diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..080ae4a --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[support@pinecone.io](mailto:support@pinecone.io). All complaints will be +reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..fa36df7 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,60 @@ +# Contributing + +Thanks for your interest in improving this example! It demonstrates a +content-based article recommender built on Pinecone similarity search, and +contributions that keep it clear, correct, and up to date are very welcome. + +## Prerequisites + +- **Node.js 20 or newer** (CI runs the suite on Node 20 and 22). +- A Pinecone API key from the [Pinecone console](https://app.pinecone.io) if you + want to run the demo end to end. + +## Getting started + +```bash +npm install +``` + +To run the demo scripts you also need Pinecone credentials. Copy the template +and fill in your values: + +```bash +cp .env.example .env +``` + +See the [README](./README.md) for what each variable means and how to download +the dataset. + +## Running the checks + +Please run the same checks CI does before opening a pull request: + +```bash +npm run lint # ESLint +npm run format:check # Prettier (use `npm run format` to auto-fix) +npm run typecheck # tsc --noEmit +npm test # Vitest (unit tests) +``` + +`npm run test:watch` is handy while iterating on tests. + +## Running the demo + +Once your `.env` is configured and the dataset is in place (see the README): + +```bash +npm run index # embed the dataset and upsert into Pinecone +npm run recommend # query for recommendations +``` + +## Opening a pull request + +1. Fork the repo and create a topic branch (`docs/…`, `fix/…`, `chore/…`). +2. Make a focused change and keep the diff small. +3. Ensure all the checks above pass. +4. Open a pull request describing **what** changed and **why**. + +By contributing, you agree that your contributions are licensed under the +project's [MIT License](./LICENSE) and that you will follow our +[Code of Conduct](./CODE_OF_CONDUCT.md). diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..4003254 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +This repository is an **example project** that demonstrates how to build a +content-based recommender on [Pinecone](https://www.pinecone.io/). It is not a +production service, but we still take security seriously and appreciate reports. + +## Reporting a vulnerability + +Please **do not** open a public issue for security problems. + +- For a vulnerability in **this example's code** (for instance, an unsafe + dependency or a flaw in the sample scripts), report it privately through + GitHub's [Report a vulnerability](https://github.com/pinecone-io/recommender-example-typescript/security/advisories/new) + form on the repository's **Security** tab. +- For a vulnerability in the **Pinecone platform or SDK**, email the Pinecone + security team at [security@pinecone.io](mailto:security@pinecone.io). + +Please include enough detail to reproduce the issue (affected file or command, +steps, and expected vs. actual behavior). We will acknowledge your report and +keep you updated on the fix. + +## Supported versions + +This is a demo and is maintained on a best-effort basis; only the latest state +of the `main` branch is supported.