chore: recover full-chain release automation

.githooks/sync-versions.ts

@@ -118,7 +118,24 @@ for (const pkg of [...packages, ...libraryPackages, ...packagesPackages, ...cliN
   }
 }
 
-// Sync Cargo.toml version
+// Sync root workspace Cargo.toml version
+const workspaceCargoTomlPath = resolve('Cargo.toml')
+try {
+  const cargoContent = readFileSync(workspaceCargoTomlPath, 'utf-8')
+  const cargoUpdated = cargoContent.replace(
+    /(\[workspace\.package\][\s\S]*?^version = ")([^"]+)(")/m,
+    `$1${rootVersion}$3`,
+  )
+  if (cargoContent !== cargoUpdated) {
+    writeFileSync(workspaceCargoTomlPath, cargoUpdated, 'utf-8')
+    console.log(`  ✓ workspace Cargo.toml: version → ${rootVersion}`)
+    changed = true
+  }
+} catch {
+  console.log('⚠️ Cargo.toml not found, skipping')
+}
+
+// Sync GUI Cargo.toml version
 const cargoTomlPath = resolve('gui/src-tauri/Cargo.toml')
 try {
   const cargoContent = readFileSync(cargoTomlPath, 'utf-8')
@@ -172,6 +189,8 @@ if (changed) {
   console.log('\n📦 Versions synced, auto-staging changes...')
   try {
     const filesToStage = [
+      'package.json',
+      'Cargo.toml',
       'cli/package.json',
       'gui/package.json',
       'doc/package.json',
@@ -181,7 +200,7 @@ if (changed) {
       ...libraryPackages.map(p => p.path),
       ...packagesPackages.map(p => p.path),
       ...cliNpmPackages.map(p => p.path),
-    ]
+    ].filter(path => existsSync(resolve(path)))
     execSync(
       `git add ${filesToStage.join(' ')}`,
       { stdio: 'inherit' }

.github/CODEOWNERS

@@ -0,0 +1,10 @@
+# Default owner for repository changes
+* @TrueNine
+
+# High-risk directories
+/.github/ @TrueNine
+/cli/ @TrueNine
+/libraries/ @TrueNine
+/gui/ @TrueNine
+/doc/ @TrueNine
+/scripts/ @TrueNine

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -21,6 +21,8 @@ body:
       options:
         - label: I have searched for duplicate or closed issues
           required: true
+        - label: I redacted secrets, tokens, and private paths from logs or config snippets
+          required: true
   - type: input
     id: os
     attributes:
@@ -37,6 +39,14 @@ body:
       placeholder: "e.g., 2026.10125.0"
     validations:
       required: true
+  - type: input
+    id: first-bad-version
+    attributes:
+      label: First version where this appeared
+      description: If known, tell us the first version where you noticed the problem
+      placeholder: "e.g., worked in 2026.10222.0, broken in 2026.10303.11117"
+    validations:
+      required: false
   - type: dropdown
     id: context
     attributes:
@@ -47,6 +57,20 @@ body:
         - Both / unsure
     validations:
       required: true
+  - type: dropdown
+    id: affected-module
+    attributes:
+      label: Affected module
+      description: Pick the closest area so maintainers can route triage faster
+      options:
+        - Config / sync core
+        - Plugin or adapter pipeline
+        - Native module / N-API binding
+        - CLI packaging / release artifact
+        - GUI shell / updater
+        - Docs / unclear
+    validations:
+      required: true
   - type: input
     id: plugin-context
     attributes:
@@ -87,7 +111,7 @@ body:
     id: additional-context
     attributes:
       label: Additional Context
-      description: Logs, config, screenshots, workarounds
-      placeholder: "Error messages, .tnmsc.json (redact secrets), or environment details."
+      description: Logs, config, screenshots, workarounds, and whether config snippets were redacted
+      placeholder: "Error messages, .tnmsc.json (with secrets removed), screenshots, or environment details."
     validations:
       required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,2 +1,8 @@
 blank_issues_enabled: false
-contact_links: []
+contact_links:
+  - name: Documentation and setup guide
+    url: https://github.com/TrueNine/memory-sync/tree/main/doc
+    about: Read the docs and setup references before opening a support issue.
+  - name: Security policy
+    url: https://github.com/TrueNine/memory-sync/security/policy
+    about: Report vulnerabilities through the security policy instead of opening a public issue.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -8,6 +8,26 @@ body:
         Before submitting, please [search and confirm](https://github.com/TrueNine/memory-sync/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) that the idea does not yet exist. Duplicate requests may be closed.
 
