diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..943acd4
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @Pigbibi
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..5860948
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+- package-ecosystem: "pip"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 5
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 5
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..96e2112
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          set -euo pipefail
+          python -m pip install --upgrade pip
+          python -m pip install -e . numpy pandas ruff
+
+      - name: Run Ruff
+        run: |
+          set -euo pipefail
+          ruff check .
+
+      - name: Run unit tests
+        run: |
+          set -euo pipefail
+          PYTHONPATH=src python -m unittest discover -s tests -v
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..93c42f6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+__pycache__/
+*.py[cod]
+.pytest_cache/
+.venv/
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..78f1a88
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,24 @@
+# Contributing
+
+Thanks for contributing to `QuantPlatformKit`.
+
+## Ground Rules
+
+- Prefer small, low-risk pull requests.
+- Keep refactors separate from behavior changes.
+- Add or update tests when changing runtime behavior.
+- Do not use deployment or scheduled workflows as a substitute for local verification.
+
+## Branching and Pull Requests
+
+- Create a topic branch for each change.
+- Open a pull request with a short summary and a concrete test plan.
+- Wait for CI to pass before merging.
+
+## Local Verification
+
+Run the main verification command before opening a pull request:
+
+```bash
+PYTHONPATH=src python3 -m unittest discover -s tests -v
+```
diff --git a/README.md b/README.md
index 82384cd..58a06f2 100644
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ PYTHONPATH=src python3 -m unittest discover -s tests
 `QuantPlatformKit` is a shared dependency, not a runtime service. Strategy repos should pin a fixed Git tag such as:
 
 ```text
-quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.5.0
+quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.6.0
 ```
 
 Cloud Run and self-hosted runner deployments should continue to deploy the strategy repositories only. See [docs/deployment_model.md](./docs/deployment_model.md) for:
@@ -81,7 +81,7 @@ Cloud Run and self-hosted runner deployments should continue to deploy the strat
 - service naming suggestions
 - fixed-tag dependency rules
 - Google Cloud trigger rebind steps after repo rename
-- HK / SG multi-service guidance for `LongBridgeQuant`
+- HK / SG multi-service guidance for `LongBridgePlatform`
 
 ---
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 9e474b4..a83ff86 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -63,7 +63,7 @@ PYTHONPATH=src python3 -m unittest discover -s tests
 `QuantPlatformKit` 是共享依赖，不单独部署。策略仓库应该固定依赖某个 Git tag，例如：
 
 ```text
-quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.5.0
+quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.6.0
 ```
 
 部署相关说明见：
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5ba898c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+Thanks for helping keep `QuantPlatformKit` safe.
+
+This repository is part of a shared platform library. Please do **not** open a public issue for vulnerabilities involving credentials, broker access, cloud resources, order execution, or secret material.
+
+## Reporting a Vulnerability
+
+- Contact the maintainer directly at GitHub: `@Pigbibi`.
+- If private vulnerability reporting is enabled for this repository, prefer that channel.
+- Include the repository name, affected commit or branch, environment details, and exact reproduction steps.
+
+## Secret and Credential Exposure
+
+If you suspect tokens, passwords, API keys, service-account keys, or broker credentials were exposed:
+
+1. Rotate the exposed secrets immediately.
+2. Pause scheduled jobs or deployments if the exposure can affect automation or trading behavior.
+3. Share only the minimum evidence needed to reproduce the issue.
+
+## Scope Notes
+
+Security fixes should stay minimal and focused. Please avoid bundling unrelated refactors with a security report or patch.
diff --git a/docs/deployment_model.md b/docs/deployment_model.md
index f228830..f63726f 100644
--- a/docs/deployment_model.md
+++ b/docs/deployment_model.md
@@ -97,7 +97,7 @@ They should **not** own:
 All strategy or platform runtime repositories should pin a fixed tag, for example:
 
 ```text
-quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.5.0
+quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.6.0
 ```
 
 Avoid:
diff --git a/docs/deployment_model.zh-CN.md b/docs/deployment_model.zh-CN.md
index db9e727..e76ad72 100644
--- a/docs/deployment_model.zh-CN.md
+++ b/docs/deployment_model.zh-CN.md
@@ -64,7 +64,7 @@
 策略仓库应该固定依赖某个 tag，例如：
 
 ```text
-quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.5.0
+quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@v0.6.0
 ```
 
 不要用：
diff --git a/pyproject.toml b/pyproject.toml
index 0d3515f..7cbe0f1 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -19,3 +19,6 @@ package-dir = { "" = "src" }
 
 [tool.setuptools.packages.find]
 where = ["src"]
+
+[tool.ruff]
+target-version = "py39"
diff --git a/setup.py b/setup.py
index 06e591e..90417cd 100644
--- a/setup.py
+++ b/setup.py
@@ -3,7 +3,7 @@
 
 setup(
     name="quant-platform-kit",
-    version="0.5.0",
+    version="0.6.0",
     description="Shared broker adapters, domain models, execution ports, and notification utilities for QuantStrategyLab strategies.",
     package_dir={"": "src"},
     packages=find_packages(where="src"),
diff --git a/src/quant_platform_kit/__init__.py b/src/quant_platform_kit/__init__.py
index 898df2f..312f6be 100644
--- a/src/quant_platform_kit/__init__.py
+++ b/src/quant_platform_kit/__init__.py
@@ -1,6 +1,6 @@
 """QuantPlatformKit public package surface."""
 
-__version__ = "0.5.0"
+__version__ = "0.6.0"
 
 from .common.models import (
     ExecutionReport,
diff --git a/src/quant_platform_kit/longbridge/portfolio.py b/src/quant_platform_kit/longbridge/portfolio.py
index f3fd79d..2d5c71d 100644
--- a/src/quant_platform_kit/longbridge/portfolio.py
+++ b/src/quant_platform_kit/longbridge/portfolio.py
@@ -2,6 +2,8 @@
 
 from typing import Any, Iterable
 
+from .market_data import fetch_last_price
+
 
 def fetch_strategy_account_state(
     q_ctx: Any,
@@ -46,6 +48,3 @@ def fetch_strategy_account_state(
         "sellable_quantities": sellable_quantities,
         "total_strategy_equity": available_cash + sum(market_values.values()),
     }
-
-
-from .market_data import fetch_last_price