feat: add v0.1 basd coding dispatch repo skeleton

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,49 @@
+name: Bug report
+description: Report a workflow, provider, harness, integration, or user-config bug.
+title: "[Bug]: "
+labels:
+  - bug
+body:
+  - type: dropdown
+    id: cause_area
+    attributes:
+      label: Where does the issue appear to come from?
+      options:
+        - Workflow/process
+        - Provider behavior
+        - Harness or integration
+        - User configuration
+        - Unsure
+    validations:
+      required: true
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: What happened, and what did you expect?
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Reproduction steps
+      description: Include commands, target provider, and relevant file paths.
+      placeholder: |
+        1. Run ...
+        2. Observe ...
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence
+      description: Paste logs, transcripts, screenshots, or minimal examples. Remove private data first.
+    validations:
+      required: true
+  - type: checkboxes
+    id: safety
+    attributes:
+      label: Safety check
+      options:
+        - label: I removed credentials, private paths, chat identifiers, and private project data.
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security report
+    url: https://github.com/damienen/basd-coding-dispatch/security/advisories/new
+    about: Report sensitive vulnerabilities privately.

.github/ISSUE_TEMPLATE/docs_install_issue.yml

@@ -0,0 +1,51 @@
+name: Docs or install issue
+description: Report unclear docs, scaffold problems, or install confusion.
+title: "[Docs/install]: "
+labels:
+  - documentation
+body:
+  - type: dropdown
+    id: target
+    attributes:
+      label: Target
+      options:
+        - Hermes
+        - OpenClaw
+        - Codex CLI
+        - Claude Code
+        - OpenCode
+        - Cursor
+        - Generic agent
+        - Repository docs
+    validations:
+      required: true
+  - type: textarea
+    id: confusion
+    attributes:
+      label: What was confusing or broken?
+    validations:
+      required: true
+  - type: textarea
+    id: attempted
+    attributes:
+      label: What did you try?
+      description: Include commands and outputs if relevant.
+    validations:
+      required: true
+  - type: input
+    id: install_command
+    attributes:
+      label: Install command
+      description: Example: npx basd-coding-dispatch init --target openclaw --dir ~/openclaw-workspace
+  - type: input
+    id: install_target_path
+    attributes:
+      label: Target/path
+      description: Include the target and destination path, with private home/project names redacted if needed.
+  - type: checkboxes
+    id: safety
+    attributes:
+      label: Safety check
+      options:
+        - label: I removed credentials, private paths, chat identifiers, and private project data.
+          required: true

.github/ISSUE_TEMPLATE/provider_adapter_request.yml

@@ -0,0 +1,51 @@
+name: Provider adapter request
+description: Request or document support for a provider, harness, plugin, or extension mechanism.
+title: "[Provider adapter]: "
+labels:
+  - provider-adapter
+body:
+  - type: input
+    id: target_tool
+    attributes:
+      label: Target tool
+      description: Name and version of the provider, harness, editor, or agent tool.
+    validations:
+      required: true
+  - type: textarea
+    id: mechanism
+    attributes:
+      label: Plugin or extension mechanism
+      description: Describe the native mechanism, manifest format, install directory, or manual instruction path.
+    validations:
+      required: true
+  - type: textarea
+    id: manual_attempt
+    attributes:
+      label: Manual install attempt
+      description: What did you try with the current file-based scaffold?
+    validations:
+      required: true
+  - type: textarea
+    id: validation_evidence
+    attributes:
+      label: Validation evidence
+      description: Include commands, transcripts, screenshots, or a minimal fixture showing the adapter works.
+    validations:
+      required: true
+  - type: dropdown
+    id: requested_status
+    attributes:
+      label: Requested status label
+      options:
+        - experimental
+        - tested
+        - planned
+    validations:
+      required: true
+  - type: checkboxes
+    id: safety
+    attributes:
+      label: Safety check
+      options:
+        - label: I removed credentials, private paths, chat identifiers, and private project data.
+          required: true

.github/ISSUE_TEMPLATE/workflow_improvement.yml

@@ -0,0 +1,40 @@
+name: Workflow improvement
+description: Suggest a gate, review, verification, or dispatch-process improvement.
+title: "[Workflow]: "
+labels:
+  - workflow
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What failure mode does this improvement prevent?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposal
+      description: Describe the process change and where it belongs.
+    validations:
+      required: true
+  - type: dropdown
+    id: location
+    attributes:
+      label: Best location
+      options:
+        - Core skill
+        - References
+        - Integration docs
+        - Examples
+        - CLI or validation
+        - Unsure
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence or example
+      description: Add a short transcript, example, or failure case.
+    validations:
+      required: false

