Add [*.bats] section (2-space indent) to .editorconfig. Add
check-merge-conflict, detect-private-key, and check-case-conflict
to pre-commit-config.yaml.

Add .github/labeler.yml with area/* prefix labels (commands, tui,
sdk, tests, docs, deps, ci, skills, plugin, auth, output) and
labeler workflow using actions/labeler v5 with sync-labels.

Add breaking category and github-actions exclusion to release.yml
changelog configuration.

Two-job workflow: classify (bug/enhancement/documentation via
gpt-4o-mini) and breaking (CLI command surface analysis with
structured JSON response). Filters breaking detection to
internal/commands/*.go and internal/cli/root.go diffs only.

Prompt splicing uses pure Python string ops with optional PyYAML
validation (try/except ImportError, no pip install in privileged
pull_request_target context).

Replace blanket auto-merge with dependabot/fetch-metadata v2.
Patches auto-approve and auto-merge unconditionally. Minor bumps
auto-merge only for github-actions (Go module minors require
manual review).

New codeql job in security.yml using manual build mode with
private SDK access. Runs security-and-quality queries, uploads
SARIF with continue-on-error (requires GHAS). Automatically
included in release gate via workflow_call.

Surface snapshot script walks --help --agent recursively, emitting
fully-qualified CMD/FLAG/SUB lines rooted at "basecamp". Diff
script uses comm -23 to detect removals (breaking changes).

CI integration uses isolated git worktrees for baseline comparison
(no in-place checkout or stash fallbacks). PR's copy of the script
runs against the baseline binary, so the introducing PR works.

Add check-surface to make check. Add cli-surface job to test.yml.
Add surface compatibility check to release.yml test job.

Add AI changelog generation to release workflow using
actions/ai-inference v1 with summarize-changelog prompt.
RELEASE_CHANGELOG conditionally prepended to goreleaser release
header (empty = no-op).

Add jq to CONTRIBUTING.md prerequisites and make tools.

Enable contextcheck, durationcheck, errname, exhaustive,
predeclared, and revive. Add revive rules for common Go
conventions and exhaustive default-signifies-exhaustive setting.

Fixes: rename predeclared shadow (copy -> cfg in resilience),
add exhaustive default cases (appctx, metrics), add nolint
directives for intentional patterns (contextcheck on
context.Background in OAuth shutdown, exhaustive on partial
tea.KeyType switches, revive context-as-argument where name
is the primary differentiator).

- Rename labeler keys to area/* namespace (area/commands, area/tui, etc.)
  and add area/docs, area/deps categories
- Capture stderr from --help --agent instead of suppressing with 2>/dev/null
- Write changelog diff to file instead of shell variable to avoid size limits
- Add worktree cleanup trap for baseline surface check on failure
- Add jq preflight check to make check-surface

* Address PR #166 review feedback

- Rename labeler keys to area/* namespace (area/commands, area/tui, etc.)
  and add area/docs, area/deps categories
- Capture stderr from --help --agent instead of suppressing with 2>/dev/null
- Write changelog diff to file instead of shell variable to avoid size limits
- Add worktree cleanup trap for baseline surface check on failure
- Add jq preflight check to make check-surface

* Drop area/ prefix from labeler labels

Keep the plain names — no namespace needed for this repo.

* Address PR #166 review feedback

- Rename labeler keys to area/* namespace (area/commands, area/tui, etc.)
  and add area/docs, area/deps categories
- Capture stderr from --help --agent instead of suppressing with 2>/dev/null
- Write changelog diff to file instead of shell variable to avoid size limits
- Add worktree cleanup trap for baseline surface check on failure
- Add jq preflight check to make check-surface

* Drop area/ prefix from labeler labels

Keep the plain names — no namespace needed for this repo.