docs(auth): verified banner + CONTRIBUTING + examples + CHANGELOG (QoL sweep)

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: Report a bug in this plugin
+title: '[Bug] '
+labels: bug
+assignees: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To reproduce
+
+Steps to reproduce the behavior:
+1. Config used (redact any secrets)
+2. Command run
+3. Error output
+
+## Expected behavior
+
+What you expected to happen.
+
+## Environment
+
+- workflow engine version: <!-- e.g. 0.3.51 -->
+- plugin version: <!-- e.g. 1.0.0 -->
+- Go version: <!-- go version -->
+- OS: <!-- e.g. linux/amd64, darwin/arm64 -->
+
+## Additional context
+
+Add any other context or logs here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest a new capability for this plugin
+title: '[Feature] '
+labels: enhancement
+assignees: ''
+---
+
+## Summary
+
+A one-sentence description of the feature.
+
+## Motivation
+
+Why is this feature needed? What problem does it solve?
+
+## Proposed solution
+
+How would you like it to work? Include config schema changes if relevant.
+
+## Alternatives considered
+
+Any alternative approaches you considered and why you ruled them out.
+
+## Additional context
+
+Links, screenshots, or related issues.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,20 @@
+## Summary
+
+<!-- What does this PR do? 1-3 bullet points. -->
+
+## Motivation
+
+<!-- Why is this change needed? Link to issue if applicable. Closes #NNN -->
+
+## Test plan
+
+- [ ] `go build ./...` passes
+- [ ] `go vet ./...` passes
+- [ ] `go test ./...` passes
+- [ ] Manual smoke test (describe)
+
+## Checklist
+
+- [ ] CHANGELOG.md updated (Keep-a-Changelog format)
+- [ ] No secrets or credentials included
+- [ ] One feature or bugfix per PR

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [Unreleased]
+### Added
+- README verified-status banner per workflow#714 (multi-repo QoL sweep).
+- CONTRIBUTING.md, examples/minimal/config.yaml, and GitHub issue/PR templates.
+
 ## v0.2.4 (2026-05-13)
 
 ### Strict-proto config-field gaps closed (BMW local smoke vs workflow v0.51.5, round 3)

CONTRIBUTING.md

@@ -0,0 +1,36 @@
+# Contributing to workflow-plugin-auth
+
+This plugin is part of the [GoCodeAlone/workflow](https://github.com/GoCodeAlone/workflow) ecosystem.
+
+## Before contributing
+
+Read the [upstream CONTRIBUTING.md](https://github.com/GoCodeAlone/workflow/blob/main/CONTRIBUTING.md) for general conventions, signing, and review expectations.
+
+## Installation note
+
+This plugin is marked `private` in the workflow registry. `wfctl plugin install` requires:
+
+```sh
+export GH_TOKEN=<github-personal-access-token-with-read:packages>
+wfctl plugin install workflow-plugin-auth
+```
+
+## Local development
+
+```sh
+git clone https://github.com/GoCodeAlone/workflow-plugin-auth.git
+cd workflow-plugin-auth
+go build ./...
+go test ./...
+```
+
+## Pull requests
+
+- One feature or bugfix per PR.
+- Update CHANGELOG.md with a Keep-a-Changelog entry.
+- Add tests covering new behavior.
+- Run `go vet ./...` before pushing.
+
+## Reporting issues
+
+See the issue templates under `.github/ISSUE_TEMPLATE/`.

README.md

@@ -1,7 +1,20 @@
 # workflow-plugin-auth
 
+> ✅ **Verified** — used in production at **buymywishlist**. This plugin has been validated end-to-end in a merged main-branch wfctl.yaml of an active GoCodeAlone project.
+
 Authentication primitives for Workflow applications.
 
+## Installation
+
+This plugin is marked `private` in the workflow registry, meaning `wfctl plugin install` requires a GitHub token with `read:packages` scope:
+
+```sh
+export GH_TOKEN=<your-github-personal-access-token>
+wfctl plugin install workflow-plugin-auth
+```
+
+The plugin binary itself is distributed via public GitHub Releases — `GH_TOKEN` is only required for the registry lookup step.
+
 ## Module Types
 
 - `auth.credential` - WebAuthn/passkey relying-party configuration.

examples/minimal/config.yaml

@@ -0,0 +1,36 @@
+# Minimal workflow-plugin-auth example.
+# Demonstrates signed-challenge generation and verification (JWT-equivalent auth flow).
+#
+# Prerequisites:
+#   export AUTH_SIGNING_SECRET=<your-signing-secret>
+#
+# Usage:
+#   wfctl validate --skip-unknown-types examples/minimal/config.yaml
+
+modules:
+  - name: auth-credential
+    type: auth.credential
+    config:
+      rp_display_name: "My App"
+      rp_id: "example.com"
+      origin: "https://example.com"
+      optional: true
+
+workflows:
+  generate-challenge:
+    trigger:
+      type: http
+      config:
+        path: /auth/challenge
+        method: POST
+    steps:
+      - name: generate
+        type: step.auth_challenge_generate
+        config:
+          signing_secret: ${AUTH_SIGNING_SECRET}
+          ttl_minutes: 10
+
+      - name: verify
+        type: step.auth_challenge_verify
+        config:
+          signing_secret: ${AUTH_SIGNING_SECRET}