From ec83863952b1edb5c2068b9821bc81a2dcb6b2c1 Mon Sep 17 00:00:00 2001 From: Claude Agent Date: Mon, 25 May 2026 00:28:52 +0000 Subject: [PATCH] docs(community): add CODE_OF_CONDUCT, issue templates, and PR template MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improves the GitHub Community Standards profile for the repository: - CODE_OF_CONDUCT.md — Contributor Covenant v2.1, pointing security reports to SECURITY.md and conduct reports to GitHub's report-content flow (no private email exposed beyond what is already public). - .github/ISSUE_TEMPLATE/config.yml — disables blank issues; links to the security policy, Discussions, and SPEC.md. - .github/ISSUE_TEMPLATE/bug_report.yml — structured bug report with component, version, repro, and secret-redaction confirmations. - .github/ISSUE_TEMPLATE/feature_request.yml — non-normative enhancements; explicitly defers spec/schema/vector changes to the RFC template. - .github/ISSUE_TEMPLATE/spec_rfc.yml — normative changes with motivation, compatibility impact, security considerations, and migration story. - .github/pull_request_template.md — checklist for scope, schema/SDK/ vector impact, tests, security/secret scan, and governance reminders (no publish, no version bump, no locked-file edits out of scope). Docs/community only. No spec, schema, SDK, vector, registry, package version, CI workflow, or release artefact changes. Co-Authored-By: Claude Opus 4.7 --- .github/ISSUE_TEMPLATE/bug_report.yml | 98 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 11 +++ .github/ISSUE_TEMPLATE/feature_request.yml | 59 +++++++++++++ .github/ISSUE_TEMPLATE/spec_rfc.yml | 85 +++++++++++++++++++ .github/pull_request_template.md | 60 +++++++++++++ CODE_OF_CONDUCT.md | 86 +++++++++++++++++++ 6 files changed, 399 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/ISSUE_TEMPLATE/spec_rfc.yml create mode 100644 .github/pull_request_template.md create mode 100644 CODE_OF_CONDUCT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..61e494c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,98 @@ +name: Bug report +description: Report incorrect behaviour in a reference implementation, test vector failure, or other defect. +title: "[bug] " +labels: ["bug", "triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to file a bug report. + + **Before submitting:** + - Search [existing issues](https://github.com/Davincc77/klickdskill/issues) to avoid duplicates. + - For **security vulnerabilities**, do NOT use this form — see [`SECURITY.md`](https://github.com/Davincc77/klickdskill/blob/main/SECURITY.md). + + - type: textarea + id: summary + attributes: + label: Summary + description: A clear, concise description of the bug. + validations: + required: true + + - type: dropdown + id: component + attributes: + label: Affected component + multiple: true + options: + - Specification (SPEC.md / SPEC_v30.md) + - JSON schemas + - Python SDK + - TypeScript SDK + - Test vectors + - Migrator (v3.x → v4) + - Registry + - Documentation + - CI / workflows + - Other + validations: + required: true + + - type: input + id: version + attributes: + label: Version / commit + description: Spec version, package version, or git commit SHA where the bug was observed. + placeholder: "e.g. v4.0.0-preview, commit 76a2ff4" + validations: + required: true + + - type: textarea + id: reproduction + attributes: + label: Reproduction steps + description: Minimal, deterministic steps to reproduce. Include code snippets, sample payloads (redact secrets), or commands. + placeholder: | + 1. ... + 2. ... + 3. ... + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected behaviour + validations: + required: true + + - type: textarea + id: actual + attributes: + label: Actual behaviour + description: Include error messages, stack traces, or vector diffs. Redact any passphrases or private keys. + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment + description: OS, runtime version (Node / Python), and any relevant tooling. + placeholder: | + - OS: + - Runtime: + - Package version: + + - type: checkboxes + id: confirmations + attributes: + label: Confirmations + options: + - label: I have searched existing issues and this is not a duplicate. + required: true + - label: This is not a security vulnerability (security reports follow `SECURITY.md`). + required: true + - label: I have redacted any secrets, passphrases, or personal data from the report. + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..42598b2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,11 @@ +blank_issues_enabled: false +contact_links: + - name: Security vulnerability (private disclosure) + url: https://github.com/Davincc77/klickdskill/security/policy + about: Do NOT open a public issue for security vulnerabilities. See SECURITY.md for the private disclosure process. + - name: Questions and discussion + url: https://github.com/Davincc77/klickdskill/discussions + about: For open-ended questions, design discussion, or help, please use GitHub Discussions. + - name: Specification (SPEC.md) + url: https://github.com/Davincc77/klickdskill/blob/main/SPEC.md + about: Read the .klickd specification before filing spec-related issues. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..4d5e7d6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,59 @@ +name: Feature request +description: Suggest a non-normative enhancement (tooling, documentation, ergonomics). For spec changes, use the "Spec change / RFC" template. +title: "[feature] " +labels: ["enhancement", "triage"] +body: + - type: markdown + attributes: + value: | + Use this template for SDK ergonomics, tooling, documentation, or workflow improvements. + + For **normative changes to the `.klickd` specification, schemas, or wire format**, please use the **Spec change / RFC** template instead. + + - type: textarea + id: problem + attributes: + label: Problem / motivation + description: What problem does this solve? Who is affected? + validations: + required: true + + - type: textarea + id: proposal + attributes: + label: Proposed solution + description: Describe the change you would like to see. Include API sketches or example code where applicable. + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + description: Other approaches you have considered, and why they were not selected. + + - type: dropdown + id: component + attributes: + label: Affected component + multiple: true + options: + - Python SDK + - TypeScript SDK + - Migrator + - Registry + - Documentation + - CI / workflows + - Other + validations: + required: true + + - type: checkboxes + id: scope + attributes: + label: Scope confirmation + options: + - label: This proposal does NOT change the `.klickd` wire format, JSON schemas, or test vectors. (If it does, use the Spec change / RFC template.) + required: true + - label: I have searched existing issues and this is not a duplicate. + required: true diff --git a/.github/ISSUE_TEMPLATE/spec_rfc.yml b/.github/ISSUE_TEMPLATE/spec_rfc.yml