docs: add CONTRIBUTING.md, SECURITY.md, CHANGELOG.md

Author: Phatfella

CHANGELOG.md

@@ -0,0 +1,17 @@
+# Changelog
+
+All notable changes to AIEP Hub will be documented in this file.
+
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [Unreleased]
+
+## [1.0.0] - 2026-03-28
+
+### Added
+- Initial Astro 4 site with 343 specification pages
+- Primer CSS integration — exact GitHub visual baseline
+- Cloudflare Pages deployment with `wrangler.toml`
+- Cloudflare Worker for `.well-known/` discovery endpoints
+- `GENOME_LOCKFILE.json` and `SHA256SUMS.txt` integrity manifests
+- `.well-known/aiep-platform.json` AI crawler discovery file

CONTRIBUTING.md

@@ -0,0 +1,46 @@
+# Contributing to AIEP Hub
+
+Thank you for your interest in the Architected Instruction and Evidence Protocol.
+AIEP Hub is the public-facing documentation and specification portal for the AIEP platform.
+
+## Getting Started
+
+```bash
+git clone https://github.com/Phatfella/AIEP-HUB.git
+cd AIEP-HUB
+npm install
+npm run dev       # Astro dev server on :3000
+```
+
+## Contribution Guidelines
+
+### Content Standards
+- All pages are Markdown with Astro frontmatter (`layout`, `title`, `description`).
+- Do not add inline styles — use Primer CSS classes or existing layout classes.
+- Navigation is driven by `src/content/nav/` — update it when adding a new page.
+- Every spec file carries a `classification:` frontmatter field. Do not change it without explicit instruction.
+
+### Commit Conventions
+```
+feat: short description (max 72 chars)
+fix:  short description
+docs: short description
+chore: short description
+```
+
+### Pull Requests
+1. Fork the repository and create a topic branch.
+2. Ensure `npm run build` completes with zero errors.
+3. Run `npx astro check` — zero TypeScript errors required.
+4. Open a pull request against `main` with a clear description of the change.
+
+### Filing Issues
+- Bug reports: include browser, OS, and steps to reproduce.
+- Content corrections: reference the source specification section where applicable.
+
+## Governance
+All content is governed by the AIEP GENOME kernel.
+LOCKFILE_VERSION: 1.0.0 | FC: v1.0.0 | Schema: v2.0.0.
+
+SPDX-License-Identifier: Apache-2.0
+© 2025–2026 Neil Grassby. All rights reserved.

SECURITY.md

@@ -0,0 +1,46 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| latest  | ✅ Yes    |
+| < 1.0   | ❌ No     |
+
+## Reporting a Vulnerability
+
+**Please do not open a public GitHub issue for security vulnerabilities.**
+
+Report security concerns to:  
+📧 **security@aiep.protocol** (monitored — response within 72 hours)
+
+Include in your report:
+- A description of the vulnerability and its potential impact
+- Steps to reproduce or proof-of-concept
+- The affected version(s) and component(s)
+
+## Security Design Principles
+
+AIEP Hub follows secure-by-default practices:
+
+1. **No server-side secrets in repository** — `wrangler.toml` contains only non-secret
+   deployment configuration. Secrets are managed via Cloudflare environment variables.
+
+2. **Static site** — Hub is a fully pre-rendered Astro site deployed to Cloudflare Pages.
+   No runtime user-data handling.
+
+3. **Content Security Policy** — HTTP security headers enforced by `_headers` file and
+   Cloudflare Workers.
+
+4. **Dependency hygiene** — `node_modules/` is gitignored; dependencies are pinned via
+   `package-lock.json`.
+
+## Scope
+
+This policy applies to the AIEP Hub Astro site and associated Cloudflare Workers.
+
+Out of scope: the AIEP specification documents (`.md` files in `src/pages/`) — these are
+technical documents, not executable software.
+
+SPDX-License-Identifier: Apache-2.0
+© 2025–2026 Neil Grassby. All rights reserved.