Add comprehensive project documentation

CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [unreleased]
+
+### Miscellaneous Tasks
+
+- Update benchmark results [skip ci]
+
+## [0.1.0] - 2025-10-18
+
+### Miscellaneous Tasks
+
+- Update benchmark results [skip ci]
+- Update benchmark results [skip ci]
+- Update benchmark results [skip ci]
+
+<!-- generated by git-cliff -->

CONTRIBUTING.md

@@ -0,0 +1,205 @@
+<!--
+SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+SPDX-License-Identifier: CC0-1.0
+-->
+
+# Contributing to cstring-array
+
+Thank you for your interest in contributing to cstring-array! This document provides guidelines and instructions for contributing to this project.
+
+## Development Setup
+
+### Prerequisites
+
+- Rust 1.90 or later (Edition 2024)
+- cargo, rustfmt, clippy
+- Git
+
+### Getting Started
+
+1. Fork the repository on GitHub
+2. Clone your fork:
+   ```bash
+   git clone https://github.com/YOUR_USERNAME/cstring-array.git
+   cd cstring-array
+   ```
+3. Add upstream remote:
+   ```bash
+   git remote add upstream https://github.com/RAprogramm/cstring-array.git
+   ```
+4. Install development dependencies:
+   ```bash
+   cargo build --all-features
+   cargo test --all-features
+   ```
+
+## Code Style
+
+This project follows strict coding standards:
+
+### Rust Edition and Version
+
+- **Edition**: 2024
+- **Minimum Rust Version**: 1.90
+
+### Code Formatting
+
+- Use `rustfmt` for all Rust code
+- Run before committing:
+  ```bash
+  cargo +nightly fmt
+  ```
+
+### Linting
+
+- All code must pass clippy with no warnings:
+  ```bash
+  cargo clippy --all-targets --all-features -- -D warnings
+  ```
+
+### Documentation
+
+- All public APIs must have documentation comments (`///`)
+- Module-level documentation is required
+- Use `::` only in imports
+- Avoid inline comments except for `///` doc comments
+
+### Code Structure
+
+- Follow RAII patterns for resource management
+- Prefer zero-copy operations where possible
+- Write safe code - `unsafe` requires detailed justification
+
+## Testing Requirements
+
+### Test Coverage
+
+- Maintain 95%+ test coverage
+- All new features must include tests
+- Bug fixes must include regression tests
+
+### Running Tests
+
+```bash
+# Run all tests
+cargo test --all-features
+
+# Run tests with coverage
+cargo install cargo-llvm-cov
+cargo llvm-cov --all-features
+
+# Run doctests
+cargo test --all-features --doc
+
+# Run benchmarks
+cargo bench
+```
+
+### Test Organization
+
+- Unit tests in module files (mod tests)
+- Integration tests in tests/ directory
+- Doctests for usage examples
+- Benchmarks in benches/ directory
+
+## Pull Request Process
+
+### Before Submitting
+
+1. Update to latest upstream:
+   ```bash
+   git fetch upstream
+   git rebase upstream/main
+   ```
+
+2. Run full test suite:
+   ```bash
+   cargo +nightly fmt -- --check
+   cargo clippy --all-targets --all-features -- -D warnings
+   cargo test --all-features
+   cargo build --release --all-features
+   ```
+
+3. Update documentation if needed
+4. Update CHANGELOG.md (auto-generated from commits)
+
+### Commit Messages
+
+Follow conventional commits format:
+
+- `feat: add new feature` - New feature
+- `fix: resolve bug` - Bug fix
+- `docs: update documentation` - Documentation changes
+- `perf: improve performance` - Performance improvements
+- `refactor: restructure code` - Code refactoring
+- `test: add tests` - Test additions
+- `chore: maintenance task` - Chores and maintenance
+
+### PR Guidelines
+
+1. Create a new branch for your changes:
+   ```bash
+   git checkout -b feature/your-feature-name
+   ```
+
+2. Make your changes following the code style above
+
+3. Commit with conventional commit messages
+
+4. Push to your fork:
+   ```bash
+   git push origin feature/your-feature-name
+   ```
+
+5. Create a pull request on GitHub with:
+   - Clear description of changes
+   - Reference to related issues
+   - Screenshots/examples if applicable
+
+### CI/CD Pipeline
+
+All PRs must pass:
+- Formatting check (rustfmt)
+- Linting (clippy)
+- REUSE compliance
+- Security audit (cargo audit)
+- Tests (Linux, macOS, Windows × stable, beta, nightly)
+- Coverage check
+- Documentation build
+
+## Licensing
+
+This project uses:
+- **Code**: MIT License
+- **Configuration files**: CC0-1.0 (Public Domain)
+
+All contributions must comply with [REUSE Specification 3.3](https://reuse.software/spec/).
+
+### Adding License Headers
+
+For new Rust files:
+```rust
+// SPDX-FileCopyrightText: 2025 YourName <your@email.com>
+// SPDX-License-Identifier: MIT
+```
+
+For new config files:
+```yaml
+# SPDX-FileCopyrightText: 2025 YourName <your@email.com>
+# SPDX-License-Identifier: CC0-1.0
+```
+
+## Getting Help
+
+- Open an issue for bugs or feature requests
+- Check existing issues and discussions
+- Read the documentation at [docs.rs/cstring-array](https://docs.rs/cstring-array)
+
+## Code of Conduct
+
+- Be respectful and inclusive
+- Provide constructive feedback
+- Focus on technical merits
+- Welcome newcomers
+
+Thank you for contributing to cstring-array!

