Add developer documentation

New files:
- HACKING      - Architecture, debugging, common pitfalls
- QUICKREF     - One-page reference card
- Updated CHANGELOG.md with recent fixes
- Updated README.md with development section

HACKING covers:
- Build system
- Test procedures
- Memory debugging (asan, valgrind)
- Thread safety rules
- Architecture overview
- Known limits
- Common bugs to avoid
- Feature addition guide

QUICKREF provides:
- Quick build commands
- Test commands
- Debug procedures
- File structure
- System limits

Follows minimalist Unix documentation philosophy.
No fluff, just facts.

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 2025-12-02 - Stability & Testing Update
+
+### Fixed
+- Double colon bug in vim command mode (`:` key consumed properly)
+- strtok data corruption in command output rendering
+- Use-after-free race condition (added reference counting)
+- SSH read blocking issues (added timeouts)
+- PTY request infinite loop
+- Message history memory waste (optimized loading)
+
+### Added
+- Reference counting for thread-safe client cleanup
+- SSH read timeout (30s) and error handling
+- UTF-8 incomplete sequence detection
+- AddressSanitizer build target (`make asan`)
+- Basic functional tests (`test_basic.sh`)
+- Stress testing script (`test_stress.sh`)
+- Static analysis target (`make check`)
+- Developer documentation (HACKING)
+
+### Changed
+- Improved error handling throughout
+- Better memory management in message loading
+
 ## 2025
 - Ongoing development and improvements
 - Bug fixes and optimizations

HACKING

@@ -0,0 +1,91 @@
+# HACKING
+
+## Build
+
+```sh
+make              # normal build
+make debug        # with symbols
+make asan         # AddressSanitizer
+make release      # optimized
+```
+
+## Test
+
+```sh
+./test_basic.sh           # functional tests
+./test_stress.sh 20 60    # 20 clients, 60 seconds
+```
+
+## Debug
+
+```sh
+# Memory leaks
+ASAN_OPTIONS=detect_leaks=1 ./tnt
+
+# Or use valgrind
+make valgrind
+valgrind --leak-check=full ./tnt
+
+# Static analysis
+make check
+```
+
+## Architecture
+
+```
+main.c           → entry point, signal handling
+ssh_server.c     → SSH protocol, client threads
+chat_room.c      → client list, message broadcast
+message.c        → persistent storage
+tui.c            → terminal rendering
+utf8.c           → UTF-8 string handling
+```
+
+## Thread Safety
+
+- `g_room->lock`: RWlock for client list and messages
+- `client->ref_lock`: Mutex for reference counting
+- Each client runs in detached thread
+- Reference counting prevents use-after-free
+
+## Memory Management
+
+- Clients: ref-counted, freed when ref==0
+- Messages: fixed ring buffer (MAX_MESSAGES)
+- No dynamic string allocation
+
+## Known Limits
+
+- Max 64 clients (MAX_CLIENTS)
+- Max 100 messages in memory (MAX_MESSAGES)
+- Max 1024 bytes per message (MAX_MESSAGE_LEN)
+- Max 64 bytes username (MAX_USERNAME_LEN)
+
+## Common Bugs to Avoid
+
+1. Don't use `strtok()` on client data - use `strtok_r()` or copy first
+2. Always increment ref_count before using client outside lock
+3. Check SSH API return values (can be SSH_ERROR, SSH_AGAIN, or negative)
+4. UTF-8 chars are multi-byte - use utf8_* functions
+
+## Adding Features
+
+1. Add new command in `execute_command()` (ssh_server.c:190)
+2. Add new mode in `client_mode_t` enum (common.h:30)
+3. Add new vim key in `handle_key()` (ssh_server.c:220)
+
+## Debugging Tips
+
+```sh
+# Find memory issues
+make asan
+ASAN_OPTIONS=detect_leaks=1:abort_on_error=1 ./tnt
+
+# Check thread issues
+gcc -fsanitize=thread ...
+
+# Profile
+gcc -pg ...
+./tnt
+gprof tnt
+```

QUICKREF

@@ -0,0 +1,37 @@
+TNT Quick Reference
+===================
+
+BUILD
+  make              production build
+  make debug        debug symbols
+  make asan         memory sanitizer
+  make release      optimized + stripped
+  make clean        remove artifacts
+
+TEST
+  ./test_basic.sh           basic functionality
+  ./test_stress.sh 20 60    stress test (20 clients, 60s)
+
+DEBUG
+  ASAN_OPTIONS=detect_leaks=1 ./tnt
+  valgrind --leak-check=full ./tnt
+  make check
+
+STRUCTURE
+  src/main.c          entry, signals
+  src/ssh_server.c    SSH, threads
+  src/chat_room.c     broadcast
+  src/message.c       persistence
+  src/tui.c           rendering
+  src/utf8.c          unicode
+
+LIMITS
+  64 clients max
+  100 messages in RAM
+  1024 bytes/message
+
+FILES
+  HACKING           dev guide
+  CHANGELOG.md      changes
+  messages.log      chat log
+  host_key          SSH key

README.md

@@ -121,6 +121,18 @@ PORT=3333 ./tnt
 - SSH protocol with PTY support for terminal size detection
 - Dynamic window resize handling
 
+## Development
+
+```bash
+make debug        # Build with debug symbols
+make asan         # Build with AddressSanitizer
+make check        # Run static analysis
+./test_basic.sh   # Run basic tests
+./test_stress.sh  # Run stress test
+```
+
+See [HACKING](HACKING) for development details.
+
 ## Security
 
 - **Encrypted connections**: All traffic is encrypted via SSH