feat: initial release

Author: codeismyid

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{js,ts}]
+quote_type = single
+
+[*.md]
+trim_trailing_whitespace = false

.gitattributes

@@ -0,0 +1,4 @@
+*                 text=auto eol=lf
+*.md              text diff=markdown
+*.lockb           binary diff=lockb
+*.json            linguist-language=jsonc

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+/* @codeismyid
+/.github/ @codeismyid
+/.husky/ @codeismyid
+/docs/* @codeismyid
+/scripts/ @codeismyid

.github/renovate.json

@@ -0,0 +1,109 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:best-practices",
+    ":semanticCommits",
+    ":semanticCommitScopeDisabled"
+  ],
+  "labels": ["renovate", "bot"],
+  "schedule": ["at any time"],
+  "prHourlyLimit": 0,
+  "prConcurrentLimit": 0,
+  "dependencyDashboardTitle": "Renovate Dependency Dashboard",
+  "dependencyDashboardLabels": ["renovate", "bot"],
+  "dependencyDashboardOSVVulnerabilitySummary": "all",
+  "osvVulnerabilityAlerts": true,
+  "vulnerabilityAlerts": {
+    "addLabels": ["dependency", "security"],
+    "groupName": null,
+    "schedule": ["at any time"],
+    "dependencyDashboardApproval": false,
+    "minimumReleaseAge": null,
+    "rangeStrategy": "pin",
+    "prCreation": "immediate",
+    "vulnerabilityFixStrategy": "lowest",
+    "additionalBranchPrefix": "security/",
+    "branchTopic": "{{{datasource}}}-{{{depNameSanitized}}}",
+    "commitMessageSuffix": "due to security vulnerability",
+    "commitBody": "Resolve security vulnerability with {{{vulnerabilitySeverity}}} severity level",
+    "packageRules": [
+      {
+        "matchDepTypes": ["dependencies"],
+        "semanticCommitType": "fix"
+      }
+    ]
+  },
+  "pin": {
+    "extends": ["mergeConfidence:all-badges", "security:openssf-scorecard"],
+    "rebaseWhen": "behind-base-branch",
+    "groupName": "",
+    "groupSlug": null,
+    "group": {},
+    "commitMessageAction": "pin",
+    "prBodyDefinitions": {
+      "Change": "`{{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}}` -> `{{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}`"
+    }
+  },
+  "pinDigest": {
+    "extends": ["mergeConfidence:all-badges", "security:openssf-scorecard"],
+    "rebaseWhen": "behind-base-branch",
+    "groupName": "",
+    "groupSlug": "",
+    "group": {},
+    "commitMessageAction": "pin",
+    "prBodyDefinitions": {
+      "Change": "`{{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}}` -> `{{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}`"
+    }
+  },
+  "packageRules": [
+    {
+      "rebaseWhen": "behind-base-branch",
+      "matchFileNames": ["**/bun.lock?(b)", "**/package.json"],
+      "additionalBranchPrefix": "{{{datasource}}}/",
+      "addLabels": ["dependency"],
+      "semanticCommitType": "build",
+      "commitMessageExtra": "from {{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}} to {{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}"
+    },
+    {
+      "matchDepTypes": ["dependencies"],
+      "commitMessageTopic": "dependency {{{depName}}}"
+    },
+    {
+      "matchDepTypes": ["devDependencies"],
+      "commitMessageTopic": "dev-dependency {{{depName}}}"
+    },
+    {
+      "matchDepTypes": ["peerDependencies"],
+      "commitMessageTopic": "peer-dependency {{{depName}}}"
+    },
+    {
+      "rebaseWhen": "behind-base-branch",
+      "matchFileNames": [
+        "**/{workflow-templates,.github,.gitea,.forgejo}/{workflows,actions}/*.yaml",
+        "**/action.yaml"
+      ],
+      "pinDigests": true,
+      "additionalBranchPrefix": "{{{datasource}}}/",
+      "addLabels": ["dependency", "workflow"],
+      "semanticCommitType": "ci",
+      "commitMessageTopic": "{{{depType}}} {{{depName}}}",
+      "commitMessageExtra": "from {{#if currentDigestShort}}{{{currentDigestShort}}}{{else}}{{{currentValue}}}{{/if}} to {{#if newDigestShort}}{{{newDigestShort}}}{{else}}{{{newValue}}}{{/if}}"
+    },
+    {
+      "matchFileNames": ["**/*"],
+      "prBodyDefinitions": {
+        "OpenSSF": "[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})"
+      },
+      "matchUpdateTypes": ["patch", "minor", "major"],
+      "prBodyColumns": [
+        "Package",
+        "Change",
+        "Age",
+        "Adoption",
+        "Passing",
+        "Confidence",
+        "OpenSSF"
+      ]
+    }
+  ]
+}

