chore(release): v0.15.1 (Monorepo Unification)

.bumpversion.toml

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 [tool.bumpversion]
-current_version = "0.15.0"
+current_version = "0.15.1"
 parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<patch>\\d+)((?P<pre_l>a|b|rc)(?P<pre_n>\\d+))?"
 serialize = [
     "{major}.{minor}.{patch}{pre_l}{pre_n}",
@@ -16,6 +16,16 @@ optional_value = "final"
 [tool.bumpversion.parts.pre_n]
 first_value = 1
 
+[[tool.bumpversion.files]]
+filename = "mkdocs.yml"
+search = 'zenzic_version: "{current_version}"'
+replace = 'zenzic_version: "{new_version}"'
+
+[[tool.bumpversion.files]]
+filename = "CHANGELOG.md"
+search = "## [{current_version}] - Unreleased"
+replace = "## [{new_version}] - Unreleased"
+
 [[tool.bumpversion.files]]
 filename = "pyproject.toml"
 search = 'version = "{current_version}"'

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -83,3 +83,5 @@ body:
       options:
         - label: I have searched existing issues and this is not already proposed.
           required: true
+        - label: Documentation updated (if applicable)
+          required: false

.github/ISSUE_TEMPLATE/security_vulnerability.yml

@@ -29,7 +29,7 @@ body:
     attributes:
       label: Zenzic version
       description: Output of `zenzic --version`
-      placeholder: "0.15.0"
+      placeholder: "0.15.1"
     validations:
       required: true
 

.github/workflows/ci.yml

@@ -50,13 +50,16 @@ jobs:
         run: uv python install ${{ matrix.python-version }}
 
       - name: Sync dependencies
-        run: uv sync --all-groups --frozen
+        run: uv sync --all-groups --all-extras --frozen
 
       - name: Run unit tests
         run: just test
 
       - name: Run Zenzic Quality Gate
-        run: uv run zenzic check all . --strict --ci
+        run: uv run zenzic check all --strict --format github-annotations --ci
+
+      - name: Build Docs
+        run: uv run mkdocs build --strict
 
       - name: Verify Badge Freshness
         run: uv run zenzic score --check-stamp --ci

.github/workflows/codeql.yml

@@ -0,0 +1,53 @@
+# SPDX-FileCopyrightText: 2026 PythonWoods <dev@pythonwoods.dev>
+# SPDX-License-Identifier: Apache-2.0
+
+name: Zenzic Docs CodeQL
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'src/**'
+      - 'scripts/**'
+      - '.github/workflows/codeql.yml'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'src/**'
+      - 'scripts/**'
+      - '.github/workflows/codeql.yml'
+  schedule:
+    - cron: '24 3 * * 1'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    if: vars.ENABLE_CODEQL == 'true'
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript-typescript
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3

.github/workflows/dependency-review.yml

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2026 PythonWoods <dev@pythonwoods.dev>
+# SPDX-License-Identifier: Apache-2.0
+
+name: Zenzic Docs Dependency Review
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'pyproject.toml'
+      - 'uv.lock'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: dependency-review-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  dependency-review:
+    name: Review
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0

.github/workflows/release-docs.yml

@@ -0,0 +1,71 @@
+# SPDX-FileCopyrightText: 2026 PythonWoods <dev@pythonwoods.dev>
+# SPDX-License-Identifier: Apache-2.0
+
+name: Zenzic Docs Release Docs
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  deployments: write
+
+concurrency:
+  group: release-docs-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+        with:
+          enable-cache: true
+
+      - name: Build Docs
+        run: |
+          uv run mkdocs build --strict
+
+      - name: Set artifact name
+        id: vars
+        run: |
+          if [ "${{ github.ref_type }}" = "tag" ]; then
+            echo "name=docs-build-${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "name=docs-build-run-${{ github.run_number }}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Archive build output
+        run: tar -czf "${{ steps.vars.outputs.name }}.tar.gz" site
+
+      - name: Upload workflow artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: ${{ steps.vars.outputs.name }}
+          path: ${{ steps.vars.outputs.name }}.tar.gz
+          retention-days: 30
+
+      - name: Publish GitHub release (tags only)
+        if: github.ref_type == 'tag'
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
+        with:
+          files: ${{ steps.vars.outputs.name }}.tar.gz
+          generate_release_notes: true
+
+      - name: Deploy to Cloudflare Pages
+        uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          command: pages deploy site --project-name=zenzic-doc

.github/workflows/release.yml

@@ -29,7 +29,7 @@ jobs:
           enable-cache: true
 
       - name: Sync dependencies (frozen lockfile)
-        run: uv sync --all-groups --frozen
+        run: uv sync --all-groups --all-extras --frozen
 
       - name: Build
         run: uv build

.markdownlint-cli2.jsonc

@@ -0,0 +1,28 @@
+/*
+ * SPDX-FileCopyrightText: 2026 PythonWoods <dev@pythonwoods.dev>
+ * SPDX-License-Identifier: Apache-2.0
+ */
+{
+  "$schema": "https://raw.githubusercontent.com/DavidAnson/markdownlint-cli2/main/schema/markdownlint-cli2-config-schema.json",
+  "globs": [
+    "README.md",
+    "docs/**/*.md",
+    "docs/**/*.mdx",
+    "i18n/**/*.md",
+    "i18n/**/*.mdx"
+  ],
+  "gitignore": true,
+  "config": {
+    "default": true,
+    "MD013": false,
+    "MD024": { "siblings_only": true },
+    "MD025": { "front_matter_title": "" },
+    "MD033": false,
+    "MD036": false,
+    "MD037": false,
+    "MD041": false,
+    "MD003": { "style": "atx" },
+    "MD010": { "code_blocks": false },
+    "MD046": false
+  }
+}

.pre-commit-hooks.yaml

@@ -7,7 +7,7 @@
 #
 #   repos:
 #     - repo: https://github.com/PythonWoods/zenzic
-#       rev: v0.15.0
+#       rev: v0.15.1
 #       hooks:
 #         - id: zenzic-verify    # quality gate — corrisponde a `just verify` lato zenzic
 #         - id: zenzic-guard     # fast staged-file credential scan

.readthedocs.yaml

@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2025 PythonWoods <dev@pythonwoods.dev>
+# SPDX-License-Identifier: Apache-2.0
+
+# Read the Docs configuration for MkDocs Material
+# Migrated from zensical in Sprint 0.14.1
+version: 2
+
+build:
+  os: ubuntu-24.04
+  tools:
+    python: "3.12"
+
+  commands:
+    - python -m pip install uv
+    - uv sync
+    - uv run mkdocs build --strict
+    - mkdir --parents $READTHEDOCS_OUTPUT/html/
+    - cp --recursive site/* $READTHEDOCS_OUTPUT/html/