docs: optimize GitHub Pages and README

- Enhanced _config.yml with SEO, plugins, and navigation
- Added custom CSS (18k+ lines) with brand colors and components
- Created _includes/head-custom.html with Open Graph and structured data
- Created _includes/nav-header.html with language switcher
- Created _layouts/default.html custom layout
- Refactored index.md with hero section, feature cards, and CTAs
- Added docs/index.md documentation index page
- Optimized 404.md with better design
- Enhanced CHANGELOG.md with timeline styling
- Updated docs/README.md with card navigation
- Optimized README.md and README.zh-CN.md with:
  - Centered branding and badges
  - Two-column feature display
  - Multi-option quick start (local/Docker/Compose)
  - Collapsible NAT traversal help
  - Visual usage steps
  - Project stats and security sections

Author: LessUp

.air.toml

@@ -0,0 +1,24 @@
+# Air - Live reload for Go apps
+# https://github.com/cosmtrek/air
+
+root = "."
+tmp_dir = "tmp"
+
+[build]
+  cmd = "go build -o ./tmp/server ./cmd/server"
+  bin = "./tmp/server"
+  include_ext = ["go", "tpl", "tmpl", "html", "js", "css"]
+  exclude_dir = ["assets", "tmp", "vendor", "web/node_modules", "web/tests", "e2e"]
+  exclude_file = []
+  delay = 1000
+  stop_on_error = true
+  log = "build-errors.log"
+
+[log]
+  time = false
+
+[color]
+  main = "magenta"
+  watcher = "cyan"
+  build = "yellow"
+  runner = "green"

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug Report
+about: Create a report to help us improve
+title: '[BUG] '
+labels: bug
+assignees: ''
+
+---
+
+## Bug Description
+A clear and concise description of what the bug is.
+
+## Steps to Reproduce
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+## Expected Behavior
+A clear and concise description of what you expected to happen.
+
+## Screenshots
+If applicable, add screenshots to help explain your problem.
+
+## Environment
+- OS: [e.g. macOS, Linux, Windows]
+- Browser: [e.g. Chrome, Firefox, Safari]
+- Go Version: [e.g. 1.22]
+- Commit: [e.g. abc123]
+
+## Additional Context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: '[FEATURE] '
+labels: enhancement
+assignees: ''
+
+---
+
+## Feature Description
+A clear and concise description of what you want to happen.
+
+## Problem Statement
+Is your feature request related to a problem? Please describe.
+
+## Proposed Solution
+Describe the solution you'd like.
+
+## Alternatives Considered
+Describe alternatives you've considered.
+
+## Additional Context
+Add any other context or screenshots about the feature request here.
+
+## Would you like to implement this?
+- [ ] Yes, I would like to implement this
+- [ ] No, I don't have the capacity right now

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,19 @@
+---
+name: Question
+about: Ask a question about the project
+title: '[QUESTION] '
+labels: question
+assignees: ''
+
+---
+
+## Question
+What would you like to know?
+
+## Context
+Provide any additional context or background information.
+
+## Have you checked the documentation?
+- [ ] Yes, I have read the README
+- [ ] Yes, I have checked the docs folder
+- [ ] Yes, I have searched existing issues

.github/README.md

@@ -0,0 +1,21 @@
+# WebRTC Project
+
+WebRTC real-time audio/video demo with Go signaling server.
+
+## Branch Protection
+
+- `main` and `master` branches are protected
+- Requires passing CI checks before merge
+- Requires pull request reviews
+
+## Issue Labels
+
+| Label | Description |
+|:------|:------------|
+| `bug` | Something isn't working |
+| `enhancement` | New feature or request |
+| `documentation` | Improvements or additions to documentation |
+| `dependencies` | Pull requests that update a dependency file |
+| `go` | Go-related changes |
+| `javascript` | JavaScript-related changes |
+| `ci` | CI/CD-related changes |

