chore: enforce lint, cleanup, cut v1.0.0

.agents/skills/plan.md

@@ -66,9 +66,11 @@ creating duplicate systems.
    ## Scope
 
    **In scope:**
+
    - ...
 
    **Out of scope:**
+
    - ...
 
    ## Implementation

.agents/skills/rabbit-round.md

@@ -57,13 +57,15 @@ CodeRabbit, Gemini, GitHub Copilot, Devin, Greptile, and similar bots.
 ## Decision Guidelines
 
 **Accept when the suggestion:**
+
 - fixes a bug or real edge case
 - improves type safety
 - adds missing tests
 - aligns with existing repo patterns
 - tightens security or validation appropriately
 
 **Push back when the suggestion:**
+
 - assumes facts not true in this codebase
 - conflicts with canonical specs or official sources
 - adds complexity for little benefit

.agents/skills/regression-hunt.md

@@ -9,6 +9,7 @@ especially when the cause is not obvious yet.
 $ARGUMENTS — A short description of what regressed.
 
 Helpful extras when available:
+
 - failing test name or file
 - error message or log line
 - expected behavior

.agents/skills/security-audit.md

@@ -57,16 +57,18 @@ layer on repo-specific risks.
    - explicitly call out the domain assumptions you used
 
 10. **Report findings by severity**:
-   - Critical
-   - High
-   - Medium
-   - Low
 
-   For each finding include:
-   - file and line
-   - issue
-   - likely impact
-   - recommended fix
+- Critical
+- High
+- Medium
+- Low
+
+For each finding include:
+
+- file and line
+- issue
+- likely impact
+- recommended fix
 
 11. **If there are no findings**, say so explicitly and mention what was checked
-   plus any residual gaps in verification.
+    plus any residual gaps in verification.

.claude/commands/plan.md

@@ -66,9 +66,11 @@ creating duplicate systems.
    ## Scope
 
    **In scope:**
+
    - ...
 
    **Out of scope:**
+
    - ...
 
    ## Implementation

.claude/commands/rabbit-round.md

@@ -57,13 +57,15 @@ CodeRabbit, Gemini, GitHub Copilot, Devin, Greptile, and similar bots.
 ## Decision Guidelines
 
 **Accept when the suggestion:**
+
 - fixes a bug or real edge case
 - improves type safety
 - adds missing tests
 - aligns with existing repo patterns
 - tightens security or validation appropriately
 
 **Push back when the suggestion:**
+
 - assumes facts not true in this codebase
 - conflicts with canonical specs or official sources
 - adds complexity for little benefit

.claude/commands/regression-hunt.md

@@ -9,6 +9,7 @@ especially when the cause is not obvious yet.
 $ARGUMENTS — A short description of what regressed.
 
 Helpful extras when available:
+
 - failing test name or file
 - error message or log line
 - expected behavior

.claude/commands/security-audit.md

@@ -57,16 +57,18 @@ layer on repo-specific risks.
    - explicitly call out the domain assumptions you used
 
 10. **Report findings by severity**:
-   - Critical
-   - High
-   - Medium
-   - Low
 
-   For each finding include:
-   - file and line
-   - issue
-   - likely impact
-   - recommended fix
+- Critical
+- High
+- Medium
+- Low
+
+For each finding include:
+
+- file and line
+- issue
+- likely impact
+- recommended fix
 
 11. **If there are no findings**, say so explicitly and mention what was checked
-   plus any residual gaps in verification.
+    plus any residual gaps in verification.

.github/workflows/ci.yml

@@ -61,6 +61,7 @@ jobs:
       - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
       - run: bun install --frozen-lockfile
       - run: bun run lint
+      - run: bun run format:check
 
   test:
     name: Test

.oxlintrc.json

@@ -5,7 +5,7 @@
     "no-shadow": "error",
     "require-await": "error",
     "no-useless-catch": "error",
-    "no-non-null-assertion": "off",
+    "no-non-null-assertion": "error",
     "typescript/no-explicit-any": "error",
     "typescript/no-dynamic-delete": "error",
     "typescript/consistent-type-definitions": [

CHANGELOG.md

@@ -8,6 +8,39 @@ The format is based on
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.0] - 2026-05-17
+
+### Changed
+
+- Bumped to 1.0.0 to opt out of the npm pinning quirk
+  where `^0.0.1` resolves only to `0.0.1`. The public
+  surface and feature set are unchanged from the
+  pre-1.0 line.
+- `Validator<T>` now exposes `parse?` on the base type
+  with a widened `ParsedIdentifier | null` return.
+  Producers that type as `Validator<ParsedPersonId>` or
+  `Validator<ParsedBirthDate>` still narrow the return
+  type as before.
+
+### Fixed
+
+- Treat `oxlint` as a real CI gate: the
+  `no-non-null-assertion` rule was silently disabled in
+  the lint config. It is now enforced; existing
+  violations were resolved with structural narrowing
+  (most weighted-sum loops now use array iterators) or
+  documented `// SAFETY:` comments where the existence
+  is genuinely guaranteed.
+- `format:check` is now wired into CI so formatter
+  drift cannot land unnoticed.
+
+### Removed
+
+- Dead `imports` map (`#checksums/*`, `#util/*`) from
+  `package.json`. Consumers never hit it: built output
+  uses relative imports and dev/test resolution goes
+  through `tsconfig.json` `paths`.
+
 ## [0.1.0] - 2026-03-18
 
 ### Added
@@ -24,4 +57,5 @@ and this project adheres to
   artifacts.
 - Per-identifier entry points for tree-shaking.
 
+[1.0.0]: https://github.com/stella/stdnum/releases/tag/v1.0.0
 [0.1.0]: https://github.com/stella/stdnum/releases/tag/v0.1.0

SECURITY.md

@@ -4,7 +4,7 @@
 
 | Version | Supported |
 | ------- | --------- |
-| 0.1.x   | Yes       |
+| 1.x     | Yes       |
 
 ## Reporting a Vulnerability
 

__test__/pa.test.ts

@@ -30,6 +30,7 @@ describe("pa.ruc", () => {
     "abc", // no segments
     "155-1-100 DV00", // old-format wrong DV
     "a-b-c-d-e DV00", // 5 segments rejected
+    "1-NT-100 DV00", // 3 segments with NT in pos 1 rejected
   ];
 
   for (const v of invalid) {