REUSE.toml

@@ -4,7 +4,7 @@ SPDX-PackageSupplier = "RAprogramm <andrey.rozanov.vl@gmail.com>"
 SPDX-PackageDownloadLocation = "https://github.com/RAprogramm/cstring-array"
 
 [[annotations]]
-path = ["Cargo.toml", "Cargo.lock", ".gitignore", ".rustfmt.toml", "REUSE.toml", "codecov.yml", ".config/nextest.toml"]
+path = ["Cargo.toml", "Cargo.lock", ".gitignore", ".rustfmt.toml", "REUSE.toml", "codecov.yml", ".config/nextest.toml", "cliff.toml", "CHANGELOG.md", "CONTRIBUTING.md", "SECURITY.md"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2025 RAprogramm <andrey.rozanov.vl@gmail.com>"
 SPDX-License-Identifier = "CC0-1.0"

SECURITY.md

@@ -0,0 +1,146 @@
+<!--
+SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+SPDX-License-Identifier: CC0-1.0
+-->
+
+# Security Policy
+
+## Supported Versions
+
+We actively support the following versions of cstring-array with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :white_check_mark: |
+| < 0.1   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of cstring-array seriously. If you discover a security vulnerability, please follow these steps:
+
+### 1. Do NOT Open a Public Issue
+
+Please **do not** open a public GitHub issue for security vulnerabilities, as this could put users at risk before a fix is available.
+
+### 2. Contact Us Privately
+
+Report security vulnerabilities by emailing:
+
+**Email**: andrey.rozanov.vl@gmail.com
+
+Include in your report:
+- Description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact
+- Suggested fix (if available)
+- Your contact information
+
+### 3. Response Timeline
+
+- **Initial Response**: Within 48 hours
+- **Vulnerability Assessment**: Within 7 days
+- **Fix Timeline**: Depends on severity
+  - Critical: Within 7 days
+  - High: Within 14 days
+  - Medium: Within 30 days
+  - Low: Next release
+
+### 4. Disclosure Policy
+
+We follow coordinated vulnerability disclosure:
+
+1. We will confirm receipt of your report
+2. We will investigate and assess the vulnerability
+3. We will develop and test a fix
+4. We will release a security update
+5. We will publicly disclose the vulnerability after the fix is released
+
+You will receive credit for the discovery unless you prefer to remain anonymous.
+
+## Security Best Practices
+
+When using cstring-array:
+
+### Safe Usage
+
+- Always handle `Result` types properly
+- Validate input strings for null bytes before conversion
+- Use RAII pattern - arrays are automatically cleaned up
+- Avoid manual pointer manipulation
+
+### Unsafe Code
+
+This crate uses `unsafe` code for FFI interoperability:
+- All unsafe blocks are carefully reviewed
+- Safety invariants are documented
+- Pointer validity is guaranteed through RAII
+
+### Dependencies
+
+- This crate has **zero runtime dependencies**
+- Development dependencies are audited regularly
+- CI/CD pipeline includes `cargo audit` security checks
+
+## Security Features
+
+### Memory Safety
+
+- RAII-based lifetime management prevents dangling pointers
+- Null termination guaranteed for C compatibility
+- Automatic cleanup prevents memory leaks
+- Safe abstractions over raw pointers
+
+### Testing
+
+- 95%+ test coverage
+- Integration tests for FFI scenarios
+- Property-based testing for edge cases
+- Cross-platform testing (Linux, macOS, Windows)
+
+### CI/CD Security
+
+Our continuous integration includes:
+- Dependency vulnerability scanning (`cargo audit`)
+- REUSE compliance checking
+- Cross-platform testing
+- Code coverage analysis
+
+## Known Limitations
+
+### Not Thread-Safe by Design
+
+`CStringArray` is `Send + Sync` but requires external synchronization for concurrent access. This is by design for FFI compatibility.
+
+### Interior Null Bytes
+
+Creating arrays from strings containing null bytes (`\0`) will return an error. This is expected behavior for C string compatibility.
+
+## Security Updates
+
+Security updates are released as:
+- Patch versions for fixes (0.1.x)
+- Documented in CHANGELOG.md
+- GitHub Security Advisories
+- crates.io release notes
+
+Subscribe to releases on GitHub to receive security update notifications.
+
+## Audit History
+
+| Date       | Auditor | Scope | Result |
+|------------|---------|-------|--------|
+| 2025-10-18 | Internal | v0.1.0 | No issues |
+
+## Contact
+
+For security concerns: andrey.rozanov.vl@gmail.com
+For general issues: https://github.com/RAprogramm/cstring-array/issues
+
+## Acknowledgments
+
+We appreciate responsible disclosure of security vulnerabilities. Contributors will be acknowledged in:
+- Security advisories
+- Release notes
+- CHANGELOG.md
+
+Thank you for helping keep cstring-array secure!