chore: scaffold library crate with CI, linting, and licenses

Set up the Rust library crate with:
- Cargo.toml with package metadata and lint configuration
- CI workflow (fmt + clippy + test on Linux/macOS/Windows, cargo-deny, MSRV)
- Security audit workflow (cargo-audit, weekly schedule)
- Commit lint workflow (conventional commits)
- Dependabot configuration (cargo + github-actions)
- rustfmt.toml, rust-toolchain.toml, deny.toml
- MIT license
- Library src/lib.rs with #![warn(missing_docs)] and #![deny(unsafe_code)]

Author: dodoflix

.commitlintrc.yml

@@ -0,0 +1,66 @@
+# commitlint configuration — Oxidized
+# https://commitlint.js.org/
+
+rules:
+  # Type is required and must be one of the allowed values
+  type-enum:
+    - 2
+    - always
+    - - feat
+      - fix
+      - perf
+      - refactor
+      - test
+      - docs
+      - chore
+      - ci
+  type-empty:
+    - 2
+    - never
+  type-case:
+    - 2
+    - always
+    - lower-case
+
+  # Scope is optional but must be one of the allowed values when present
+  scope-enum:
+    - 2
+    - always
+    - - chat
+      - ci
+      - deps
+  scope-case:
+    - 2
+    - always
+    - lower-case
+
+  # Subject (description) rules
+  subject-empty:
+    - 2
+    - never
+  subject-case:
+    - 2
+    - always
+    - lower-case
+  subject-full-stop:
+    - 2
+    - never
+    - "."
+
+  # Header length
+  header-max-length:
+    - 2
+    - always
+    - 100
+
+  # Body rules
+  body-max-line-length:
+    - 1
+    - always
+    - 100
+
+  # Footer rules
+  footer-max-line-length:
+    - 1
+    - always
+    - 100

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: cargo
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "08:00"
+    open-pull-requests-limit: 10
+    labels:
+      - "chore(deps)"
+    commit-message:
+      prefix: "chore(deps)"
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+    commit-message:
+      prefix: "ci"

.github/workflows/ci.yml

@@ -0,0 +1,98 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install Rust (MSRV)
+        uses: dtolnay/rust-toolchain@1.85
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache cargo
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-lint-${{ hashFiles('**/Cargo.toml') }}
+          restore-keys: ${{ runner.os }}-lint-
+
+      - name: Check formatting
+        run: cargo fmt --check
+
+      - name: Clippy
+        run: cargo clippy --all-targets -- -D warnings
+
+  test:
+    name: Test (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install Rust (stable)
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache cargo
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
+          restore-keys: ${{ runner.os }}-cargo-
+
+      - name: Test
+        run: cargo test
+
+      - name: Check no-default-features
+        run: cargo check --no-default-features
+
+  deny:
+    name: cargo-deny (licences + advisories)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check
+
+  msrv:
+    name: MSRV check (Rust 1.85)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@1.85
+      - name: Cache cargo
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-msrv-${{ hashFiles('**/Cargo.toml') }}
+          restore-keys: ${{ runner.os }}-msrv-
+      - name: Check MSRV
+        run: cargo check --all-features

.github/workflows/commit-lint.yml

@@ -0,0 +1,23 @@
+name: Commit Lint
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  commitlint:
+    name: Validate conventional commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Validate PR commits
+        uses: wagoid/commitlint-github-action@v6
+        with:
+          configFile: .commitlintrc.yml

.github/workflows/security.yml

@@ -0,0 +1,30 @@
+name: Security audit
+
+on:
+  push:
+    paths: ['**/Cargo.toml', '**/Cargo.lock']
+  schedule:
+    # Run every Monday at 08:00 UTC
+    - cron: '0 8 * * 1'
+
+permissions:
+  contents: read
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  audit:
+    name: cargo-audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install Rust (stable)
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run audit
+        run: cargo audit --ignore RUSTSEC-2023-0071