.github/SECURITY.md

@@ -0,0 +1,95 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| main    | :white_check_mark: |
+| latest release | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+We take the security of this project seriously. If you discover a security vulnerability, please report it responsibly.
+
+### How to Report
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via GitHub's private vulnerability reporting feature:
+
+1. Go to the [Security tab](https://github.com/LessUp/webrtc/security)
+2. Click "Report a vulnerability"
+3. Fill out the form with details about the vulnerability
+
+### What to Include
+
+Please include the following information:
+
+- Type of vulnerability (e.g., XSS, injection, DoS)
+- Steps to reproduce the issue
+- Affected versions
+- Potential impact
+- Any potential fixes you've identified
+
+### Response Timeline
+
+- **Initial response**: Within 48 hours
+- **Triage and confirmation**: Within 7 days
+- **Fix development**: Depends on severity and complexity
+- **Disclosure**: After a fix is released
+
+## Security Best Practices
+
+When deploying this WebRTC signaling server:
+
+### Network Security
+
+- Always use HTTPS/WSS in production
+- Configure `WS_ALLOWED_ORIGINS` to restrict which origins can connect
+- Use a reverse proxy (e.g., Caddy, Nginx) with proper security headers
+
+### Server Hardening
+
+- Run the server with minimal privileges
+- Keep dependencies updated
+- Monitor logs for suspicious activity
+- Consider rate limiting at the network level
+
+### WebRTC Security
+
+- For production, configure TURN servers with proper authentication
+- Be aware that WebRTC reveals IP addresses to peers
+- Consider using a TURN server to hide client IPs
+
+## Known Security Considerations
+
+### Authentication
+
+This server does not implement authentication. Anyone who knows a room name can join. For production use:
+
+- Implement your own authentication middleware
+- Use short-lived, randomly generated room names
+- Consider integrating with an identity provider
+
+### Rate Limiting
+
+The server implements basic rate limiting per connection:
+- Maximum 50 messages in burst
+- Maximum 30 messages per second sustained
+
+For additional protection, consider:
+- IP-based rate limiting at the reverse proxy
+- Connection limits per IP
+- Request size limits
+
+## Security Updates
+
+Security updates will be announced via:
+- GitHub Security Advisories
+- Release notes
+
+## Credits
+
+We thank all security researchers who responsibly report vulnerabilities.

.github/dependabot.yml

@@ -0,0 +1,70 @@
+version: 2
+
+updates:
+  # Go dependencies
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    commit-message:
+      prefix: "chore(deps):"
+    labels:
+      - "dependencies"
+      - "go"
+    open-pull-requests-limit: 5
+    groups:
+      go-deps:
+        patterns:
+          - "*"
+
+  # npm dependencies
+  - package-ecosystem: "npm"
+    directory: "/web"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    commit-message:
+      prefix: "chore(deps):"
+    labels:
+      - "dependencies"
+      - "javascript"
+    open-pull-requests-limit: 5
+    groups:
+      web-deps:
+        patterns:
+          - "*"
+
+  # E2E dependencies
+  - package-ecosystem: "npm"
+    directory: "/e2e"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(deps):"
+    labels:
+      - "dependencies"
+      - "e2e"
+    open-pull-requests-limit: 3
+    groups:
+      e2e-deps:
+        patterns:
+          - "*"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(ci):"
+    labels:
+      - "dependencies"
+      - "ci"
+    open-pull-requests-limit: 3
+    groups:
+      actions-deps:
+        patterns:
+          - "*"

.github/pull_request_template.md

@@ -0,0 +1,27 @@
+## Description
+<!-- Please include a summary of the change and which issue is fixed -->
+
+Fixes # (issue)
+
+## Type of Change
+<!-- Please delete options that are not relevant -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+
+## How Has This Been Tested?
+<!-- Please describe the tests that you ran -->
+- [ ] Unit tests pass
+- [ ] Integration tests pass
+- [ ] E2E tests pass
+- [ ] Manual testing done
+
+## Checklist
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes

.github/workflows/ci.yml

@@ -62,6 +62,14 @@ jobs:
       - name: Run vet
         run: go vet ./...
 
+      - name: Upload coverage
+        if: matrix.go-version == '1.23'
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.out
+          flags: unittests
+          fail_ci_if_error: false
+
   frontend-test:
     name: Frontend Tests
     runs-on: ubuntu-latest
@@ -143,7 +151,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Build Docker image
-        run: docker build -t webrtc:test .
+        run: docker build -f deploy/docker/Dockerfile -t webrtc:test .
 
       - name: Test Docker image
         run: |
@@ -156,6 +164,9 @@ jobs:
   security:
     name: Security Scan
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -168,3 +179,24 @@ jobs:
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'fs'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Secret detection
+        uses: trufflesecurity/trufflehog@3.88.2
+        with:
+          path: ./
+          base: main
+          head: HEAD
+          extra_args: --debug --only-verified