.github/pull_request_template.md

@@ -0,0 +1,41 @@
+## Problem Solved
+
+Describe the failure mode, user need, or workflow gap this PR solves.
+
+## Scope Fit
+
+- [ ] This belongs in core rather than an integration.
+- [ ] This belongs in an integration rather than core.
+- [ ] This is docs/examples/tooling only.
+
+Explain the choice:
+
+## Provider or Harness Tested
+
+Name the provider, harness, or generic workflow tested:
+
+## Evidence
+
+Add transcript, command output, screenshot, or example:
+
+## Docs Updated
+
+- [ ] README updated if public behavior changed.
+- [ ] Integration docs updated if provider behavior changed.
+- [ ] Examples updated if workflow behavior changed.
+- [ ] Status labels remain honest.
+
+## Verification
+
+- [ ] `npm run validate`
+- [ ] `npm run smoke-test`
+- [ ] `npm pack --dry-run`
+
+## Human Review
+
+- [ ] I want human review before merge.
+
+## Safety
+
+- [ ] No credentials, private paths, chat identifiers, or private project data.
+- [ ] No unvalidated native marketplace/plugin metadata.

.github/workflows/ci.yml

@@ -0,0 +1,36 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install
+        run: npm ci
+
+      - name: Validate
+        run: npm run validate
+
+      - name: Smoke test
+        run: npm run smoke-test
+
+      - name: Pack dry run
+        run: npm pack --dry-run

.github/workflows/release.yml

@@ -0,0 +1,52 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: npm
+          registry-url: https://registry.npmjs.org
+
+      - name: Install
+        run: npm ci
+
+      - name: Validate
+        run: npm run validate
+
+      - name: Smoke test
+        run: npm run smoke-test
+
+      - name: Pack dry run
+        run: npm pack --dry-run
+
+      - name: Check tag matches package version
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+        run: |
+          node -e "const pkg=require('./package.json'); const tag=process.env.GITHUB_REF_NAME; if (tag !== 'v' + pkg.version) { console.error(`Tag ${tag} does not match package version ${pkg.version}`); process.exit(1); }"
+
+      - name: Publish to npm
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --access public --provenance
+
+      - name: Skip publish for manual run
+        if: github.event_name == 'workflow_dispatch'
+        run: echo "workflow_dispatch runs validation, smoke test, and pack dry run only; skipping npm publish."

.gitignore

@@ -0,0 +1,7 @@
+node_modules/
+*.log
+.DS_Store
+.env
+.env.*
+coverage/
+npm-debug.log*

AGENTS.md

@@ -0,0 +1,36 @@
+# AGENTS.md
+
+## Anti-Slop Governance
+
+This repository is for plan-first AI coding. Do not treat a strong model as a substitute for process.
+
+## Required Conduct
+
+1. Classify the request before implementation.
+2. Choose the provider or provider split explicitly.
+3. Use a spec gate when the request is ambiguous, user-facing, broad, risky, or cross-module.
+4. Use an implementation-plan gate before feature work.
+5. Keep code changes scoped to the approved plan.
+6. Use independent review for meaningful implementation work.
+7. Verify before reporting completion.
+8. Report exact commands, evidence, skipped checks, and remaining risk.
+
+## Hard Stops
+
+- Do not invent marketplace/plugin support that has not been validated.
+- Do not add hidden provider metadata unless the install path is tested.
+- Do not commit private paths, credentials, private chat identifiers, or private client/project data.
+- Do not push, publish, release, or open a PR unless the maintainer explicitly asks.
+- Do not mark work complete without verification evidence.
+
+## Repo Checks
+
+Run these before completion:
+
+```bash
+npm run validate
+npm run smoke-test
+npm pack --dry-run
+```
+
+Use `npm ci` when a lockfile is present and dependency installation is part of the task.

CHANGELOG.md

@@ -0,0 +1,8 @@
+# Changelog
+
+## 0.1.0
+
+- Initial public repo skeleton.
+- Added npm scaffolder with native Hermes/OpenClaw skill installs and target-specific manual adapter files.
+- Added Hermes/OpenClaw-first public skill and self-contained skill-local process references.
+- Added examples, governance docs, GitHub templates, CI, and safe release workflow skeleton.