Update maintainer and agent guidelines to include CITATION.cff and clarify protected files

Author: maehr

.github/MAINTAINERS.md

@@ -1,10 +1,12 @@
 # Maintainer Notes
 
 ## Scope
+
 - This is a template repo; keep placeholders like `USERNAME` and `REPO_NAME` intact.
 - Avoid adding new dependencies unless necessary.
 
 ## Routine Maintenance
+
 - Update template guidance and placeholder instructions as needed.
 - Format and lint before releases or larger edits:
   - `npm run format` (or `npm run check` to verify)
@@ -13,6 +15,7 @@
   - R: `styler::style_dir(".")` and `lintr::lint_dir(".")`
 
 ## Releases
+
 - **Manual releases** (GitHub UI or `gh release create`) trigger `.github/workflows/release-site.yml` on `release: published`.
 - The workflow renders the site and uploads `site.tar.gz` to the release.
 - Do **not** run production Quarto commands (`quarto render` / `quarto publish gh-pages`) outside CI workflows.

AGENTS.md

@@ -28,6 +28,7 @@ This template includes placeholders like: `USERNAME`, `REPO_NAME`, `FULLNAME`, `
   - **Replace placeholders** in:
     - `.github/ISSUE_TEMPLATE/config.yml`
     - `_brand.yml`
+    - `CITATION.cff`
     - `CODE_OF_CONDUCT.md`
     - `DESCRIPTION`
     - `package.json`
@@ -53,6 +54,7 @@ This template includes placeholders like: `USERNAME`, `REPO_NAME`, `FULLNAME`, `
 
 Aligned with _The Turing Way_ advanced structure:
 
+- `.github/` — issue templates, PR templates, and CI workflows
 - `analysis/` — notebooks and analysis scripts
 - `assets/` — images and media
 - `build/` — data build/processing scripts
@@ -64,7 +66,16 @@ Aligned with _The Turing Way_ advanced structure:
 
 Place new files accordingly.
 
-## 6) Dependency Management (Both)
+## 6) Protected Files (Both)
+
+Do **not** modify these files directly during agent sessions unless explicitly requested:
+
+- `LICENSE-AGPL.md`, `LICENSE-CCBY.md` — license text should not be altered
+- `package-lock.json`, `uv.lock`, `renv.lock` — generated by package managers; modify via commands only
+- `.gitattributes`, `.gitignore` — modify only when adding new file types or patterns
+- `.github/workflows/*.yml` — CI configurations; changes require careful review
+
+## 7) Dependency Management (Both)
 
 ### Node.js (npm)
 
@@ -88,13 +99,13 @@ Place new files accordingly.
 
 **Note**: The `DESCRIPTION` file documents R development dependencies. The `.Rprofile` configures R options and activates renv.
 
-## 7) Documentation Practices (Both)
+## 8) Documentation Practices (Both)
 
 - Prefer `.qmd` for executable, reproducible docs; `.md` for static content.
 - Include valid YAML front matter.
 - Execute and test code chunks. Keep outputs reproducible.
 
-## 8) Testing and CI (Both)
+## 9) Testing and CI (Both)
 
 - `npm run check` for formatting
 - `uv run ruff check` for Python linting
@@ -107,22 +118,22 @@ Place new files accordingly.
 
 **Archiving note**: CI artifacts are short-lived and for debugging only. GitHub Pages is a delivery channel. Long-term preservation uses GitHub Releases (site archive) and Zenodo for DOI-backed archival.
 
-## 9) GitHub Features and Security (Project instances)
+## 10) GitHub Features and Security (Project instances)
 
 - **Enable GitHub Security Alerts** and Dependabot updates (Repository → Security).
 - **Protect `main`**: require PR reviews and disallow force pushes.
 - Keep `SECURITY.md` and GitHub security features active.
 - Use provided **issue templates**; modify only to improve the template.
 
