diff --git a/.bumpversion.toml b/.bumpversion.toml
index 889868d..d5b17d7 100644
--- a/.bumpversion.toml
+++ b/.bumpversion.toml
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 [tool.bumpversion]
-current_version = "1.4.0"
+current_version = "2.0.0"
 parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<patch>\\d+)"
 serialize = ["{major}.{minor}.{patch}"]
 
@@ -23,4 +23,4 @@ regex = true
 # bump-my-version does NOT manage these files; they are listed here for discoverability.
 # ---------------------------------------------------------------------------
 [tool.bumpversion.custom_variables.core_version]
-current = "0.11.0"
+current = "0.13.0"
diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
index 4a73f20..ef31134 100644
--- a/.github/workflows/compliance.yml
+++ b/.github/workflows/compliance.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Validate PR Title
-        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+        uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bf59dde..17a3a69 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/security-posture.yml b/.github/workflows/security-posture.yml
index be4ba39..477954c 100644
--- a/.github/workflows/security-posture.yml
+++ b/.github/workflows/security-posture.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Check for SECURITY.md
         run: |
diff --git a/.github/workflows/self-check.yml b/.github/workflows/self-check.yml
index 7d2ab2b..91593d0 100644
--- a/.github/workflows/self-check.yml
+++ b/.github/workflows/self-check.yml
@@ -37,7 +37,7 @@ jobs:
     # Local and CI run identical 'just check' invocations.
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Determine Zenzic Core Branch (Parity or Fallback)
         id: resolve-branch
@@ -106,7 +106,7 @@ jobs:
           fi
 
       - name: Checkout local zenzic (unreleased)
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           repository: PythonWoods/zenzic
           ref: ${{ steps.resolve-branch.outputs.core_ref }}
diff --git a/.gitignore b/.gitignore
index 810aefb..0f4b279 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,3 +68,7 @@ mutmut*
 # AI Agent Private Memory
 .clinerules
 .github/agents/
+
+# AI Agents Configuration
+.github/agents/
+.clinerules
diff --git a/.zenzic.toml b/.zenzic.toml
index 13a0e32..a796210 100644
--- a/.zenzic.toml
+++ b/.zenzic.toml
@@ -51,6 +51,15 @@ excluded_dirs = [
     "LICENSES",
     "_zenzic_core",  # CI checkout of sibling core repo — not action documentation
 ]
+# excluded_file_patterns = ["*.tmp", "*.log"]
+# excluded_assets = ["favicon.ico"]
+# excluded_asset_dirs = ["theme/"]
+# excluded_build_artifacts = ["pdf/*.pdf"]
+# included_dirs = []
+# included_file_patterns = []
+
+# --- PLUGINS (Optional) ---
+# plugins = []
 
 # --- PLACEHOLDERS & CODE SNIPPETS (Optional) ---
 placeholder_patterns = []
@@ -117,18 +126,7 @@ brand_obsolescence = [
 # Governance Playbook:
 # https://zenzic.dev/developers/how-to/release-governance-protocol
 
-# --- EXCLUSION ZONES (Full bypass — use sparingly) ---
-# Paths listed here are INVISIBLE to Zenzic: no findings, no audit trail.
-# Prefer [governance.per_file_ignores] for targeted suppression with an audit trail.
-# excluded_file_patterns = ["*.tmp", "*.log"]
-# excluded_assets = ["favicon.ico"]
-# excluded_asset_dirs = ["theme/"]
-# excluded_build_artifacts = ["pdf/*.pdf"]
-# included_dirs = []
-# included_file_patterns = []
 
-# --- PLUGINS (Optional) ---
-# plugins = []
 
 # --- CUSTOM RULES (Optional) ---
 # Declares project-specific regex-based lint rules applied line-by-line.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b438446..86a1e01 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,9 +7,16 @@ All notable changes to zenzic-action are documented in this file. The project ad
 
 ---
 
-## [Unreleased]
+## [2.0.0] - Unreleased
 
-No changes yet.
+### Changed (Breaking)
+
+- **Dropped Docusaurus Support**: Upgraded the pinned Zenzic Core to `v0.13.0`, which surgically eradicates the Docusaurus adapter due to ontological incompatibility (React-injected IDs and MDX partial merging). Projects still relying on Docusaurus MUST remain on the `v1` floating tag (`v1.3.x`).
+- **Major Version Bump**: The action major version is bumped to `v2` to prevent breaking existing Docusaurus consumers tracking `v1`.
+
+### Fixed
+
+- **Config Templates**: Enforced "Root-First, Table-Last" structure in `.zenzic.toml` and `.zenzic.local.toml` templates to prevent TOML root keys from being silently swallowed by preceding table declarations.
 
 ---
 
diff --git a/README.md b/README.md
index c281a7b..cffaf41 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ The minimal configuration — zero Python setup, SARIF to Code Scanning in one s
 - name: Run Zenzic Documentation Quality Gate
   uses: PythonWoods/zenzic-action@v1
   with:
-    version: "0.11.0"
+    version: "0.13.0"
     format: sarif
     upload-sarif: "true"
   permissions:
@@ -94,7 +94,7 @@ Fail-closed rule:
 
 | Input | Default | Description |
 |---|---|---|
-| `version` | `0.11.0` | Zenzic version to install. Pin to a specific release for reproducible CI. Set `latest` for continuous evaluation. |
+| `version` | `0.13.0` | Zenzic version to install. Pin to a specific release for reproducible CI. Set `latest` for continuous evaluation. |
 | `format` | `sarif` | Output format: `text`, `json`, or `sarif`. |
 | `sarif-file` | `zenzic-results.sarif` | SARIF output path (when `format: sarif`). Must be a **relative** path inside the workspace. |
 | `upload-sarif` | `true` | Upload SARIF to GitHub Code Scanning. |
diff --git a/action.yml b/action.yml
index 9dcb9b8..24113ed 100644
--- a/action.yml
+++ b/action.yml
@@ -16,7 +16,7 @@ inputs:
   version:
     description: "Zenzic version to use. Defaults to latest stable."
     required: false
-    default: "0.11.0" # x-zenzic-core-pin
+    default: "0.13.0" # x-zenzic-core-pin
   format:
     description: "Output format: 'text', 'json', or 'sarif'."
     required: false
diff --git a/package.json b/package.json
index 07660a6..d0f570b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenzic-action",
-  "version": "1.4.0",
+  "version": "2.0.0",
   "private": true,
   "description": "Official GitHub Action for Zenzic — Documentation Quality Gate",
   "license": "Apache-2.0",