fix: instantiate rsr-template placeholders left generic from scaffold (LICENSE/CoC/issue templates/SECURITY) (#96)

## Summary

Five files retained rsr-template-repo placeholder text from when the
template was used to scaffold panic-attack. Estate dogfood checks /
OpenSSF Scorecard / assail self-scan now consume these files, so the
placeholders surface as real audit findings.

| File | Gap | Fix |
|---|---|---|
| `LICENSE` | Body was GNU AGPL-3.0-or-later despite Cargo.toml / README
badge / 0-AI-MANIFEST.a2ml / shipped `LICENSES/MPL-2.0.txt` all
declaring MPL-2.0 | Replaced with MPL-2.0 text from in-repo
`LICENSES/MPL-2.0.txt` + canonical `SPDX-License-Identifier:` prefix. No
carve-out memory exists for panic-attack (unlike echidna's intentional
MPL-docs-over-AGPL-LICENSE split or idaptik's intentional
AGPL-throughout) |
| `CODE_OF_CONDUCT.md` | TEMPLATE INSTRUCTIONS block intact,
`language-bridges` pledge text, broken Discussions URL, unfilled
`{{CONDUCT_EMAIL}}` / `{{CONDUCT_TEAM}}` / `{{RESPONSE_TIME}}` |
Stripped instructions, replaced project name, fixed URL, filled
placeholders with values that match SECURITY.md
(`j.d.a.jewell@open.ac.uk`, `panic-attack maintainers`, `48 hours`) |
| `.github/ISSUE_TEMPLATE/bug_report.md` | Stock GitHub template
prompting for iOS / browser / smartphone metadata against a Rust CLI |
Domain-specific fields: panic-attack version, rustc version, target
source language under scan, sub-command involved
(assail/bridge/verisimdb/assault), relevant config files |
| `.github/ISSUE_TEMPLATE/feature_request.md` | Stock GitHub template |
Polished into detector / sub-command / schema-version impact /
hypatia-vs-panic-attack layering / cross-repo wiring hints |
| `.github/ISSUE_TEMPLATE/custom.md` | Empty stub with `about: Describe
this issue template's purpose here.` | Deleted (no panic-attack-specific
use case) |
| `SECURITY.md` | Supported-versions table claimed 0.2.x / 0.1.x; actual
Cargo.toml version is 2.5.0 | Updated to 2.5.x supported, < 2.5
unsupported |

## Test plan

- [x] No remaining `{{PLACEHOLDER}}` markers (verified via grep)
- [x] No remaining \`language-bridges\` references in CoC
- [x] No remaining TEMPLATE INSTRUCTIONS blocks
- [x] LICENSE body matches \`LICENSES/MPL-2.0.txt\` verbatim
- [x] Issue templates compile (valid YAML frontmatter)
- [x] SECURITY.md version table matches \`Cargo.toml\` package.version

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,38 +1,37 @@
 ---
 name: Bug report
-about: Create a report to help us improve
+about: Report a panic-attack defect (false-positive rule, runtime crash, schema breakage, missed detection)
 title: ''
-labels: ''
+labels: bug
 assignees: ''
 
 ---
 
 **Describe the bug**
-A clear and concise description of what the bug is.
+A clear and concise description of what went wrong. If this is a detector firing where it shouldn't (false positive) or NOT firing where it should (false negative), say so explicitly.
 
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+**Reproduction**
+Minimal steps to reproduce:
+1. `panic-attack <subcommand> <args>` …
+2. Against fixture / repo at … (link or attach minimal sample)
+3. Observed: …
+4. Expected: …
 
-**Expected behavior**
-A clear and concise description of what you expected to happen.
+**Sample output**
+If applicable, paste the JSON / A2ML report excerpt that demonstrates the issue:
 
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
+```
+<paste output here>
+```
 
-**Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
-
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
+**Environment**
+- panic-attack version: `panic-attack --version` →
+- Rust toolchain: `rustc --version` →
+- OS / arch:
+- Target source language(s) under scan (Rust / Haskell / Idris2 / Coq / Lean / Agda / Isabelle / Chapel / …):
+- Sub-command involved (`assail` / `bridge` / `verisimdb` / `assault` / …):
 
 **Additional context**
-Add any other context about the problem here.
+- Has the same input run cleanly in a prior version? If so, which?
+- Any relevant config (`.hypatia-ignore`, `.trusted-base-ignore`, `audits/assail-classifications.a2ml`)?
+- Suspected detector / file in `src/assail/analyzer.rs` or similar?

.github/ISSUE_TEMPLATE/custom.md

@@ -1,20 +1,27 @@
 ---
 name: Feature request
-about: Suggest an idea for this project
+about: Propose a new detector, sub-command, output schema, or integration for panic-attack
 title: ''
-labels: ''
+labels: enhancement
 assignees: ''
 
 ---
 
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+**What problem does this solve?**
+Describe the gap or pain point — what does panic-attack currently miss / get wrong / make awkward? Cite a real-world finding or workflow where possible.
 
