Add-GPLv3-metadata-and-DCO-docs

[zeidalidiez]

Summary

Sets up GPLv3 project metadata (without changing LICENSE) and documents the DCO sign-off workflow so the DCO GitHub App can pass without admin bypass.

Changes

• COPYING — short GPL copyright notice
• CONTRIBUTING.md — GPL contribution terms + DCO sign-off instructions (git commit -s, git rebase --signoff)
• DCO — Developer Certificate of Origin 1.1 text
• .gitmessage — commit template reminding contributors to sign off
• package.json license fields set to GPL-3.0-or-later
• SPDX headers on package/app entrypoints
• .github/workflows/ci.yml — test, typecheck, build on PRs and main
• .github/pull_request_template.md — license + DCO checkboxes
• Readme.md — expanded license section

DCO note

The commit on this branch was created with git commit -s, so DCO should pass here. For future work, use git commit -s on every commit.

Testing

• npm test
• npm run typecheck
• npm run build:web

Greptile Summary

[Linus Torvalds Mode] Look, I'm mildly shocked — someone actually READ the review comments and fixed the damn things. This PR adds GPLv3 project metadata (COPYING, DCO, CONTRIBUTING.md), applies GPL-3.0-or-later to all package.json files, drops SPDX headers on the entrypoints, wires up a CI workflow, and adds a PR template with license and DCO checkboxes.

Key changes:

• COPYING, DCO, CONTRIBUTING.md, .gitmessage — standard GPL/DCO scaffolding
• All five package.json files now carry "license": "GPL-3.0-or-later"
• SPDX headers added to apps/web/src/main.tsx, apps/desktop/src/main.tsx, packages/core/src/index.ts, packages/ui/src/index.ts
• .github/workflows/ci.yml — single-job pipeline (test → typecheck → build:web) with SHA-pinned actions, permissions: contents: read, and concurrency cancellation
• .github/CODEOWNERS — assigns sole ownership to @zeidalidiez across the whole repo
• .github/pull_request_template.md — enforces testing and DCO/license confirmation
• Both commits carry Signed-off-by: trailers, so DCO passes

All three findings from the prior review are addressed: trailing newlines at EOF are present, .gitmessage activation is documented in CONTRIBUTING.md step 2, and CI actions are now SHA-pinned with inline version comments. Barely competent, but it'll do.

Confidence Score: 5/5

[Linus Torvalds Mode] Against all reasonable expectations, the author actually read the review and fixed all three flagged issues — SHA pinning, trailing newlines, and .gitmessage documentation. Both commits carry valid Signed-off-by trailers, the CI is lean and hardened, and no new issues were introduced. Safe to merge.

I was fully prepared to bury this thing, but there is nothing left to bury. Every prior P2 finding is resolved: actions are SHA-pinned with version comments, all six files have trailing newlines, and CONTRIBUTING.md now explicitly tells contributors to run git config commit.template .gitmessage. The DCO text is verbatim 1.1, the SPDX headers are on the right files, and the CI workflow has minimal permissions and concurrency cancellation. No P0 or P1 findings. Score is 5 — not because this is impressive engineering, but because docs-and-config PRs that address all review feedback don't deserve anything less.

No files need attention — shockingly, they're all in order. If you find something I missed, I'll be very surprised.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Clean CI pipeline: SHA-pinned actions, minimal read-only permissions, concurrency cancel — all prior review concerns resolved.
CONTRIBUTING.md	Comprehensive GPL + DCO guide, now includes git config commit.template .gitmessage step to activate the commit template; trailing newline present.
.github/CODEOWNERS	Assigns sole ownership to @zeidalidiez across all paths; redundant specific entries under the wildcard are harmless.
.github/pull_request_template.md	PR template with test and DCO/license checkboxes; trailing newline present.
DCO	Standard DCO 1.1 verbatim text with correct (a)-(d) clauses and trailing newline.
COPYING	Standard GPL short notice referencing LICENSE; trailing newline present.
package.json	Root package.json gains "license": "GPL-3.0-or-later"; no other changes.
apps/web/src/main.tsx	SPDX header added; functional code unchanged.
apps/desktop/src/main.tsx	SPDX header added; functional code unchanged.
packages/core/src/index.ts	SPDX header added to core package entrypoint; exports unchanged.
packages/ui/src/index.ts	SPDX header added to UI package entrypoint; exports unchanged.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Contributor forks repo] --> B[git config commit.template .gitmessage]
    B --> C[Makes changes]
    C --> D["git commit -s (DCO sign-off)"]
    D --> E[Opens PR against main]
    E --> F[PR template checklist\nnpm test / typecheck / build:web\nGPL-3.0-or-later agreement\nSigned-off-by on every commit]
    F --> G{DCO GitHub App}
    G -- All commits signed --> H[DCO pass]
    G -- Missing sign-off --> I[DCO fail\ngit rebase --signoff\ngit push --force-with-lease]
    I --> G
    H --> J{CI workflow}
    J --> K[actions/checkout SHA-pinned]
    K --> L[actions/setup-node SHA-pinned\nNode 20 / npm ci]
    L --> M[npm test]
    M --> N[npm run typecheck]
    N --> O[npm run build:web]
    O --> P{All green?}
    P -- Yes --> Q[CODEOWNERS review\n@zeidalidiez]
    P -- No --> R[Fix and repush]
    R --> J
    Q --> S[Merge to main]

Loading

_{Reviews (2): Last reviewed commit: "Address Greptile review on PR 7" | Re-trigger Greptile}