chore: add repository foundation

[somus]

Summary

• Add contribution, license, security, PR, and issue template docs.
• Add shared mise and hk baseline with check/lint/test/hook tasks.
• Add GitHub Actions guardrails with actionlint, zizmor, and Renovate config.

Refs ATF-7, ATF-8, ATF-9.

Verification

• mise run check
• mise run hooks:install

[coderabbitai]

Warning

Review limit reached

@somus, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 23 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 122cde87-9b76-4ded-8feb-7cb9703e4dad

📥 Commits

Reviewing files that changed from the base of the PR and between 64b7798 and 97ff3cb.

📒 Files selected for processing (2)

• .github/PULL_REQUEST_TEMPLATE.md
• mise.toml

📝 Walkthrough

Walkthrough

This PR establishes the foundational repository configuration for agent-trail/spec by adding GitHub issue and pull request templates, contribution and security documentation, local development infrastructure via mise, a CI verification workflow, and automated dependency management via Renovate.

Changes

Repository Foundation Setup

Layer / File(s)	Summary
Issue and PR Templates .github/ISSUE_TEMPLATE/bug.yml, .github/ISSUE_TEMPLATE/rfc.yml, .github/ISSUE_TEMPLATE/task.yml, .github/ISSUE_TEMPLATE/config.yml, .github/PULL_REQUEST_TEMPLATE.md, CLAUDE.md	Bug, RFC, and task issue templates standardize intake with required fields (behavior, steps, goals, scope, acceptance criteria). PR template guides authors on impact and verification. Issue config disables blank submissions and routes security reports to private advisories. CLAUDE.md symlinks to AGENTS.md.
Contribution, Security, and License Documentation CONTRIBUTING.md, SECURITY.md, LICENSE, AGENTS.md, README.md	CONTRIBUTING.md documents workflow (Linear tracking, Conventional Commits, local setup via mise, PR checks). SECURITY.md directs vulnerability reports to private channels and requires redaction of secrets. LICENSE adds Apache 2.0 terms. AGENTS.md specifies agent scope and safety constraints. README describes the project, related repositories, and development commands.
Local Development and Task Infrastructure mise.toml	mise.toml pins hk, actionlint, and zizmor tools; defines setup (hook installation), check (lint + test aggregation), lint (hk check), test (placeholder), and check:actions (conditional workflow validation) tasks.
CI Verification Workflow .github/workflows/guardrails.yml	guardrails.yml runs on PRs and pushes to main with read-only permissions; initializes mise tooling and executes mise run check to verify repository state.
Automated Dependency Management renovate.json	renovate.json enables Renovate with recommended config, applies dependencies label to updates, and configures repository timezone.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A spec repo needs a home so neat,
With templates, docs, and tasks complete!
From CONTRIBUTING to LICENSE clear,
With mise and GitHub workflows here—
🐰 Ready now for all to cheer!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: add repository foundation' directly describes the main change—adding foundational repository files and configuration.
Description check	✅ Passed	The description is clearly related to the changeset, providing a structured summary of the contributions, verification steps, and issue references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch somus/atf-7-8-9-repo-foundation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request establishes the repository's foundational configuration, including GitHub issue and pull request templates, contributing guidelines, licensing, security policies, and local development tooling using mise and hk. The review feedback identifies a runtime evaluation error in the Pkl configuration (hk.pkl) due to a missing instantiation keyword, suggests simplifying the setup documentation in README.md and CONTRIBUTING.md by utilizing the defined setup task, and recommends removing a redundant timezone property from renovate.json.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/ISSUE_TEMPLATE/config.yml:
- Line 6: Remove the trailing blank line at EOF in each issue template file so
there are no extra blank lines after the final YAML content; specifically edit
config.yml, bug.yml, rfc.yml and task.yml to delete the final empty line so the
files end immediately after their last YAML entry.

In @.github/PULL_REQUEST_TEMPLATE.md:
- Line 1: Add a top-level H1 heading above the existing "## Summary" to satisfy
markdownlint; update the template by inserting a first-line H1 such as "# Pull
Request" (or similar descriptive title) immediately before the existing "##
Summary" section so the file begins with an H1 heading.

