feat: add community health files and GitHub automation

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Default code owner for all files
+* @minsoo-web

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,70 @@
+name: Bug Report
+description: Report a bug in velog-cli
+title: "[Bug]: "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a bug! Please fill out the sections below.
+  - type: input
+    id: version
+    attributes:
+      label: velog-cli version
+      description: "Output of `velog --version`"
+      placeholder: "velog-cli 0.3.2"
+    validations:
+      required: true
+  - type: dropdown
+    id: install-method
+    attributes:
+      label: Installation method
+      options:
+        - Homebrew
+        - Cargo install
+        - GitHub Release binary
+        - Built from source
+    validations:
+      required: true
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      options:
+        - macOS (Apple Silicon)
+        - macOS (Intel)
+        - Linux (x86_64)
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug description
+      description: A clear description of what the bug is
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      description: Step-by-step instructions to reproduce the issue
+      placeholder: |
+        1. Run `velog auth login`
+        2. Enter tokens
+        3. See error...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: What you expected to happen
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Error output / logs
+      description: Paste any error messages or logs
+      render: shell

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: velog.io Issues
+    url: https://github.com/velopert/velog-client/issues
+    about: For issues with velog.io itself (not velog-cli)

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -0,0 +1,33 @@
+name: Feature Request
+description: Suggest a new feature for velog-cli
+title: "[Feature]: "
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem or motivation
+      description: What problem does this solve? Why is this needed?
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed solution
+      description: How should this work? Include CLI examples if possible.
+      placeholder: |
+        ```bash
+        velog post export --format hugo my-post-slug
+        ```
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Any alternative approaches you've thought about
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+      description: Screenshots, links, or other context

.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(ci)"
+    open-pull-requests-limit: 5

.github/pull_request_template.md

@@ -0,0 +1,19 @@
+## Summary
+
+<!-- Brief description of what this PR does -->
+
+## Changes
+
+-
+
+## Checklist
+
+- [ ] `cargo fmt-check` passes
+- [ ] `cargo lint` passes (clippy)
+- [ ] `cargo test` passes
+- [ ] `typos` check passes
+- [ ] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/)
+
+## Related Issues
+
+<!-- Closes #123, Fixes #456 -->

CHANGELOG.md

@@ -0,0 +1,50 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/),
+and this project adheres to [Semantic Versioning](https://semver.org/).
+
+## [Unreleased]
+
+## [0.3.2] - 2026-03-13
+
+### Fixed
+
+- Prevent silent flag failures and separate auth exit code (#7)
+
+## [0.3.1] - 2026-03-13
+
+### Added
+
+- Search, tags, series, stats, comments, and social features (#5)
+
+## [0.3.0] - 2026-03-13
+
+### Added
+
+- Trending, recent, and user post listing (#4)
+
+## [0.2.0] - 2026-03-11
+
+### Added
+
+- `--format compact|pretty|silent` output flag (#3)
+
+## [0.1.0] - 2026-03-11
+
+### Added
+
+- Initial release
+- CLI for velog.io with auth login/logout/status
+- Post CRUD operations (list, show, create, edit, delete, publish)
+- Shell completions (bash, zsh, fish)
+- Homebrew tap and lefthook pre-commit hooks (#2)
+- MIT license, README, CONTRIBUTING guide (#1)
+
+[Unreleased]: https://github.com/hamsurang/velog-cli/compare/v0.3.2...HEAD
+[0.3.2]: https://github.com/hamsurang/velog-cli/compare/v0.3.1...v0.3.2
+[0.3.1]: https://github.com/hamsurang/velog-cli/compare/v0.3.0...v0.3.1
+[0.3.0]: https://github.com/hamsurang/velog-cli/compare/v0.2.0...v0.3.0
+[0.2.0]: https://github.com/hamsurang/velog-cli/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/hamsurang/velog-cli/releases/tag/v0.1.0

SECURITY.md

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+| < latest | :x:               |
+
+## Reporting a Vulnerability
+
+**Please do NOT open a public issue for security vulnerabilities.**
+
+Use [GitHub Private Vulnerability Reporting](https://github.com/hamsurang/velog-cli/security/advisories/new) to report security issues.
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+### Response Timeline
+
+- **Acknowledgment**: Within 48 hours
+- **Initial assessment**: Within 7 days
+- **Fix release**: As soon as practical
+
+## Scope
+
+- Token storage and handling (`~/.config/velog-cli/credentials.json`)
+- Network communication with velog.io API
+- Authentication flow (JWT validation, token refresh)
+- Command injection via user inputs
+
+## Out of Scope
+
+- Vulnerabilities in velog.io itself (report to velog.io directly)
+- Issues requiring physical access to the user's machine