new file mode 100644 index 0000000..c1c64cc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/spec_rfc.yml @@ -0,0 +1,85 @@ +name: Spec change / RFC +description: Propose a normative change to the .klickd specification, JSON schemas, test vectors, or wire format. +title: "[rfc] " +labels: ["spec", "rfc", "triage"] +body: + - type: markdown + attributes: + value: | + Use this template for any proposal that affects: + + - The `.klickd` wire format + - Normative requirements in `SPEC.md` / `SPEC_v30.md` + - JSON schemas under `schema/` + - Test vectors under `vectors/` + - Cryptographic defaults (KDF, cipher, AAD coverage) + + Breaking changes require a major version bump and a coexistence / migration story. See `CONTRIBUTING.md`. + + - type: textarea + id: summary + attributes: + label: Summary + description: One-paragraph summary of the proposed change. + validations: + required: true + + - type: textarea + id: motivation + attributes: + label: Motivation + description: Why is this change needed? What problem does it solve that cannot be solved without a normative change? + validations: + required: true + + - type: textarea + id: proposal + attributes: + label: Detailed proposal + description: Specify the change precisely — new fields, modified validation rules, schema diffs, vector additions, etc. + validations: + required: true + + - type: dropdown + id: impact + attributes: + label: Compatibility impact + options: + - Additive (backward compatible, no version bump) + - Minor (backward compatible, minor version bump) + - Breaking (requires major version bump and migration path) + validations: + required: true + + - type: textarea + id: security + attributes: + label: Security considerations + description: Cryptographic implications, threat-model impact, AAD coverage, downgrade resistance. + validations: + required: true + + - type: textarea + id: migration + attributes: + label: Migration / coexistence story + description: For breaking changes, describe how implementations and existing payloads transition. Reference the migrator if applicable. + + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + validations: + required: true + + - type: checkboxes + id: confirmations + attributes: + label: Confirmations + options: + - label: I have read `CONTRIBUTING.md` and the relevant SPEC document. + required: true + - label: This proposal does not weaken cryptographic defaults (Argon2id floors, GCM tag, AAD coverage). + required: true + - label: I understand that normative changes require maintainer review and may require a major version bump. + required: true diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..d42f098 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,60 @@ + + +## Summary + + + +## Scope + +- [ ] Documentation / community files only +- [ ] Reference implementation (Python SDK) +- [ ] Reference implementation (TypeScript SDK) +- [ ] Migrator +- [ ] Registry +- [ ] CI / workflows +- [ ] Specification (`SPEC*.md`) +- [ ] JSON schemas (`schema/`) +- [ ] Test vectors (`vectors/`) + +## Linked issue + + + +## Schema / SDK / vector impact + +- [ ] No change to the `.klickd` wire format +- [ ] No change to JSON schemas +- [ ] No change to test vectors +- [ ] No package version bump +- [ ] If any of the above are checked **off**, this PR links an approved RFC issue and includes a migration / coexistence note below. + + + +## Testing + + + +- [ ] Existing CI passes locally / will pass in CI +- [ ] New tests / vectors added where appropriate +- [ ] N/A — docs-only change + +## Security and secret scan + +- [ ] No secrets, passphrases, private keys, or personal data are included in this diff +- [ ] No cryptographic defaults are weakened (KDF floors, GCM tag, AAD coverage) +- [ ] If this PR touches the threat model or crypto, `SECURITY.md` was reviewed and updated as needed + +## Governance reminders + +- [ ] This PR does **not** publish to npm, PyPI, Zenodo, or any package registry +- [ ] This PR does **not** create a release, tag, or version bump +- [ ] This PR does **not** modify locked governance files outside its declared scope +- [ ] I have read [`CONTRIBUTING.md`](../CONTRIBUTING.md) and agree to the [Code of Conduct](../CODE_OF_CONDUCT.md) + +## Additional notes + + diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..3931fc8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,86 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and maintainers of the `.klickd` project pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility, apologizing to those affected by mistakes, and learning from the experience +- Focusing on what is best for the overall community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information (such as a physical or email address) without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Scope + +This Code of Conduct applies within all community spaces — including the GitHub repository (issues, pull requests, discussions, code review), and any official `.klickd` channels — and also applies when an individual is officially representing the community in public spaces. + +## Enforcement Responsibilities + +Project maintainers are responsible for clarifying and enforcing standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior they deem inappropriate, threatening, offensive, or harmful. + +Maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct. + +## Reporting + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers through one of the following channels: + +- **Conduct concerns** — open a private report via [GitHub's report-content / report-user flow](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam), or contact the maintainers via the channels listed in the project README. +- **Security vulnerabilities** — see [`SECURITY.md`](./SECURITY.md). Do **not** report security issues through public GitHub issues. + +All complaints will be reviewed and investigated promptly and fairly. Maintainers are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Maintainers will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact:** Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence:** A private, written warning from maintainers, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact:** A violation through a single incident or series of actions. + +**Consequence:** A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact:** A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence:** A temporary ban from any sort of interaction or public communication with the community for a specified period of time. + +### 4. Permanent Ban + +**Community Impact:** Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence:** A permanent ban from any sort of public interaction within the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][mozilla]. + +For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][faq]. Translations are available at [https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations