feat: add macOS support and harden cross-platform memory scanner

.flake8

@@ -1,11 +1,13 @@
 [flake8]
 
 max-line-length = 130
-ignore = E701, E722
+# E203: whitespace before ':' (black-compatible — black puts spaces around the
+#       colon in slices like data[i : i + n], which conflicts with PEP 8).
+# E701: multiple statements on one line (colon) — used pervasively as a style choice.
+# E722: do not use bare 'except'.
+# W503: line break before binary operator (black-compatible).
+ignore = E203, E701, E722, W503
 
 per-file-ignores =
-    # __init__.py files are allowed to have unused imports and lines-too-long
-    */__init__.py:F401
-
-    # Unused imports are allowed in the tests/package.py module and they must come after setting the current working directory.
-    tests/package.py:F401, E402
+    # __init__.py files are allowed to have unused imports and lines-too-long.
+    */__init__.py:F401, E501

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Set this input '....'
+3. Run the '....'
+4. Scroll down to '....'
+5. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**System (please complete the following information):**
+ - OS: [e.g. Windows]
+ - Python Version [e.g. 1.10]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+- A clear and concise description of what you want to happen.
+- A clear and concise description of any alternative solutions or features you've considered.
+
+**Is not your feature request related to a problem? Please describe**
+A clear and concise description of how your feature can positively impact the project.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/questioning.md

@@ -0,0 +1,35 @@
+---
+name: Questioning
+about: Ask a question about the project
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Is your problem described in the documentation? If so, please describe**
+A clear and concise description of what is confusing in the documentation.
+
+**Describe your question**
+A clear and concise description of what the bug is.
+
+**Is your question reproducible? Please describe**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Set this input '....'
+3. Run the '....'
+4. Scroll down to '....'
+5. See behavior
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**System**
+If applicable, please complete the following information:
+
+1. OS: [e.g. Windows]
+2. Python Version [e.g. 1.10]
+
+**Additional context**
+Add any other context about the problem here.

.github/dependabot.yml

@@ -0,0 +1,21 @@
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+#
+# `open-pull-requests-limit: 0` disables routine version-update PRs (no weekly
+# bump churn). Dependabot security advisories still surface via the Security
+# tab and security-update PRs are unaffected by this limit, so vulnerabilities
+# in psutil et al. remain visible.
+
+version: 2
+
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0

.github/pull_request_template.md

@@ -0,0 +1,27 @@
+**Why is this PR necessary, what does it do?**
+
+<!-- 
+IMPORTANT! Explain the **motivation** for making this change: what existing
+problem the pull request solves or what new features it implements.
+-->
+
+**Checklist (complete all items)**:
+
+- [ ] Added tests as necessary.
+- [ ] There is no breaking change for existing features.
+
+**References:**
+
+<!-- (Nice to have) 
+Link tasks, issues, PRs that are related to this pull request, etc. 
+-->
+
+No references to be shared. 
+
+**Notes:**
+
+<!-- (Optional) 
+Explain some changes that can be useful when reviewing this pull request. 
+-->
+
+No notes to be shared. 

.github/workflows/delete-pr-branch.yml

@@ -0,0 +1,41 @@
+name: Delete PR branch
+
+on:
+  pull_request:
+    types: [closed]
+
+permissions:
+  contents: write
+
+jobs:
+  delete:
+    name: Delete head branch after PR close
+    if: github.event.pull_request.head.repo.full_name == github.repository
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            const ref = pr.head.ref;
+
+            const protectedBranches = new Set(["main", "gh-pages"]);
+            if (protectedBranches.has(ref)) {
+              core.info(`Refusing to delete protected branch: ${ref}`);
+              return;
+            }
+
+            try {
+              await github.rest.git.deleteRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: `heads/${ref}`,
+              });
+              core.info(`Deleted branch: ${ref}`);
+            } catch (err) {
+              if (err.status === 422 || err.status === 404) {
+                core.info(`Branch already gone: ${ref}`);
+                return;
+              }
+              throw err;
+            }

.github/workflows/lint-pr-title.yml

@@ -0,0 +1,46 @@
+name: Lint PR title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  pull-requests: read
+
+jobs:
+  lint:
+    name: Conventional commit title
+    runs-on: ubuntu-latest
+    steps:
+      - name: Lint PR title
+        uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Conventional commit types accepted in titles. Mirrors the set the
+          # PR labeler recognizes in .github/workflows/labeler.yml.
+          types: |
+            feat
+            fix
+            perf
+            refactor
+            revert
+            docs
+            ci
+            build
+            chore
+            test
+            style
+          # Subject must start lowercase and not end with a period.
+          subjectPattern: ^(?![A-Z])(?!.*\.$).+$
+          subjectPatternError: |
+            The subject "{subject}" found in "{title}" must start with a
+            lowercase letter and must not end with a period.

.github/workflows/python-package.yml

@@ -4,35 +4,89 @@
 name: Python Package
 
 on:
+  # `push` restricted to `main` so feature branches only run via `pull_request`.
+  # Otherwise every push to a branch with an open PR would trigger the workflow
+  # twice (once for `push`, once for `pull_request`) — doubling CI cost and
+  # latency for no benefit.
   push:
+    branches: [main]
   pull_request:
+  # Allow re-running the workflow without an empty push (handy after the
+  # workflow gets `disabled_inactivity` after 60 days idle).
+  workflow_dispatch:
   schedule:
     - cron:  '0 0 */7 * *'
 
+# Cancel an in-flight run when a newer commit lands on the same ref. Keeps the
+# queue lean and stops stale runs from blocking the merge button.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  build:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - name: Install lint deps
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8
+    - name: Lint
+      run: |
+        flake8 PyMemoryEditor tests
 
+  type-check:
+    needs: lint
+    runs-on: ubuntu-latest
+    # Informational while pre-existing type debt is being paid down. Surfaces
+    # regressions in PR diffs without blocking merges. Flip to required once
+    # the existing errors are addressed.
+    continue-on-error: true
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - name: Install dev deps
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+    - name: Run mypy
+      run: |
+        mypy PyMemoryEditor
+
+  build:
+    needs: lint
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
         os:
           - ubuntu-latest
           - windows-latest
-
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install -r requirements.txt
+        pip install -e ".[dev]"
     - name: Test with pytest
       run: |
-        pytest tests -v -s -x
-    - name: Install package
-      run: |
-        pip install PyMemoryEditor
+        pytest tests -v -s -x --cov=PyMemoryEditor --cov-report=term
+
+# macOS is intentionally NOT in CI: GitHub-hosted macOS runners are heavily
+# congested for free-tier accounts (jobs sit in queue for 30+ min without
+# acquiring a runner). The Mach backend is validated by local self-process
+# tests during development; contributors with macOS hardware can run
+# `pytest tests` locally.