chore: SECURITY + CodeQL + issue/PR templates + CONTRIBUTING + CHANGELOG

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,29 @@
+name: Bug report
+description: Something isn't working as expected
+labels: [bug]
+body:
+  - type: textarea
+    id: what
+    attributes:
+      label: What's broken?
+      description: Describe what's not working.
+    validations:
+      required: true
+  - type: textarea
+    id: repro
+    attributes:
+      label: Steps to reproduce
+      description: Numbered list, ideally with commit hash + chain ID + URL.
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual behavior
+  - type: input
+    id: version
+    attributes:
+      label: Version / commit
+      placeholder: v2.1.85 / abc1234

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability
+    url: mailto:security@sentriscloud.com
+    about: Report a security issue privately. Do NOT open a public issue.
+  - name: Sentrix Discord
+    url: https://discord.gg/sentrixchain
+    about: General questions and support

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,18 @@
+name: Feature request
+description: Suggest something new
+labels: [enhancement]
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: What problem does this solve?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed approach
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered

.github/pull_request_template.md

@@ -0,0 +1,13 @@
+## Summary
+
+<!-- 1-3 sentences. What changed and why. -->
+
+## Test plan
+
+<!-- Bulleted checklist. Both happy-path and edge cases. -->
+
+- [ ] 
+
+## Related
+
+<!-- Link issues, PRs, audit docs, runbooks. -->

.github/workflows/codeql.yml

@@ -0,0 +1,31 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 5 * * 1'  # Weekly Monday 05:00 UTC
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript-typescript']
+    steps:
+      - uses: actions/checkout@v5
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+      - uses: github/codeql-action/analyze@v3
+        with:
+          category: '/language:${{ matrix.language }}'

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+

CONTRIBUTING.md

@@ -0,0 +1,34 @@
+# Contributing
+
+Thanks for your interest in Sentrix.
+
+## Quick start
+
+1. Fork the repo, clone your fork.
+2. Create a branch: `git checkout -b feat/my-change`.
+3. Make your change. Keep PRs focused.
+4. Run the test suite locally before opening the PR.
+5. Open a pull request against `main`. CI runs automatically.
+
+## PR conventions
+
+- One conceptual change per PR.
+- Conventional-commit-style title: `feat:`, `fix:`, `chore:`, `docs:`, `ci:`, `test:`, `refactor:`.
+- Test plan in the PR body.
+- For consensus-touching code in `sentrix-labs/sentrix`: include a regression test that fails on `main` and passes after.
+
+## Code style
+
+- Match existing patterns in the file/module.
+- No drive-by formatting changes outside the diff.
+- For Rust: `cargo fmt` + `cargo clippy --workspace --tests -- -D warnings` clean.
+- For TypeScript: `pnpm lint` + `pnpm typecheck` clean.
+- For Solidity: `forge fmt` + `forge build` clean.
+
+## Bug reports
+
+Use the issue templates. Include version/commit + reproduction steps.
+
+## Security
+
+Vulnerabilities go to `security@sentriscloud.com`, NOT a public issue. See `SECURITY.md`.

SECURITY.md

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this repository, please report it privately. **Do not open a public GitHub issue.**
+
+**Contact:** `security@sentriscloud.com`
+
+Please include:
+
+- A description of the vulnerability
+- Steps to reproduce
+- The affected version / commit hash
+- Any suggested mitigation
+
+## Response Timeline
+
+- **Initial acknowledgment:** within 72 hours
+- **Triage:** within 7 days
+- **Resolution target:** depends on severity (critical: days, high: weeks, medium: next release)
+
+## Scope
+
+In scope:
+
+- Smart contracts deployed via canonical addresses on Sentrix Chain (chain ID 7119 mainnet, 7120 testnet)
+- Sentrix node binary (consensus, state, EVM)
+- Frontend apps that handle user keys or balances (faucet, scan, coinblast, dex, solux)
+- Indexer / SDK that touches user-controlled data
+
+Out of scope:
+
+- Third-party dependencies (report upstream first; we can advisory-track if confirmed)
+- Issues requiring physical access to a validator host
+- Social engineering against operators
+
+## Bug Bounty
+
+A formal bug bounty program is under design. Reach out for case-by-case disclosure rewards.