.github/workflows/ci.yaml

@@ -0,0 +1,213 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches:
+      - "*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  commit:
+    name: Commit check
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            bun.sh:443
+            github.com:443
+            objects.githubusercontent.com:443
+            registry.npmjs.org:443
+
+      - name: Git checkout
+        if: github.event_name == 'push'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+          sparse-checkout: .
+          persist-credentials: false
+
+      - name: Git checkout (full-history)
+        if: github.event_name == 'pull_request'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          sparse-checkout: .
+          ref: ${{ github.head_ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          persist-credentials: false
+
+      - name: Set up bun@latest
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install dependencies
+        run: bun ci
+
+      - name: Run check (push)
+        if: github.event_name == 'push'
+        run: bunx commitlint --last --verbose
+
+      - name: Run check (pull_request)
+        if: github.event_name == 'pull_request'
+        run: bunx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose
+
+  dependency:
+    name: Dependency check
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.securityscorecards.dev:443
+            github.com:443
+
+      - name: Git checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: ${{ github.event_name == 'pull_request' && 1 || 2 }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          persist-credentials: false
+
+      - name: Run check (push)
+        if: github.event_name == 'push'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 #v4.5.0
+        with:
+          allow-licenses: MIT, ISC, CC0-1.0, Apache-2.0, BSD-3-Clause, Unlicense
+          head-ref: ${{ github.sha }}
+          base-ref: ${{ github.event.before }}
+          fail-on-severity: low
+          comment-summary-in-pr: never
+          warn-on-openssf-scorecard-level: 3
+
+      - name: Run check (pull_request)
+        if: github.event_name == 'pull_request'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 #v4.5.0
+        with:
+          allow-licenses: MIT, ISC, CC0-1.0, Apache-2.0, BSD-3-Clause, Unlicense
+          fail-on-severity: low
+          comment-summary-in-pr: on-failure
+          warn-on-openssf-scorecard-level: 3
+
+  format:
+    name: Format check
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            bun.sh:443
+            github.com:443
+            objects.githubusercontent.com:443
+            raw.githubusercontent.com:443
+            registry.npmjs.org:443
+
+      - name: Git checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Set up bun@latest
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install dependencies
+        run: bun ci
+
+      - name: Run check
+        run: bunx biome ci --reporter=github --max-diagnostics=none --no-errors-on-unmatched
+
+  spec:
+    name: Spec check
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            bun.sh:443
+            cli.codecov.io:443
+            github.com:443
+            ingest.codecov.io:443
+            keybase.io:443
+            objects.githubusercontent.com:443
+            registry.npmjs.org:443
+            storage.googleapis.com:443
+
+      - name: Git checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Set up bun@latest
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install dependencies
+        run: bun ci
+
+      - name: Run check
+        run: bun test --coverage --coverage-reporter=lcov --coverage-reporter=text --reporter=junit --reporter-outfile=junit.xml
+
+      - name: Upload lcov
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        with:
+          fail_ci_if_error: true
+
+      - name: Upload test result
+        uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 # v1.1.0
+        with:
+          fail_ci_if_error: true
+
+  type:
+    name: Type check
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            bun.sh:443
+            github.com:443
+            objects.githubusercontent.com:443
+            raw.githubusercontent.com:443
+            registry.npmjs.org:443
+
+      - name: Git checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Set up bun@latest
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install dependencies
+        run: bun ci
+
+      - name: Run check
+        run: |
+          tsc_output=$(bunx tsc; bunx type-coverage)
+          printf "%s" "$tsc_output" | bunx tsc-output-format --formatOnly --formatOutput gha