feat: prepare for open source release

Add comprehensive documentation and governance files:

Documentation:
- README.md: Complete project overview with architecture diagram
- docs/ARCHITECTURE.md: Technical architecture and components
- docs/THREAT_MODEL.md: Security threat analysis
- docs/ROADMAP.md: Development phases and milestones
- System Design.md: High-level system design

Governance:
- CODE_OF_CONDUCT.md: Community standards (Contributor Covenant)
- CONTRIBUTING.md: Updated contribution guidelines
- GOVERNANCE.md: Project decision-making process
- MAINTAINERS.md: Maintainer list structure
- SECURITY.md: Updated security policy
- CHANGELOG.md: Version tracking (Keep a Changelog format)

CI/CD & Quality:
- .github/workflows/ci.yml: Build, test, lint, security scan
- .github/workflows/security.yml: Daily security checks
- .github/dependabot.yml: Automated dependency updates
- .golangci.yml: Linter configuration
- .gitignore: Exclude binaries and build artifacts

Templates:
- .github/ISSUE_TEMPLATE/bug_report.yml
- .github/ISSUE_TEMPLATE/feature_request.yml
- .github/PULL_REQUEST_TEMPLATE.md

Cleanup:
- Remove internal PERSON*_ files (52 files)
- Remove internal Vietnamese design docs
- Remove compiled binaries from git
- Remove old internal docs and summaries

This commit prepares ShieldX for public open source release with
production-ready documentation, CI/CD pipelines, and community
governance structure.

Author: manhbv22810230133-dot

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,49 @@
+name: Bug Report
+description: Report a reproducible problem
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to file a bug.
+  - type: input
+    id: summary
+    attributes:
+      label: Summary
+      placeholder: Short description
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide exact steps
+      placeholder: |
+        1. ...
+        2. ...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior / Logs
+  - type: input
+    id: version
+    attributes:
+      label: Version / Commit
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      options: [low, medium, high, critical]
+  - type: textarea
+    id: env
+    attributes:
+      label: Environment
+      placeholder: OS, Go version, Docker version, etc.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,30 @@
+name: Feature Request
+description: Suggest an idea or enhancement
+labels: [enhancement]
+body:
+  - type: markdown
+    attributes:
+      value: Thank you for helping improve the project.
+  - type: input
+    id: summary
+    attributes:
+      label: Summary
+    validations:
+      required: true
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Motivation / Problem
+      description: What problem does this solve?
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed Solution
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context / Dependencies

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,29 @@
+## Description
+Describe what this PR does and why.
+
+## Type of Change
+- [ ] Bug fix
+- [ ] Feature
+- [ ] Breaking change
+- [ ] Security hardening
+- [ ] Documentation
+- [ ] Refactor / chore
+
+## Checklist
+- [ ] Tests added / updated
+- [ ] `make lint` passes
+- [ ] `make test` (race) passes
+- [ ] CHANGELOG updated (user-visible change)
+- [ ] Docs updated (if needed)
+- [ ] No sensitive info added
+
+## How Has This Been Tested?
+Explain test strategy.
+
+## Security Considerations
+Explain any security impact.
+
+## Screenshots / Logs (if UI or relevant)
+
+## Follow-up Work
+Optional: list future tasks.

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "docker"
+    directory: "/docker"
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Cache Go Build
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            go-${{ runner.os }}-
+      - name: Verify Modules
+        run: go mod tidy && git diff --exit-code || (echo 'Run go mod tidy' && exit 1)
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          args: --timeout=5m
+      - name: Build
+        run: go build ./...
+      - name: Run Tests (race + coverage)
+        run: |
+          go test -race -coverprofile=coverage.out ./...
+      - name: Upload Coverage Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage
+          path: coverage.out
+      - name: Govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: go.mod
+          args: ./...

.github/workflows/security.yml

@@ -0,0 +1,42 @@
+name: Security Scans
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - '**/*.go'
+      - 'go.mod'
+      - 'go.sum'
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: go.mod
+          args: ./...
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - name: Run gosec
+        run: gosec -no-fail -fmt sarif -out gosec.sarif ./...
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: gosec.sarif
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/dependency-review-action@v4

.gitignore

@@ -0,0 +1,108 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Go workspace file
+go.work
+
+# Compiled binaries (built locally, should be rebuilt from source)
+/guardian
+/ingress
+/orchestrator
+/locator
+/ml-orchestrator
+/policy-rollout
+/policyctl
+/verifier-pool
+
+# Build artifacts
+/bin/
+/dist/
+/build/
+
+# Temporary files
+*.tmp
+*.swp
+*.swo
+*~
+.DS_Store
+
+# IDE and editor files
+.vscode/
+.idea/
+*.iml
+*.code-workspace
+
+# Environment and secrets
+.env
+.env.local
+*.key
+*.pem
+*.crt
+*.p12
+*.jks
+secrets/
+credentials/
+
+# Database files
+*.db
+*.sqlite
+*.sqlite3
+
+# Logs
+*.log
+logs/
+/data/logs/
+
+# Dependencies
+vendor/
+
+# Docker volumes and data
+/data/postgres/
+/data/redis/
+/data/prometheus/
+/data/grafana/
+
+# OS generated files
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+
+# Test coverage
+coverage.txt
+coverage.html
+*.coverprofile
+
+# Terraform
+.terraform/
+*.tfstate
+*.tfstate.*
+*.tfvars
+.terraform.lock.hcl
+
+# Kubernetes secrets
+*-secret.yaml
+*-secrets.yaml
+
+# Development databases
+postgres_data/
+redis_data/
+
+# Backup files
+*.bak
+*.backup
+
+# Personal notes (if any developer keeps local notes)
+TODO.md
+NOTES.md
+*_LOCAL.md
+*_PERSONAL.md

.golangci.yml

@@ -0,0 +1,35 @@
+run:
+  timeout: 5m
+  tests: true
+  skip-dirs:
+    - dist
+
+linters:
+  enable:
+    - govet
+    - gosec
+    - staticcheck
+    - gosimple
+    - unused
+    - errcheck
+    - ineffassign
+    - misspell
+    - revive
+  disable:
+    - depguard
+
+linters-settings:
+  misspell:
+    locale: US
+  revive:
+    confidence: 0.8
+    severity: warning
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 0
+  max-same-issues: 0
+  exclude-rules:
+    - path: _test.go
+      linters: [gosec]
+      reason: Security checks often noisy in tests

CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+Format: Keep a Changelog (https://keepachangelog.com), and Semantic Versioning once stable.
+
+## [Unreleased]
+### Added
+- Initial open-source readiness: governance, code of conduct, issue/pr templates, CI & security workflows, architecture & threat model docs.
+
+### Changed
+- Replaced placeholder README with comprehensive overview.
+
+### Security
+- Baseline security scanning workflow established.
+
+## [0.1.0] - YYYY-MM-DD
+Initial internal prototype (tag retroactive when released).