feat[security]: Security and performance improvements v1 (#11)

* feat[security]: Security and performance improvements v1

- Fixed filter chaining so resource/route middleware executes and added coverage.
- Isolated CORS allowlist state per filter and verified behavior.
- Preserved upstream request contexts in the adapter.
- Made security caching opt-in and documented with tests.
- This is version 1.0.0, will receive no new features only security updates as needed.

* chore[security]: SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391

Upgraded github.com/sirupsen/logrus to v1.9.1

Rel: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391

Author: srfrog

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# CODEOWNERS: specify people or teams responsible for changes
+# Format: path  @username-or-team
+# Use @srfrog as default owner for reviews. Adjust as needed.
+
+* @srfrog

.github/CONTRIBUTING.md

@@ -0,0 +1,50 @@
+# Contributing to go-relax
+
+Thanks for your interest in contributing to go-relax!
+
+Table of contents
+- How to contribute
+- Reporting bugs
+- Submitting changes (PR workflow)
+- Testing and linting
+- Commit message guidelines
+- Code of conduct
+
+How to contribute
+1. Fork the repository.
+2. Create a branch from master:
+   - git checkout -b <your-branch-name>
+3. Make small, focused changes with tests where appropriate.
+4. Run the tests and linters locally (instructions below).
+5. Push your branch to your fork and open a Pull Request against srfrog/go-relax master.
+
+Reporting bugs
+- Open an issue using the Bug Report template.
+- Include: steps to reproduce, expected vs actual behavior, Go version, OS.
+
+Submitting changes (PR workflow)
+- Open a pull request from your fork to srfrog/go-relax master.
+- Use the provided PR template and fill in all checklist items.
+- Keep PRs focused and small where possible.
+- If requested, respond to review comments and push updates to the same branch.
+- If you allow “edits by maintainers” that helps maintainers make small fixes.
+
+Testing and linting (local)
+- Install Go (1.20+ recommended).
+- Run unit tests:
+  - go test ./...
+- Run go vet:
+  - go vet ./...
+- Run gofmt check:
+  - gofmt -l .   # should print no files
+- Optional linting (recommended):
+  - golangci-lint run
+
+Commit message guidelines
+- Keep a short subject line (<=72 chars).
+- Use the imperative mood: "Fix", "Add", "Remove".
+- Optionally include a longer body explaining why the change is necessary.
+- If you must sign-off, include Signed-off-by: Name <email>.
+
+Code of Conduct
+- Be respectful and constructive in reviews and issues. Maintainers reserve the right to close or redirect contributions that do not follow community standards.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,23 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: bug
+assignees: srfrog
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "[FEATURE]"
+labels: enhancement
+assignees: srfrog
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/pull_request_template.md

@@ -0,0 +1,15 @@
+### Summary
+
+<!-- Brief description of the change -->
+
+### Related issues
+<!-- Link issue(s) if any, e.g. Fixes #123 -->
+
+### Checklist
+- [ ] I have run tests locally and they pass: `go test ./...`
+- [ ] I have run linters: `gofmt -l .` / `golangci-lint run` (if available)
+- [ ] I have added tests if applicable
+- [ ] I have updated documentation if needed
+
+### Notes for reviewers
+<!-- Anything the reviewer should know; short and focused -->

.github/workflows/ci.yml

@@ -0,0 +1,54 @@
+name: CI
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    name: Test and Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+
+      - name: Cache Go modules
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/go-build
+            ${{ github.workspace }}/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+
+      - name: Install linters
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.59.0
+
+      - name: Run gofmt check
+        run: |
+          if [ -n "$(gofmt -l .)" ]; then
+            echo "gofmt needs to be run on the following files:"
+            gofmt -l .
+            exit 1
+          fi
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Run golangci-lint
+        run: golangci-lint run ./...
+
+      - name: Run tests
+        run: go test -v ./...

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+
+  build:
+    name: Build
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.14
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Get dependencies
+      run: |
+        go get -v -t -d ./...
+
+    - name: Build
+      run: go build -v .
+
+    - name: Test
+      run: go test -v .

.github/workflows/go.yml

@@ -11,3 +11,4 @@ _*
 vendor/*
 !vendor/vendor.json
 
+.vscode

.gitignore

@@ -34,7 +34,7 @@ This Code of Conduct applies both within project spaces and in public spaces whe
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at github@codehack.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at github@castlebytes.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.