chore: initialize gondulf project structure

Set up Python project with uv environment management and FastAPI stack.

Project structure:
- src/gondulf/ - Main application package
- tests/ - Test suite directory
- pyproject.toml - Project configuration with dependencies
- README.md - Project documentation
- uv.lock - Dependency lock file

Dependencies configured:
- FastAPI + Uvicorn for web framework
- SQLAlchemy for database ORM
- pytest + coverage for testing
- ruff, black, mypy, flake8 for code quality
- Development environment using uv direct execution model

All project standards reviewed and implemented per:
- /docs/standards/coding.md
- /docs/standards/testing.md
- /docs/standards/git.md
- /docs/standards/development-environment.md
- /docs/standards/versioning.md

docs/standards/versioning.md

@@ -0,0 +1,80 @@
+# Versioning Standard
+
+## Overview
+
+This project follows Semantic Versioning 2.0.0 (https://semver.org/) for all releases.
+
+## Version Format
+
+`MAJOR.MINOR.PATCH`
+
+- **MAJOR**: Incremented for incompatible API changes or breaking changes to IndieAuth protocol implementation
+- **MINOR**: Incremented for new features added in a backward-compatible manner
+- **PATCH**: Incremented for backward-compatible bug fixes and documentation improvements
+
+## Version Increments for IndieAuth Server
+
+### MAJOR Version Changes (Breaking)
+- Changes that break compatibility with existing IndieAuth clients
+- Removal or modification of required IndieAuth endpoints
+- Changes to token formats that invalidate existing tokens
+- Database schema changes that require manual migration
+- Configuration format changes that are not backward-compatible
+- Removal of previously supported authentication methods
+
+### MINOR Version Changes (Features)
+- Addition of new optional IndieAuth endpoints (e.g., metadata endpoint)
+- New client registration features
+- Additional authentication methods
+- Performance optimizations that don't change behavior
+- New administrative features
+- Support for additional IndieAuth extensions
+
+### PATCH Version Changes (Fixes)
+- Bug fixes that don't change API behavior
+- Security patches that maintain compatibility
+- Documentation improvements
+- Internal refactoring without external changes
+- Dependency updates that don't affect functionality
+- Configuration option additions with sensible defaults
+
+## Pre-release Versions
+
+Pre-release versions may be denoted by appending:
+- `-alpha.N` for early development versions
+- `-beta.N` for feature-complete testing versions
+- `-rc.N` for release candidates
+
+Example: `1.0.0-beta.2`
+
+## Initial Release Target
+
+`1.0.0` - First stable release with:
+- Full W3C IndieAuth specification compliance
+- Client self-registration capability
+- Production-ready security model
+
+## Version Tagging
+
+Git tags follow the format: `v{MAJOR}.{MINOR}.{PATCH}`
+
+Example: `v1.0.0`, `v1.1.0-beta.1`
+
+## Release Notes
+
+Each release must include:
+- Version number and release date
+- Summary of changes categorized by type (Features, Fixes, Breaking Changes)
+- Migration instructions for breaking changes
+- Known issues if applicable
+- Contributors acknowledgment
+
+## Version Support Policy
+
+- Latest MAJOR version: Full support with bug fixes and security updates
+- Previous MAJOR version: Security updates only for 6 months after new MAJOR release
+- Older versions: No support
+
+## Development Branch Versioning
+
+The main branch always contains the next unreleased version with `-dev` suffix in any version files.