Follow rust template (#37)

* feat: add rust-template components

- Add CONTRIBUTING.md with contribution guidelines
- Add SECURITY.md with security reporting policy
- Add GitHub issue templates (bug report, feature request)
- Add pull request template
- Add Dependabot configuration for automated dependency updates
- Add .taplo.toml for TOML formatting configuration

* feat: add VS Code configuration for format on save

- Add workspace-level VS Code settings with format on save enabled
- Configure language-specific formatters (Rust, TypeScript, JSON, TOML, YAML)
- Add recommended extensions for consistent development environment
- Enable code actions on save (fix all, organize imports)

* feat: add Prettier configuration for frontend

* style: format frontend code with Prettier

* feat: enhance justfile with additional commands

* style: format TOML files with taplo

* feat: improve CI based on rust-template

* chore: add MIT/Apache dual license

* chore: add CODEOWNERS

Author: krsnapaudel

.github/CODEOWNERS

@@ -0,0 +1,29 @@
+* @krsnapaudel # fallback
+
+# Bookkeeping
+*.toml @krsnapaudel
+README.md @krsnapaudel
+.vscode/ @krsnapaudel
+.editorconfig @krsnapaudel
+**/Cargo.toml @krsnapaudel
+**/Cargo.lock @krsnapaudel
+**/justfile @krsnapaudel
+**/LICENSE* @krsnapaudel
+**/.gitignore @krsnapaudel
+**/.prettierrc @krsnapaudel
+**/.prettierignore @krsnapaudel
+
+# Modules
+backend/src/main.rs @purusang
+backend/src/network/* @krsnapaudel @purusang
+backend/src/bridge/* @krsnapaudel
+backend/src/utils/* @krsnapaudel @purusang
+frontend/* @krsnapaudel @purusang
+
+# CI/CD
+/.github/ @krsnapaudel
+.github/workflows/cd.yml @krsnapaudel @purusang
+
+# Docker
+*.Dockerfile @krsnapaudel @purusang
+docker-compose.yml @krsnapaudel @purusang

.github/ISSUE_TEMPLATE/1-bug-report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Environment:**
+ - OS: [e.g. macOS, Ubuntu]
+ - Browser: [e.g. chrome, safari]
+ - Version: [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here. 

.github/ISSUE_TEMPLATE/2-feature-request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here. 

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  # Enable version updates for Rust
+  - package-ecosystem: "cargo"
+    directory: "/backend"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10 

.github/pull_request_template.md

@@ -0,0 +1,32 @@
+## Description
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+## How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
+
+- [ ] Test A
+- [ ] Test B
+
+## Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published in downstream modules 

.github/workflows/cd.yml

@@ -23,9 +23,8 @@ env:
   CI: false
   COMMIT: ${{ github.sha }}
 
-permissions:
-  contents: read
-  pull-requests: read
+permissions: {}
+
 jobs:
   build-and-push:
     permissions:
@@ -39,17 +38,17 @@ jobs:
     outputs:
       service: ${{ matrix.service }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           persist-credentials: false
       - name: Configure AWS ECR Details
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4
         with:
           role-to-assume: ${{ secrets.AWS_ECR_ROLE }}
           aws-region: us-east-1
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
         with:
           mask-password: "true"
       - name: Build and push Docker image
@@ -78,10 +77,13 @@ jobs:
     name: Update Helm Values
     needs: [build-and-push]
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
     environment: ${{ inputs.environment || (github.ref == 'refs/heads/main' && 'staging') }}
     steps:
       - name: Set up SSH for private repo access
-        uses: webfactory/ssh-agent@v0.9.0
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # 0.9.1
         with:
           ssh-private-key: ${{ secrets.DEPLOYMENTS_REPO_WRITE }}
       - name: Clone deployments repo (specific branch)

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: Automated GitHub Actions Security Analysis with zizmor 🌈
+
+on:
+  schedule:
+    - cron: "0 0 * * *" # Run every day at midnight
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: zizmor latest via PyPI
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v5
+
+      - name: Run zizmor 🌈
+        run: uvx zizmor --format sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3
+        with:
+          sarif_file: results.sarif
+          category: zizmor

.github/workflows/cron-zizmor.yml

@@ -0,0 +1,41 @@
+name: Docs
+
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+
+permissions: {}
+
+jobs:
+  docs:
+    name: Generate docs
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      contents: read
+    defaults:
+      run:
+        working-directory: backend
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          persist-credentials: false
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2
+        with:
+          cache-on-failure: true
+
+      - name: Check docs leaving the dependencies out
+        env:
+          RUSTDOCFLAGS: -A rustdoc::private-doc-tests -D warnings
+        run: cargo doc --no-deps