Add repository maturity workflow

Author: AybarsBarut

.github/CODEOWNERS

@@ -0,0 +1,28 @@
+# Nexus-APCP ownership map.
+# Replace @AybarsBarut with a team handle when the project gains maintainers.
+
+* @AybarsBarut
+
+# Public positioning and repository metadata
+README.md @AybarsBarut
+docs/SEO_CHECKLIST.md @AybarsBarut
+codemeta.json @AybarsBarut
+CITATION.cff @AybarsBarut
+.github/repository-metadata.yml @AybarsBarut
+
+# Protocol and prompt surface
+AI_PROJECT_CONTEXT_PROTOCOL.md @AybarsBarut
+AI_MAIN.md @AybarsBarut
+AI_ASSISTANT_PROMPT_TEMPLATES.md @AybarsBarut
+MASTER_PROMPT.md @AybarsBarut
+CAVEMAN_RULES.md @AybarsBarut
+DECISION_LOG_PROTOCOL.md @AybarsBarut
+
+# Safety-sensitive docs
+SECURITY.md @AybarsBarut
+DOMAIN_SPECIFIC_GITIGNORE_PROTOCOLS.md @AybarsBarut
+WORKSPACE_SPECIFIC_DELIVERY_PROTOCOLS.md @AybarsBarut
+
+# Automation and validation
+scripts/ @AybarsBarut
+.github/workflows/ @AybarsBarut

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,47 @@
+name: Bug report
+description: Report a broken command, bad link, incorrect instruction, or repository behavior problem.
+title: "fix: "
+labels:
+  - bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for helping improve Nexus-APCP. Do not include secrets, private project context, generated private prompt bundles, or exploit details.
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What is broken or incorrect?
+      placeholder: The setup guide references a file that does not exist.
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      description: List the exact command, file, or section involved.
+      placeholder: |
+        1. Open ...
+        2. Run ...
+        3. See ...
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: What should happen instead?
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - README
+        - Protocol template
+        - Prompt templates
+        - Scripts
+        - GitHub metadata
+        - Examples
+        - Security guidance
+        - Other
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Security-sensitive report
+    url: https://github.com/AybarsBarut/Nexus-APCP/security/advisories/new
+    about: Use private vulnerability reporting when available. Do not disclose sensitive details in public issues.
+  - name: Repository SEO checklist
+    url: https://github.com/AybarsBarut/Nexus-APCP/blob/master/docs/SEO_CHECKLIST.md
+    about: Check current repository positioning, topics, and metadata before opening SEO-related issues.

.github/ISSUE_TEMPLATE/docs_improvement.yml

@@ -0,0 +1,27 @@
+name: Documentation improvement
+description: Suggest clearer wording, missing setup steps, or better examples.
+title: "docs: "
+labels:
+  - documentation
+body:
+  - type: textarea
+    id: section
+    attributes:
+      label: Documentation section
+      description: Which file or section should change?
+      placeholder: README.md Quick Start, SETUP_GUIDE.md Step 2, etc.
+    validations:
+      required: true
+  - type: textarea
+    id: improvement
+    attributes:
+      label: Suggested improvement
+      description: Explain what is confusing or missing.
+    validations:
+      required: true
+  - type: textarea
+    id: audience
+    attributes:
+      label: Intended audience
+      description: Who benefits from this change?
+      placeholder: New users, maintainers, AI agents, teams adopting Cursor, etc.

.github/ISSUE_TEMPLATE/protocol_suggestion.yml

@@ -0,0 +1,41 @@
+name: Protocol suggestion
+description: Propose a new Nexus-APCP workflow, prompt, delivery gate, or example kit.
+title: "feat: "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: use_case
+    attributes:
+      label: Use case
+      description: What AI-assisted development scenario should Nexus-APCP support better?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposal
+      description: Describe the protocol, template, checklist, or example you want added.
+    validations:
+      required: true
+  - type: textarea
+    id: safety
+    attributes:
+      label: Safety and privacy considerations
+      description: Note any private context, secrets, customer data, or security risks this workflow must avoid.
+  - type: dropdown
+    id: domain
+    attributes:
+      label: Domain
+      options:
+        - General AI-assisted development
+        - Web app
+        - Backend/API
+        - AI/RAG/LLM
+        - Mobile
+        - Game development
+        - DevOps/Infrastructure
+        - Security/Penetration testing
+        - Other
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/security_private.yml