In @.github/workflows/guardrails.yml:
- Around line 3-7: Add a GitHub Actions concurrency block at the root of the
workflow to prevent stale duplicate runs by grouping by branch or workflow and
enabling cancel-in-progress; specifically, insert a top-level concurrency
configuration (e.g., using group: ${{ github.workflow }}-${{ github.ref }} and
cancel-in-progress: true) so pushes to branch "main" will cancel any in-progress
older runs and avoid wasted CI capacity.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f25a600a-26f0-44c0-818b-743a70447e35

📥 Commits

Reviewing files that changed from the base of the PR and between 15d6301 and c884905.

⛔ Files ignored due to path filters (1)

• hk.pkl is excluded by !**/*.pkl

📒 Files selected for processing (12)

• .github/ISSUE_TEMPLATE/bug.yml
• .github/ISSUE_TEMPLATE/config.yml
• .github/ISSUE_TEMPLATE/rfc.yml
• .github/ISSUE_TEMPLATE/task.yml
• .github/PULL_REQUEST_TEMPLATE.md
• .github/workflows/guardrails.yml
• CONTRIBUTING.md
• LICENSES.md
• README.md
• SECURITY.md
• mise.toml
• renovate.json

[stage-review]

Ready to review this PR? Stage has broken it down into 3 individual chapters for you:

	Title
1	Establish project documentation and licensing
2	Configure local task runner and git hooks
3	Implement GitHub community and automation guardrails

_{Chapters generated by Stage for commit 97ff3cb on Jun 12, 2026 3:57pm UTC.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/PULL_REQUEST_TEMPLATE.md (1)

1-22: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add Linear issue linkage guidance to PR template.

The template guides contributors on public impact and verification, which aligns with learnings and AGENTS.md instructions. However, the documented requirement to "Link the Linear issue in pull request descriptions" is not explicitly prompted in the template itself. Contributors relying solely on the PR template (rather than cross-referencing AGENTS.md) may miss this step.

Consider adding a section or note to prompt for the Linear issue link. This ensures all three documented PR requirements are self-contained in the template.

💡 Example addition (optional)

You could add a brief section after Summary or before Public Impact:

 ## Summary
 
 - 
+
+## Related Issue
+
+Link to Linear issue (e.g., ATF-123):
 
 ## Public Impact

Or add an inline note in the Summary section reminding contributors to include the Linear link.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/PULL_REQUEST_TEMPLATE.md around lines 1 - 22, Update the PR template
to explicitly prompt for the Linear issue link by adding a short prompt or
checkbox near the existing "## Summary" (or just before "## Public Impact")
asking contributors to "Link the Linear issue (required)"; modify the heading
block that contains "## Summary" so it includes this instruction and, if
desired, a corresponding checkbox or line for the URL to ensure the PR
description captures the Linear issue link consistently.

Source: Learnings

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/PULL_REQUEST_TEMPLATE.md:
- Around line 1-22: Update the PR template to explicitly prompt for the Linear
issue link by adding a short prompt or checkbox near the existing "## Summary"
(or just before "## Public Impact") asking contributors to "Link the Linear
issue (required)"; modify the heading block that contains "## Summary" so it
includes this instruction and, if desired, a corresponding checkbox or line for
the URL to ensure the PR description captures the Linear issue link
consistently.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 412cace8-bc2d-485d-a762-a84302f3021b

📥 Commits

Reviewing files that changed from the base of the PR and between c884905 and 64b7798.

⛔ Files ignored due to path filters (1)

• hk.pkl is excluded by !**/*.pkl

📒 Files selected for processing (13)

• .github/ISSUE_TEMPLATE/bug.yml
• .github/ISSUE_TEMPLATE/config.yml
• .github/ISSUE_TEMPLATE/rfc.yml
• .github/ISSUE_TEMPLATE/task.yml
• .github/PULL_REQUEST_TEMPLATE.md
• .github/workflows/guardrails.yml
• AGENTS.md
• CLAUDE.md
• CONTRIBUTING.md
• LICENSE
• README.md
• mise.toml
• renovate.json

💤 Files with no reviewable changes (4)

• .github/ISSUE_TEMPLATE/config.yml
• .github/ISSUE_TEMPLATE/bug.yml
• .github/ISSUE_TEMPLATE/rfc.yml
• .github/ISSUE_TEMPLATE/task.yml