Update by AUDIT

Author: MADEVAL

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [20.x, 24.x]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install Playwright browsers
+        run: npx playwright install --with-deps chromium firefox webkit
+
+      - name: Verify
+        run: npm run verify

.gitignore

@@ -1,5 +1,7 @@
 node_modules/
 coverage/
+playwright-report/
+test-results/
 .nyc_output/
 *.log
 .DS_Store

README.md

@@ -1,10 +1,10 @@
 # Fingerprint Framework
 
-Продвинутый каркас для browser fingerprinting и device intelligence с упором на модульность, контроль приватности и готовность к использованию как npm-пакета или обычного JS-файла.
+An advanced browser fingerprinting and device intelligence framework focused on modularity, privacy controls, and production-friendly distribution as both an npm package and a standalone browser script.
 
-Проект намеренно построен без внешних runtime-зависимостей: ESM API, script-tag сборка, типы, тесты на `node:test`, предсказуемый build pipeline.
+The project intentionally has no external runtime dependencies. It ships an ESM API, script-tag builds, TypeScript declarations, `node:test` coverage, and a predictable build pipeline.
 
-## Быстрый старт
+## Quick Start
 
 ```bash
 npm run verify
@@ -27,9 +27,9 @@ const result = await client.identify({
 console.log(result.visitorId, result.confidence.score);
 ```
 
-### Обычный JS-файл для страницы
+### Standalone Browser Script
 
-После сборки подключите файл напрямую:
+After building, include the generated file directly:
 
 ```html
 <script src="./dist/browser/fingerprint-framework.min.js"></script>
@@ -45,20 +45,37 @@ console.log(result.visitorId, result.confidence.score);
 </script>
 ```
 
-## Профили приватности
+## Privacy Profiles
 
-- `strict`: только низкочувствительные пассивные сигналы.
-- `balanced`: пассивные низко- и среднечувствительные сигналы, хороший дефолт для продукта.
-- `extended`: включает активные и высокочувствительные collectors вроде canvas/webgl, использовать только при понятном основании и согласии.
+- `strict`: low-sensitivity passive signals only.
+- `balanced`: low- and medium-sensitivity passive signals, suitable as the default product profile.
+- `extended`: includes active and high-sensitivity collectors such as canvas and WebGL, intended only for explicit product need and consent.
 
-## Основные возможности
+## Capabilities
 
-- Collector API для собственных сигналов.
-- Policy layer: allow/deny collectors, категории, sensitivity limit, consent gate.
-- Детерминированная canonical normalization перед хешированием.
-- SHA-256 через Web Crypto или Node Crypto, fallback для старых окружений.
-- Confidence scoring и сведения об ошибках collectors.
-- Опциональное хранение состояния визитов через `localStorage` или custom storage.
+- Collector API for custom signals.
+- Policy layer with allow/deny collectors, categories, sensitivity limits, and consent gates.
+- Deterministic canonical normalization before hashing.
+- SHA-256 via Web Crypto or Node Crypto, with fallback support for constrained runtimes.
+- Confidence scoring and collector error metadata.
+- Optional visit state storage through `localStorage` or a custom adapter.
 - Script-tag global API: `FingerprintFramework`.
 
-Подробное ТЗ находится в [docs/TECHNICAL_SPEC.md](docs/TECHNICAL_SPEC.md).
+## Package Subpaths
+
+```js
+import { createDefaultCollectors } from '@fingerprint-framework/core/collectors';
+import { createPolicy } from '@fingerprint-framework/core/policy';
+import { createMemoryStorage } from '@fingerprint-framework/core/storage';
+```
+
+## Build And Verification
+
+- Source files live in focused modules under `src/`.
+- `npm run build` bundles package entry points and browser scripts with esbuild.
+- `npm run typecheck` validates published declaration files through package imports.
+- `npm run test:coverage` enforces 100% line, branch, and function coverage for `src/**/*.js`.
+- `npm run test:browser` runs the standalone browser build in Chromium, Firefox, and WebKit.
+- `npm run check:size` enforces the browser minified bundle size budget.
+
+The technical specification is available in [docs/TECHNICAL_SPEC.md](docs/TECHNICAL_SPEC.md). The current implementation audit is available in [docs/AUDIT_REPORT.md](docs/AUDIT_REPORT.md).