ci: replace legacy workflow with 3 modern workflows (devkit pattern)

Removed:
  kariri-ci-cd.yml — outdated (PHP 8.3, security-checker deprecated,
                     no Psalm, no kcode integration)

Added:
  ci.yml            — unified fast-feedback pipeline using kcode quality
                      (PHP 8.4, pcov, actions@v4, openssl ext)

  code-quality.yml  — 6 parallel jobs with quality-summary gate:
                       • Dependency Validation (composer validate + check-platform-reqs)
                       • Security Audit (composer audit)
                       • PHPStan via kcode analyse --tool=phpstan
                       • Psalm via kcode analyse --tool=psalm
                       • CS Fixer via kcode cs:fix --check
                       • PHPUnit via kcode test --coverage (pcov)
                      Triggers: main, develop, feature/**, PRs, manual dispatch

  release.yml       — runs full kcode quality pipeline before creating
                      GitHub Release on tag push (v*); includes dotenv
                      quick-start usage in release notes

All workflows:
  - PHP 8.4 (was 8.3)
  - actions/checkout@v4 + shivammathur/setup-php@v2 (was @V3)
  - openssl extension (required for AES-256-GCM encryption tests)
  - kcode via vendor/bin/kcode (kariricode-devkit)

Author: walmir-silva

.github/workflows/ci.yml

@@ -0,0 +1,36 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  quality:
+    name: Quality Pipeline
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml, openssl
+          coverage: pcov
+
+      - name: Install dependencies
+        run: composer install --no-interaction --prefer-dist --optimize-autoloader
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Code style check
+        run: vendor/bin/kcode cs:fix --check
+
+      - name: Static analysis (PHPStan + Psalm)
+        run: vendor/bin/kcode analyse
+
+      - name: Tests with coverage
+        run: vendor/bin/kcode test --coverage

.github/workflows/code-quality.yml

@@ -0,0 +1,201 @@
+name: Code Quality
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - 'feature/**'
+  pull_request:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
+
+jobs:
+  # ============================================================================
+  # DEPENDENCY VALIDATION
+  # ============================================================================
+  dependencies:
+    name: Dependency Validation
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer:v2
+          coverage: none
+
+      - name: Validate composer.json
+        run: composer validate --strict --no-check-lock
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Check platform requirements
+        run: composer check-platform-reqs
+
+  # ============================================================================
+  # SECURITY AUDIT
+  # ============================================================================
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Run composer audit
+        run: composer audit --format=plain
+
+  # ============================================================================
+  # STATIC ANALYSIS — PHPStan (via kcode)
+  # ============================================================================
+  phpstan:
+    name: PHPStan Static Analysis
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml, openssl
+          coverage: none
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Run PHPStan via kcode
+        run: vendor/bin/kcode analyse --tool=phpstan
+
+  # ============================================================================
+  # STATIC ANALYSIS — Psalm (via kcode)
+  # ============================================================================
+  psalm:
+    name: Psalm Static Analysis
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml, openssl
+          coverage: none
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Run Psalm via kcode
+        run: vendor/bin/kcode analyse --tool=psalm
+
+  # ============================================================================
+  # CODE STYLE (PHP CS Fixer via kcode)
+  # ============================================================================
+  cs-fixer:
+    name: Code Style Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml
+          coverage: none
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Check code style via kcode
+        run: vendor/bin/kcode cs:fix --check
+
+  # ============================================================================
+  # TESTS WITH COVERAGE
+  # ============================================================================
+  tests:
+    name: PHPUnit Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml, openssl
+          coverage: pcov
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --no-scripts
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Run tests with coverage
+        run: vendor/bin/kcode test --coverage
+
+  # ============================================================================
+  # QUALITY SUMMARY
+  # ============================================================================
+  quality-summary:
+    name: Quality Summary
+    runs-on: ubuntu-latest
+    needs: [dependencies, security, phpstan, psalm, cs-fixer, tests]
+    if: always()
+
+    steps:
+      - name: Check overall quality status
+        run: |
+          echo "## Quality Checks Summary" >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Check | Status |" >> "$GITHUB_STEP_SUMMARY"
+          echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Dependencies | ${{ needs.dependencies.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Security | ${{ needs.security.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| PHPStan | ${{ needs.phpstan.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Psalm | ${{ needs.psalm.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| CS Fixer | ${{ needs.cs-fixer.result }} |" >> "$GITHUB_STEP_SUMMARY"
+          echo "| Tests | ${{ needs.tests.result }} |" >> "$GITHUB_STEP_SUMMARY"
+
+          if [ "${{ needs.security.result }}" != "success" ] || \
+             [ "${{ needs.phpstan.result }}" != "success" ] || \
+             [ "${{ needs.psalm.result }}" != "success" ] || \
+             [ "${{ needs.cs-fixer.result }}" != "success" ] || \
+             [ "${{ needs.tests.result }}" != "success" ]; then
+            echo "" >> "$GITHUB_STEP_SUMMARY"
+            echo "❌ Quality checks failed." >> "$GITHUB_STEP_SUMMARY"
+            exit 1
+          fi
+
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "✅ All quality checks passed!" >> "$GITHUB_STEP_SUMMARY"

.github/workflows/kariri-ci-cd.yml

@@ -0,0 +1,80 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          extensions: mbstring, xml, openssl
+          coverage: pcov
+          tools: composer:v2
+
+      - name: Install dependencies
+        run: composer install --no-interaction --prefer-dist --optimize-autoloader
+
+      - name: Initialize kcode devkit
+        run: vendor/bin/kcode init
+
+      - name: Run full quality pipeline
+        run: vendor/bin/kcode quality
+
+      - name: Extract version from tag
+        id: version
+        run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.version.outputs.tag }}
+          name: KaririCode Dotenv ${{ steps.version.outputs.tag }}
+          draft: false
+          prerelease: false
+          body: |
+            ## KaririCode\\Dotenv ${{ steps.version.outputs.tag }}
+
+            The only PHP dotenv with auto type casting, AES-256-GCM encryption,
+            OPcache caching, fluent validation DSL, environment-aware loading,
+            and CLI tooling — zero dependencies, PHP 8.4+, ARFA 1.3.
+
+            ## Installation
+
+            ```bash
+            composer require kariricode/dotenv
+            ```
+
+            ## Quick Start
+
+            ```php
+            use KaririCode\Dotenv\Dotenv;
+            use function KaririCode\Dotenv\env;
+
+            $dotenv = new Dotenv(__DIR__);
+            $dotenv->load();
+
+            // Auto type-cast: string, int, float, bool, null, array
+            $debug = env('APP_DEBUG');  // bool
+            $port  = env('DB_PORT');    // int
+
+            // Fluent validation DSL
+            $dotenv->validate()
+                ->required('APP_KEY', 'DB_HOST')
+                ->isInteger('DB_PORT')->between(1, 65535)
+                ->allowedValues('APP_ENV', ['local', 'staging', 'production'])
+                ->assert();
+            ```
+
+            See [CHANGELOG.md](CHANGELOG.md) for details.