github/stars/shillshady/solblade?style=flat-square&color=f5c542" alt="stars" /></a>
 </p>
 
 <p align="center">

SECURITY.md

@@ -0,0 +1,36 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.1.x   | Yes       |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Solblade, **do not open a public issue**.
+
+Instead, please report it privately by emailing **shillshady@proton.me** with:
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+You will receive a response within 72 hours. Critical issues will be patched and released as soon as possible.
+
+## Scope
+
+The following are in scope for security reports:
+
+- Keystore encryption weaknesses
+- MCP server permission bypasses
+- Session/authentication flaws
+- Private key exposure vectors
+- Audit log tampering
+
+Out of scope:
+
+- Issues in upstream dependencies (report those to the dependency maintainer)
+- Social engineering attacks
+- Denial of service via excessive CLI usage