         ---
+  - type: checkboxes
+    id: confirm
+    attributes:
+      label: Before opening, please confirm
+      options:
+        - label: I searched for an existing request or discussion first
+          required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Affected area
+      description: Choose the closest part of the product
+      options:
+        - CLI (tnmsc)
+        - Shared Rust / N-API libraries
+        - GUI (Tauri app)
+        - Docs or onboarding
+        - Multiple / unsure
+    validations:
+      required: true
   - type: textarea
     id: feature-description
     attributes:
@@ -24,6 +44,14 @@ body:
       placeholder: "Concrete examples: which target (Cursor/Kiro/Warp/…), which input source, typical workflow."
     validations:
       required: true
+  - type: textarea
+    id: current-workaround
+    attributes:
+      label: Current workaround
+      description: If you already have a manual workaround, describe it
+      placeholder: "Explain how you are handling this today, and what is still painful."
+    validations:
+      required: false
   - type: textarea
     id: additional-context
     attributes:

.github/actions/setup-tauri/action.yml

@@ -13,6 +13,15 @@ inputs:
 runs:
   using: composite
   steps:
+    - name: Cache Linux package archives
+      if: runner.os == 'Linux'
+      uses: actions/cache@v4
+      with:
+        path: /var/cache/apt/archives
+        key: ${{ runner.os }}-tauri-apt-${{ hashFiles('.github/actions/setup-tauri/action.yml') }}
+        restore-keys: |
+          ${{ runner.os }}-tauri-apt-
+
     - name: Install Linux dependencies
       if: runner.os == 'Linux'
       shell: bash
@@ -46,7 +55,7 @@ runs:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
-          gui/src-tauri/target
+          target
         key: ${{ runner.os }}-cargo-${{ steps.cargo-deps-hash.outputs.hash }}
         restore-keys: |
           ${{ runner.os }}-cargo-
@@ -67,6 +76,6 @@ runs:
     - name: Clean old bundle artifacts
       shell: bash
       run: |
-        if [ -d "gui/src-tauri/target" ]; then
-          find gui/src-tauri/target -type d -name bundle -prune -exec rm -rf {} +
+        if [ -d "target" ]; then
+          find target -type d -name bundle -prune -exec rm -rf {} +
         fi

.github/dependabot.yml

@@ -0,0 +1,145 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - github-actions
+    groups:
+      github-actions:
+        patterns:
+          - '*'
+
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - rust
+    groups:
+      cargo-workspace:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-root:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /cli
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-cli:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /gui
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-gui:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /doc
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-doc:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /libraries/logger
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-logger:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /libraries/md-compiler
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-md-compiler:
+        patterns:
+          - '*'
+
+  - package-ecosystem: npm
+    directory: /libraries/script-runtime
+    schedule:
+      interval: weekly
+      day: monday
+      time: '09:00'
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+    groups:
+      npm-script-runtime:
+        patterns:
+          - '*'

.github/pull_request_template.md

@@ -0,0 +1,38 @@
+## Summary
+
+- Describe the change in one or two sentences.
+
+## Scope
+
+- [ ] CLI (`cli/`)
+- [ ] Shared Rust / N-API libraries (`libraries/`)
+- [ ] GUI (`gui/`)
+- [ ] Docs (`doc/`)
+- [ ] GitHub automation / release chain (`.github/`)
+
+## Release Impact
+
+- [ ] No release or version impact
+- [ ] Affects npm package contents or NAPI publishing
+- [ ] Affects GUI artifacts or GitHub Release flow
+- [ ] Affects config schema, CLI flags, or user-facing behavior
+
+Details:
+
+## Testing
+
+- [ ] Not run locally
+- [ ] Local checks passed
+- [ ] Workflow or YAML validation passed
+
+Commands / evidence:
+
+## Risks and Follow-ups
+
+- List rollout risks, migrations, or follow-up tasks if any.
+
+## Checklist
+
+- [ ] I reviewed version and release implications
+- [ ] I called out any `.github/` or workflow changes above
+- [ ] I documented remaining follow-up work, if any