.gitignore

@@ -0,0 +1,36 @@
+# Compilation artifacts
+/target/
+**/target/
+
+# Cargo.lock is NOT committed for library crates (Rust convention)
+Cargo.lock
+
+# IDE
+.idea/
+.vscode/settings.json
+*.iml
+*.ipr
+*.iws
+.DS_Store
+
+# Environment / secrets
+.env
+.env.*
+*.pem
+*.key
+*.p12
+*.jks
+
+# Generated
+/dist/
+*.log
+logs/
+
+# Profiling
+*.svg
+flamegraph.svg
+perf.data
+
+# Fuzz testing artifacts (generated by cargo-fuzz)
+**/fuzz/artifacts/
+**/fuzz/corpus/

Cargo.toml

@@ -0,0 +1,45 @@
+[package]
+name         = "oxidized-chat"
+version      = "0.1.0"
+edition      = "2024"
+authors      = ["Dogukan Metan <dogukanmetan@gmail.com>"]
+license      = "MIT"
+repository   = "https://github.com/oxidized-mc/chat"
+homepage     = "https://github.com/oxidized-mc/chat"
+rust-version = "1.85"
+description  = "Minecraft chat component system — Component tree, Style, ChatFormatting, TextColor, JSON/NBT serialization"
+keywords     = ["minecraft", "oxidized-mc"]
+categories   = ["game-development"]
+
+[dependencies]
+
+[dev-dependencies]
+proptest = "1"
+
+[lints.rust]
+missing_docs   = "warn"
+unsafe_code    = "deny"
+unused_imports = "warn"
+
+[lints.clippy]
+# Correctness — hard errors
+correctness                = { level = "deny", priority = -1 }
+# Performance and style — warnings
+perf                       = { level = "warn", priority = -1 }
+style                      = { level = "warn", priority = -1 }
+complexity                 = { level = "warn", priority = -1 }
+suspicious                 = { level = "warn", priority = -1 }
+# Specific useful lints
+unwrap_used                = "deny"
+expect_used                = "deny"
+panic                      = "deny"
+print_stdout               = "deny"
+print_stderr               = "deny"
+needless_pass_by_value     = "warn"
+redundant_clone            = "warn"
+# Noisy lints intentionally suppressed
+module_name_repetitions    = "allow"
+must_use_candidate         = "allow"
+cast_possible_truncation   = "allow"
+cast_sign_loss             = "allow"
+cast_possible_wrap         = "allow"

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Oxidized
+Copyright (c) 2026 Oxidized Contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,18 @@
+# oxidized-chat
+
+[![CI](https://github.com/oxidized-mc/chat/actions/workflows/ci.yml/badge.svg)](https://github.com/oxidized-mc/chat/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+
+Minecraft chat component system — Component tree, Style, ChatFormatting, TextColor, JSON/NBT serialization
+
+Part of the [Oxidized MC](https://github.com/oxidized-mc) ecosystem — a Minecraft Java Edition
+implementation in Rust.
+
+## License
+
+Licensed under the [MIT License](LICENSE).
+
+## Contributing
+
+Contributions are welcome! Please see the [Oxidized MC](https://github.com/oxidized-mc) organization
+for project-wide guidelines.

deny.toml

@@ -0,0 +1,35 @@
+[advisories]
+version = 2
+ignore  = [
+    # rsa: Marvin Attack timing sidechannel (RUSTSEC-2023-0071)
+    # No patched version available; rsa 0.10 is still RC.
+    # We only use RSA for Minecraft login key exchange (not security-critical).
+    "RUSTSEC-2023-0071",
+]
+
+[licenses]
+version    = 2
+allow      = [
+    "MIT",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-3.0",
+    "Zlib",
+    "CC0-1.0",
+    "OpenSSL",
+    "CDLA-Permissive-2.0",
+    "BSL-1.0",
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards         = "allow"
+
+[sources]
+unknown-registry = "deny"
+unknown-git      = "deny"
+allow-registry   = ["https://github.com/rust-lang/crates.io-index"]
+allow-git        = ["https://github.com/oxidized-mc"]