Harden batch activation, dev refresh gating, Microsoft sync path
handling, and Jetski skill loading against command injection,
symlink traversal, and client-side star tampering.
Add regression coverage for the security-sensitive paths and
update the internal triage addendum for the Jetski loader fix.
- Add docs/maintainers/merging-prs.md: policy to always use Squash and merge,
resolve conflicts on PR branch so PR shows Merged; Co-authored-by for rare
local integration
- Update .github/MAINTENANCE.md: merge via GitHub only, never close after
local integration; conflict resolution on branch then merge
- Update CONTRIBUTING.md Recognition: we always merge accepted PRs on GitHub,
never close after integrating locally
Addresses feedback from @sraphaz on #225 (attribution when PRs are integrated
locally). Going forward PRs will show as Merged so contributors get full credit.
Consolidate the repository into clearer apps, tools, and layered docs areas so contributors can navigate and maintain it more reliably. Align validation, metadata sync, and CI around the same canonical workflow to reduce drift across local checks and GitHub Actions.
