diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 8b7525e..a69f6cc 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -2,10 +2,26 @@
 
 <!-- What does this PR change? Keep it concise. -->
 
-## Boundary Checklist (Required)
+## Type of Change
+
+- [ ] Bug fix (non-breaking change fixing an issue)
+- [ ] Security fix (non-breaking change addressing a security issue)
+- [ ] Documentation (changes to documentation only)
+- [ ] Refactoring (non-breaking change improving code structure)
+- [ ] Tests (adding or updating tests)
+- [ ] Tooling / CI (changes to build tools, CI configuration)
+
+## Boundary Checklist (Required for Implementation Changes)
 
 > safe-formdata enforces a **strict trust boundary** for FormData.
 > If any item below does **not** apply, this change likely does not belong here.
+>
+> **For documentation, tooling, or CI changes**: You may skip this section by checking the box below and explaining why.
+
+- [ ] **This is a non-implementation change** (Documentation, Tooling, or CI only)
+  - Reason: <!-- Explain why boundary checklist doesn't apply -->
+
+**For implementation changes, verify all items below:**
 
 - [ ] **No interpretation**
   - Key names are treated as opaque strings
@@ -16,18 +32,46 @@
 - [ ] **Boundary respected**
   - No validation, coercion, schema, framework conventions, or business logic
 
-📘 Boundary rules & non-goals:  
+📘 Boundary rules & non-goals:
 <https://github.com/roottool/safe-formdata/blob/main/AGENTS.md>
 
-## Type of Change
+## Security & API Stability
+
+**Security Impact:**
+
+- [ ] No impact on security (no changes to forbidden keys, prototype safety)
+- [ ] Reviewed against security rules in AGENTS.md
+- [ ] If security-related: Explain impact and mitigation
+
+**API Contract:**
 
-- [ ] Bug fix
-- [ ] Security fix
-- [ ] Documentation
-- [ ] Refactoring (no behavior change)
-- [ ] Tests
-- [ ] Tooling / CI
+- [ ] No changes to public API (`parse` function signature, type definitions)
+- [ ] No breaking changes to `ParseResult`, `ParseIssue`, or `IssueCode`
+- [ ] If API change: Is this a breaking change? (Yes/No + explanation)
+
+**Versioning:**
+
+- [ ] Change is compatible with current v0.x versioning policy
+- [ ] If breaking change proposed: Justification for major version bump
 
 ## Testing
 
-<!-- Describe tests added or updated. If none, explain why. -->
+**Automated Checks:**
+
+- [ ] TypeScript type checking passes (`bun run check:type:source`)
+- [ ] All tests pass (`bun run test`)
+- [ ] Build succeeds (`bun run build`)
+
+**Additional Verification** (describe any manual testing, edge case verification, or integration testing):
+
+<!-- Describe tests added, updated, or manual verification performed. If none, explain why. -->
+
+## Automated Review (Optional)
+
+**For Claude Code users**: You can use the boundary-validator skill for automated review:
+
+```
+Review this code against boundary-validator rules
+```
+
+**For other tools**: Reference [AGENTS.md](https://github.com/roottool/safe-formdata/blob/main/AGENTS.md) and [skills/boundary-validator](https://github.com/roottool/safe-formdata/tree/main/skills/boundary-validator) for design rules.