diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
new file mode 100644
index 0000000..603e118
--- /dev/null
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,57 @@
+# Contributing
+
+Welcome to Trie-Hard! Before you make a contribution, be it a bug report, documentation improvement,
+pull request (PR), etc., please read and follow these guidelines.
+
+## Start with filing an issue
+
+More often than not, **start by filing an issue on GitHub**. If you have a bug report or feature
+request, open a GitHub issue. Non-trivial PRs will also require a GitHub issue. The issue provides
+us with a space to discuss proposed changes with you and the community.
+
+Having a discussion via GitHub issue upfront is the best way to ensure your contribution lands in
+Trie-Hard. We don't want you to spend your time making a PR, only to find that we won't accept it on
+a design basis. For example, we may find that your proposed feature works better as a third-party
+module built on top of or for use with Trie-Hard and encourage you to pursue that direction instead.
+
+**You do not need to file an issue for small fixes.** What counts as a "small" or trivial fix is a
+judgment call, so here's a few examples to clarify:
+- fixing a typo
+- refactoring a bit of code
+- most documentation or comment edits
+
+Still, _sometimes_ we may review your PR and ask you to file an issue if we expect there are larger
+design decisions to be made.
+
+## Making a PR
+
+After you've filed an issue, you can make your PR referencing that issue number. Once you open your
+PR, it will be labelled _Needs Review_. A maintainer will review your PR as soon as they can. The
+reviewer may ask for changes - they will mark the PR as _Changes Requested_ and will give you
+details about the requested changes. Feel free to ask lots of questions! The maintainers are there
+to help you.
+
+Once we (the maintainers) decide to accept your change, we will label your PR as _Accepted_.
+Later (usually within a week or two), we will rebase your commits onto the `main` branch in a
+separate PR, batched alongside other _Accepted_ commits and any internal changes. (This process
+allows us to sync the state of our internal repository with the public repository.) Once your
+change lands in `main`, we will close your PR.
+
+### Caveats
+
+Currently, internal contributions will take priority. Today Trie-Hard is being maintained by
+Cloudflare's Content Delivery team, and internal Cloudflare proxy services are a primary user of
+Trie-Hard. We value the community's work on Trie-Hard, but the reality is that our team has a limited
+amount of resources and time. We can't promise we will review or address all PRs or issues in a
+timely manner.
+
+## Conduct
+
+Trie-Hard and Cloudflare OpenSource generally follows the [Contributor Covenant Code of Conduct].
+Violating the CoC could result in a warning or a ban to Trie-Hard or any and all repositories in the Cloudflare organization.
+
+[Contributor Covenant Code of Conduct]: https://github.com/cloudflare/.github/blob/26b37ca2ba7ab3d91050ead9f2c0e30674d3b91e/CODE_OF_CONDUCT.md
+
+## Contact
+
+If you have any questions, please reach out to [opensource@cloudflare.com](mailto:opensource@cloudflare.com).
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..38db2b3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,37 @@
+---
+name: Bug Report
+about: Report an issue to help us improve
+title: ''
+labels: ''
+assignees: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## Trie-Hard info
+
+Please include the following information about your environment:
+
+**Trie-Hard version**: release number of commit hash
+**Rust version**: i.e. `cargo --version`
+**Operating system version**: e.g. Ubuntu 22.04, Debian 12.4
+
+## Steps to reproduce
+
+Please provide step-by-step instructions to reproduce the issue. Include any relevant code
+snippets.
+
+## Expected results
+
+What were you expecting to happen?
+
+## Observed results
+
+What actually happened?
+
+## Additional context
+
+What other information would you like to provide? e.g. Example input & 
+operations or other clues you think could be helpful to identify the root cause.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..f9472f3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,23 @@
+---
+name: Feature request
+about: Propose a new feature
+title: ''
+labels: ''
+assignees: ''
+---
+
+## What is the problem your feature solves, or the need it fulfills?
+
+A clear and concise description of why this feature should be added. What is the problem? Who is this for?
+
+## Describe the solution you'd like
+
+What do you propose to resolve the problem or fulfill the need above? How would you like it to work?
+
+## Describe alternatives you've considered
+
+What other solutions, features, or workarounds have you considered that might also solve the issue? What are the tradeoffs for these alternatives compared to what you're proposing?
+
+## Additional context
+
+This could include references to documentation or papers, prior art, screenshots, or benchmark results.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 0000000..b943e5d
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,29 @@
+name: Security Audit
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "**/Cargo.toml"
+  schedule:
+    - cron: "0 2 * * *" # run at 2 AM UTC
+
+permissions:
+  contents: read
+
+jobs:
+  security-audit:
+    permissions:
+      checks: write # for rustsec/audit-check to create check
+      contents: read # for actions/checkout to fetch code
+      issues: write # for rustsec/audit-check to create issues
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Audit Check
+        # https://github.com/rustsec/audit-check/issues/2
+        uses: rustsec/audit-check@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..8008978
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,53 @@
+on: [push, pull_request]
+
+name: build
+
+jobs:
+  trie-hard:
+    strategy:
+      matrix:
+        toolchain: [nightly, 1.72, 1.80.0]
+    runs-on: ubuntu-latest
+    # Only run on "pull_request" event for external PRs. This is to avoid
+    # duplicate builds for PRs created from internal branches.
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+
+      - name: Install build dependencies
+        run: |
+          sudo apt update
+          sudo apt install -y cmake libclang-dev wget gnupg ca-certificates lsb-release --no-install-recommends
+          # openresty is used for convenience in tests as a server.
+          wget -O - https://openresty.org/package/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/openresty.gpg
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list > /dev/null
+          sudo apt update
+          sudo apt install -y openresty --no-install-recommends
+
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          components: rustfmt, clippy
+
+      - name: Run cargo fmt
+        run: cargo fmt --all -- --check
+
+      - name: Run cargo test
+        run: cargo test --verbose --lib --bins --tests --no-fail-fast
+
+      # Need to run doc tests separately.
+      # (https://github.com/rust-lang/cargo/issues/6669)
+      - name: Run cargo doc test
+        run: cargo test --verbose --doc
+
+      - name: Run cargo clippy
+        run: |
+          [[ ${{ matrix.toolchain }} == nightly ]] || cargo clippy --all-targets --all -- --allow=unknown-lints --deny=warnings
+
+      - name: Run cargo audit
+        run: |
+          [[ ${{ matrix.toolchain }} != 1.80.0 ]] || (cargo install cargo-audit && cargo audit)
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
new file mode 100644
index 0000000..59e85be
--- /dev/null
+++ b/.github/workflows/docs.yml
@@ -0,0 +1,26 @@
+on:
+  push:
+    branches:
+      - master
+
+name: Docs
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+
+      - name: Install build dependencies
+        run: |
+          sudo apt update
+          sudo apt install -y cmake libclang-dev
+
+      - name: Install stable toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Run cargo doc
+        run: cargo doc --no-deps --all-features
diff --git a/.github/workflows/mark-stale.yaml b/.github/workflows/mark-stale.yaml
new file mode 100644
index 0000000..4a95853
--- /dev/null
+++ b/.github/workflows/mark-stale.yaml
@@ -0,0 +1,23 @@
+name: 'Close stale questions'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          stale-issue-message: 'This question has been stale for a week. It will be closed in an additional day if not updated.'
+          close-issue-message: 'This issue has been closed because it has been stalled with no activity.'
+          days-before-stale: -1
+          days-before-issue-stale: 7
+          days-before-issue-close: 1
+          stale-issue-label: 'stale'
+          only-issue-labels: 'question'