@@ -0,0 +1,24 @@
+name: Security-sensitive issue
+description: Use this only for non-sensitive security process improvements. Do not disclose vulnerabilities publicly.
+title: "security: "
+labels:
+  - security
+body:
+  - type: markdown
+    attributes:
+      value: |
+        If this is a vulnerability report, do not continue here. Use GitHub private vulnerability reporting if available, or request a private contact without sharing details.
+  - type: textarea
+    id: safe_summary
+    attributes:
+      label: Safe summary
+      description: Describe the documentation or process improvement without exploit details.
+    validations:
+      required: true
+  - type: checkboxes
+    id: confirmation
+    attributes:
+      label: Public safety confirmation
+      options:
+        - label: This issue does not include secrets, exploit details, private infrastructure, customer data, or generated private context.
+          required: true

.github/pull_request_template.md

@@ -0,0 +1,26 @@
+## Summary
+
+Describe what changed and why it matters for Nexus-APCP users.
+
+## Change Type
+
+- [ ] Protocol or template change
+- [ ] Documentation improvement
+- [ ] Prompt/template improvement
+- [ ] Repository metadata or SEO
+- [ ] Script or validation change
+- [ ] Security or safe-publishing guidance
+- [ ] Example kit update
+
+## Review Checklist
+
+- [ ] The change is sanitized for public release.
+- [ ] README, SEO metadata, and related docs stay consistent when public positioning changed.
+- [ ] File links and command examples are valid.
+- [ ] Private context, secrets, generated prompt bundles, and sensitive security details are not included.
+- [ ] `python scripts/validate-repo.py` passes, or the reason it was skipped is explained.
+- [ ] `TASK_PROGRESS.yaml` is updated when this completes a tracked repository task.
+
+## Notes for Reviewers
+
+Mention any tradeoffs, follow-up work, or areas that need extra attention.

.github/pull_request_title_conventions.md

@@ -0,0 +1,42 @@
+# Pull Request Title Conventions
+
+Nexus-APCP uses simple conventional titles so changelogs, releases, and repository history stay readable.
+
+## Format
+
+```text
+type(optional-scope): Summary in imperative present tense
+```
+
+Examples:
+
+```text
+docs(readme): Clarify AI Project Context Protocol positioning
+feat(examples): Add backend API context kit
+fix(script): Handle Unicode output on Windows
+chore(metadata): Refresh repository SEO topics
+```
+
+## Types
+
+| Type | Use for |
+| :--- | :--- |
+| `feat` | New protocol capabilities, example kits, or user-facing assets. |
+| `fix` | Corrections to broken links, scripts, incorrect guidance, or unsafe defaults. |
+| `docs` | Documentation-only changes. |
+| `prompt` | Prompt templates, AI instructions, or agent guidance. |
+| `security` | Safe-publishing guidance, private-context handling, or vulnerability-reporting process. |
+| `ci` | GitHub Actions or repository validation automation. |
+| `chore` | Metadata, maintenance, cleanup, or non-user-facing updates. |
+
+## Scopes
+
+Common scopes include `readme`, `protocol`, `prompts`, `security`, `seo`, `examples`, `scripts`, `github`, and `agents`.
+
+## Rules
+
+- Use the imperative present tense: `Add`, `Clarify`, `Fix`, `Update`.
+- Capitalize the first word after the colon.
+- Do not end the title with a period.
+- Do not include secrets, private project names, customer names, or vulnerability details.
+- For breaking protocol changes, add `!` before the colon and describe the migration path in the PR body.