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
+**Proposed solution**
+What would the new behaviour look like? If this is a new detector, what does it match, and what's the false-positive avoidance plan? If a new sub-command, what's its surface (`panic-attack <name> [args]`)?
 
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
+**Alternatives considered**
+- Could this be expressed by an existing detector + classification?
+- Could it live downstream in hypatia (rule layer) instead of panic-attack (detector layer)?
+- Could `audits/assail-classifications.a2ml` cover it via classification entries?
+
+**Impact / scope**
+- Estate repos likely to benefit:
+- Schema / output changes (would this bump `schema_version`?):
+- Cross-repo wiring (hypatia#358 fact-source consumption, bridge-classifier downstream, etc.):
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+Links to motivating findings, related issues, or upstream tooling that informs the design.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,28 +1,8 @@
 # Code of Conduct
 
-<!-- 
-============================================================================
-TEMPLATE INSTRUCTIONS (delete this block before publishing)
-============================================================================
-Replace all {{PLACEHOLDER}} values:
-  language-bridges     - Your project name
-  hyperpolymath            - GitHub/GitLab username or org
-  language-bridges             - Repository name
-  {{CONDUCT_EMAIL}}    - Email for conduct reports
-  {{CONDUCT_TEAM}}     - Name of conduct team/committee
-  {{RESPONSE_TIME}}    - Initial response SLA (e.g., 48 hours)
-  2026     - Current year
-
-Review and customise:
-- Adjust enforcement ladder for your community size
-- Add/remove examples based on your context
-- Ensure contact methods work for your team
-============================================================================
--->
-
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in language-bridges a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, colour, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in panic-attack a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, colour, religion, or sexual identity and orientation.
 
 We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
 
@@ -136,7 +116,7 @@ If you experience or witness unacceptable behaviour, or have any other concerns,
 
 | Method | Details | Best For |
 |--------|---------|----------|
-| **Email** | {{CONDUCT_EMAIL}} | Detailed reports, sensitive matters |
+| **Email** | j.d.a.jewell@open.ac.uk | Detailed reports, sensitive matters |
 | **Private Message** | Contact any maintainer directly | Quick questions, minor issues |
 | **Anonymous Form** | [Link to form if available] | When you need anonymity |
 
@@ -152,8 +132,8 @@ If you experience or witness unacceptable behaviour, or have any other concerns,
 
 **What Happens Next**
 
-1. You will receive acknowledgment within **{{RESPONSE_TIME}}**
-2. The {{CONDUCT_TEAM}} will review the report
+1. You will receive acknowledgment within **48 hours**
+2. The panic-attack maintainers will review the report
 3. We may ask for additional information
 4. We will determine appropriate action
 5. We will inform you of the outcome (respecting others' privacy)
@@ -169,7 +149,7 @@ All reports will be handled with discretion:
 
 ### Conflicts of Interest
 
-If a {{CONDUCT_TEAM}} member is involved in an incident:
+If a panic-attack maintainers member is involved in an incident:
 
 - They will recuse themselves from the process
 - Another maintainer or external party will handle the report
@@ -179,7 +159,7 @@ If a {{CONDUCT_TEAM}} member is involved in an incident:
 
 ## Enforcement Guidelines
 
-The {{CONDUCT_TEAM}} will follow these guidelines in determining consequences:
+The panic-attack maintainers will follow these guidelines in determining consequences:
 
 ### 1. Correction
 
@@ -231,13 +211,13 @@ For contributors with elevated access (Perimeter 2 or 1):
 If you believe an enforcement decision was made in error:
 
 1. **Wait 7 days** after the decision (cooling-off period)
-2. **Email** {{CONDUCT_EMAIL}} with subject line "Appeal: [Original Report ID]"
+2. **Email** j.d.a.jewell@open.ac.uk with subject line "Appeal: [Original Report ID]"
 3. **Explain** why you believe the decision should be reconsidered
 4. **Provide** any new information not previously available
 
 **Appeals Process**
 
-- Appeals are reviewed by a different {{CONDUCT_TEAM}} member than the original
+- Appeals are reviewed by a different panic-attack maintainers member than the original
 - You will receive a response within 14 days
 - The appeals decision is final
 - You may only appeal once per incident
@@ -310,8 +290,8 @@ We thank these communities for their leadership in creating welcoming spaces.
 
 If you have questions about this Code of Conduct:
 
-- Open a [Discussion](https://github.com/hyperpolymath/language-bridges/discussions) (for general questions)
-- Email {{CONDUCT_EMAIL}} (for private questions)
+- Open a [Discussion](https://github.com/hyperpolymath/panic-attack/discussions) (for general questions)
+- Email j.d.a.jewell@open.ac.uk (for private questions)
 - Contact any maintainer directly
 
 ---