-## 10) Zenodo Integration and DOI (Project instances)
+## 11) Zenodo Integration and DOI (Project instances)
 
 - **Enable Zenodo–GitHub integration** to archive releases and mint DOIs.
 - After first release:
   - Record your **`ZENODO_RECORD`** and **`DOI`**.
   - **Zenodo DOI badge**: replace `GITHUB_REPO_ID` with the numeric repo ID from `https://api.github.com/repos/USERNAME/REPO_NAME` (`id` field). Badge will display your DOI after Zenodo links the release.
 - Add the DOI to the README once available.
 
-## 11) Website Publishing with GitHub Pages (Project instances)
+## 12) Website Publishing with GitHub Pages (Project instances)
 
 - In repo **Settings → Pages**:
   - Source: **Deploy from a branch**
@@ -131,13 +142,13 @@ Place new files accordingly.
   - `quarto render`
   - `quarto publish gh-pages`
 
-## 12) Brand and UX Polish (Project instances)
+## 13) Brand and UX Polish (Project instances)
 
 - Generate favicons (`favicon.ico`, `favicon-16x16.png`, `favicon-32x32.png`, `apple-touch-icon.png`, Android icons) and place at repo root.
 - Replace placeholder contact details and short description.
-- Remove or resolve `TODO` comments: `grep -r "TODO" .` then address or delete.
+- Remove or resolve `TODO` comments: search for `TODO` in the codebase and address or delete each one.
 
-## 13) Commands Recap (Both)
+## 14) Commands Recap (Both)
 
 | Command                   | Purpose                                          |
 | ------------------------- | ------------------------------------------------ |
@@ -158,7 +169,7 @@ Place new files accordingly.
 | `quarto render`           | **Production render** (avoid in agent sessions)  |
 | `quarto publish gh-pages` | **Production publish** (avoid in agent sessions) |
 
-## 14) Finalization Workflow Checklist (Project instances)
+## 15) Finalization Workflow Checklist (Project instances)
 
 Follow `TODO.md`, then:
 
@@ -175,7 +186,7 @@ Follow `TODO.md`, then:
 11. After first release, update `ZENODO_RECORD`, `DOI`, and DOI badge.
 12. Verify security alerts and branch protection.
 
-## 15) Verification Steps (Project instances)
+## 16) Verification Steps (Project instances)
 
 - `npm run check` passes.
 - `uv run ruff check` passes without errors.

TODO.md

@@ -15,7 +15,7 @@ Complete the following steps after creating your project from this template to c
   - `GITHUB_REPO_ID` → Your GitHub repository ID (e.g., "123456789")
   - `ZENODO_RECORD` → Your Zenodo record number (e.g., "1234567") after first release or manually create a Zenodo deposit
   - `DOI` → Your DOI after first release (e.g., "10.5281/zenodo.1234567")
-  - Files to update: `.github/ISSUE_TEMPLATE/config.yml`, `_brand.yml`, `CODE_OF_CONDUCT.md`, `package.json`, `pyproject.toml`, `README.template.md`, and `SECURITY.md`
+  - Files to update: `.github/ISSUE_TEMPLATE/config.yml`, `_brand.yml`, `CITATION.cff`, `CODE_OF_CONDUCT.md`, `DESCRIPTION`, `package.json`, `pyproject.toml`, `README.template.md`, and `SECURITY.md`
 - [ ] **Set Up Zenodo Integration**: Follow the [GitHub guide for Zenodo integration](https://docs.github.com/en/repositories/archiving-a-github-repository/referencing-and-citing-content) to enable automatic archiving and obtain a DOI for your repository.
 - [ ] **Set Up Zenodo DOI Badge**: Replace `GITHUB_REPO_ID` with the repository ID from `https://api.github.com/repos/USERNAME/REPO_NAME` (look for the `id` field in the JSON response). The badge will automatically display your Zenodo DOI after the first release.
 - [ ] **Add Zenodo DOI to README**: After creating your first release and obtaining a Zenodo DOI, replace `ZENODO_RECORD` in README.md with your actual Zenodo record number (found in your Zenodo deposit URL).