Skip to content

chore: add CONTRIBUTING.md, SECURITY.md, and PR template#8

Merged
OussemaFr merged 1 commit into
mainfrom
chore/contributing-security-pr-template
Jun 22, 2026
Merged

chore: add CONTRIBUTING.md, SECURITY.md, and PR template#8
OussemaFr merged 1 commit into
mainfrom
chore/contributing-security-pr-template

Conversation

@OussemaFr

@OussemaFr OussemaFr commented Jun 22, 2026

Copy link
Copy Markdown
Member

Summary

Three standard OSS files to harden the project surface as the SDK starts getting real downloads. None change code or behaviour.

Files added

`CONTRIBUTING.md`

  • Setup instructions (`pip install -e ".[dev]"`)
  • Local verification commands (ruff, mypy, pytest)
  • Optional smoke-test instructions (with token via env var)
  • PR conventions — branch naming, commit format, squash-merge
  • Scope: what's in (bug fixes, doc improvements, new endpoint wrappers), what's not (new social platforms)
  • Bug-reporting checklist with `request_id` capture
  • Pointer to SECURITY.md for security issues

`SECURITY.md`

GitHub uses this file to populate the repo's Security tab.

  • Supported versions: `0.1.x` only (latest minor line)
  • How to report: `[email protected]`, not a public issue
  • SLA: acknowledgement within 72h, initial assessment within 7 days, patched release for critical issues within a week
  • Out-of-scope items so we don't waste reporter time

`.github/PULL_REQUEST_TEMPLATE.md`

Pre-fills new PR descriptions with a Summary / Test plan / Checklist structure. Reminds contributors to:

  • Run `ruff check . / ruff format --check . / mypy / pytest`
  • Re-run the smoke test for typed-model changes
  • Update `CHANGELOG.md` under `## [Unreleased]` for user-visible changes

Lightweight, no enforcement — just a checklist humans can ignore if irrelevant.

What does NOT change

  • Zero SDK code modified
  • Zero test changes
  • Zero workflow changes
  • README untouched (CONTRIBUTING + SECURITY are linked from there separately in a follow-up if you want)

Test plan

  • All three files render correctly on GitHub
  • SECURITY.md triggers GitHub's Security tab on the repo page
  • PR template auto-loads next time someone opens a PR (verify by opening any small follow-up PR)

@OussemaFr
chore: add CONTRIBUTING.md, SECURITY.md, and PR template
714210e 
Three standard OSS files to harden the project surface as the SDK
starts getting real downloads:

CONTRIBUTING.md
  Setup (pip install -e .[dev]), how to run lint/types/tests,
  optional smoke test against a real token, branch / commit / PR
  conventions, bug-reporting checklist, release process. Calls
  out what's in scope (bug fixes, doc improvements, new endpoint
  wrappers) vs not (adding a brand-new social platform — backend
  work first).

SECURITY.md
  GitHub uses this to populate the repo's Security tab. Documents
  supported versions (0.1.x only), how to report vulnerabilities
  ([email protected], not a public issue), our SLA (ack in 72h,
  initial assessment in 7 days), and what's out of scope (rate
  limits, public-by-design data exposure, etc.).

.github/PULL_REQUEST_TEMPLATE.md
  Pre-fills new PR descriptions with a Summary / Test plan /
  Checklist structure. Asks contributors to confirm ruff + mypy +
  pytest pass, smoke test re-run for typed-model methods,
  CHANGELOG updated. Lightweight, no enforcement.

None of these change any code, tests, or behaviour — purely
documentation + governance scaffolding. Ruff and the test suite
are unaffected.
@OussemaFr OussemaFr merged commit 77004b1 into main Jun 22, 2026
6 checks passed
@OussemaFr OussemaFr deleted the chore/contributing-security-pr-template branch June 22, 2026 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OussemaFr