.github/workflows/validate.yml

@@ -0,0 +1,28 @@
+name: Validate Repository
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    name: Validate docs and metadata
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Run repository validation
+        run: python scripts/validate-repo.py

AGENTS.md

@@ -0,0 +1,83 @@
+# Nexus-APCP Agent Guide
+
+This file gives AI coding assistants and automation agents the repository-specific rules for working on Nexus-APCP. Treat it as the first file to read before changing docs, prompts, scripts, metadata, or examples.
+
+## Project Overview
+
+Nexus-APCP is an open-source AI Project Context Protocol. The repository is a documentation and workflow kit, not a runtime application. Its purpose is to help developers give AI coding assistants stable project memory, task state, decision history, safety rules, and token-efficient communication patterns.
+
+The public repository should remain safe to share. Real project context files, private architecture maps, secrets, generated prompt bundles, customer data, and security runbooks must not be committed unless they are sanitized templates.
+
+## Primary Files
+
+| Path | Role |
+| :--- | :--- |
+| `README.md` | Public product page, quick start, SEO surface, and first-time user orientation. |
+| `AI_PROJECT_CONTEXT_PROTOCOL.md` | Main protocol template for project identity, architecture, rules, and context. |
+| `AI_MAIN.md` | AI execution orchestrator and session checkpoint flow. |
+| `TASK_PROGRESS.yaml` | Current task state, sprint status, and repository maintenance progress. |
+| `DECISION_LOG_PROTOCOL.md` | Decision history and architecture intent protocol. |
+| `CAVEMAN_RULES.md` | Token-efficient communication rules. |
+| `AI_ASSISTANT_PROMPT_TEMPLATES.md` | Reusable prompts for common AI-assisted development scenarios. |
+| `WORKSPACE_SPECIFIC_DELIVERY_PROTOCOLS.md` | Domain-specific delivery gates and release expectations. |
+| `DOMAIN_SPECIFIC_GITIGNORE_PROTOCOLS.md` | Safe publishing patterns for different project domains. |
+| `scripts/apcp-gather.py` | Generates an AI-ready context bundle from core protocol files. |
+| `docs/SEO_CHECKLIST.md` | Repository SEO metadata and keyword source of truth. |
+
+## Essential Commands
+
+Run these from the repository root.
+
+```bash
+python scripts/apcp-gather.py --caveman
+python scripts/validate-repo.py
+```
+
+On Windows, the PowerShell checkpoint can also be used:
+
+```powershell
+powershell -ExecutionPolicy Bypass -File scripts/checkpoint.ps1
+```
+
+## Working Rules
+
+- Keep changes scoped to the requested protocol, documentation, metadata, or script behavior.
+- Preserve the public/private boundary. Public templates are welcome; filled private project context is not.
+- Prefer durable wording over model-version-specific wording.
+- Keep repository-facing terminology consistent: `Nexus-APCP`, `AI Project Context Protocol`, `context engineering`, `AI-assisted development`, and `token optimization`.
+- Update `TASK_PROGRESS.yaml` when completing a visible repository maintenance task.
+- Update `docs/SEO_CHECKLIST.md`, `codemeta.json`, or `.github/repository-metadata.yml` when changing search-facing positioning.
+- Use concise comments only when they explain non-obvious validation, safety, or release behavior.
+
+## Security Publishing Hygiene
+
+This is a public repository. When working on security-related docs or fixes:
+
+- Do not expose exploit paths, attack names, private infrastructure, or sensitive project identifiers in branch names, commit messages, PR titles, test names, or comments.
+- Use neutral functional wording, such as `improve input validation`, instead of naming the vulnerability class.
+- Keep vulnerability details in private reporting channels.
+- Never commit `PROMPT_READY.txt` generated from a private project.
+- Do not weaken `.gitignore`, security guidance, or private-context warnings without a clear replacement.
+
+## Documentation Style
+
+- First-time users should understand what the protocol does within the first screen of the README.
+- Prefer examples that are easy to adapt across Claude Code, Cursor, ChatGPT, Gemini, GitHub Copilot, local LLMs, and other agents.
+- Avoid claims that require live proof unless the repository provides the evidence.
+- Use tables for file maps, checklists for setup/review flows, and short code blocks for commands.
+- Keep public examples realistic but sanitized.
+
+## Review Checklist
+
+Before finishing a change, verify:
+
+- Required public files still exist.
+- Markdown links added by the change are valid or intentionally external.
+- JSON files parse.
+- SVG assets parse as XML.
+- `scripts/apcp-gather.py --caveman` runs successfully.
+- The change does not add private context, secrets, generated prompt bundles, or sensitive security details.
+
+## AI Adapter Files
+
+Adapter files such as `CLAUDE.md`, `GEMINI.md`, `CURSOR.md`, `COPILOT.md`, and `CODEX.md` should stay short. They should point back to this file and mention only tool-specific startup behavior when necessary.