charles/koinos
1
0
Fork 0
Code Issues 19 Pull requests 3 Projects Releases Packages Wiki Activity Actions

chore(meta): add CoC, CONTRIBUTING, SECURITY, justfile, editorconfig #21

Merged
charles merged 1 commit from feat/repo-scaffold into main 2026-04-14 20:55:06 +00:00
Conversation 0 Commits 1 Files changed 6 +361
claude-desktop commented 2026-04-14 20:53:39 +00:00
Collaborator
Copy link

Summary

Baseline repository hygiene so contributors can onboard cleanly.

Closes #1.

Changes

  • CODE_OF_CONDUCT.md — Contributor Covenant 2.1 (verbatim from upstream).
  • CONTRIBUTING.md — branching model, commit convention (Conventional Commits + DCO sign-off), SPDX header policy, test contract, PR workflow.
  • SECURITY.md — 90-day embargo, disclosure scope, hardening pointer.
  • .editorconfig — project-wide defaults (LF, UTF-8, trailing newline, Rust 4-space).
  • justfile — implements the user's CI contract recipes (ci-setup, qa, ci-build, ci-package) as stubs + dev-up / dev-down wrappers for the Compose deployment (gated until #2 lands) + a spec-check helper.
  • spec/LICENSE-CC-BY-SA-4.0 — note that the spec directory is CC-BY-SA while code is AGPLv3.

Acceptance criteria (from #1)

Licensing

  • LICENSE file contains AGPLv3 text (already in initial commit).
  • spec/ carries a CC-BY-SA-4.0 note.
  • SPDX header policy documented in CONTRIBUTING.md.

Project meta

  • CODE_OF_CONDUCT.md — Contributor Covenant 2.1.
  • CONTRIBUTING.md — issues, PRs, Conventional Commits, DCO.
  • SECURITY.md — 90-day default.
  • .editorconfig.

Justfile

  • ci-setup, qa, ci-build, ci-package stubs per convention.
  • just dev-up / just dev-down wrappers (gated until #2 lands).

Test plan

  • just --list parses and shows every recipe.
  • just dev-up without a compose file prints a helpful error pointing to #2.
  • CI pipeline does not exist yet (chore tracked separately).

Notes

The CoC is the upstream Contributor Covenant 2.1 fetched verbatim — not regenerated — to avoid drift from the canonical text.

## Summary Baseline repository hygiene so contributors can onboard cleanly. Closes #1. ## Changes - **CODE_OF_CONDUCT.md** — Contributor Covenant 2.1 (verbatim from upstream). - **CONTRIBUTING.md** — branching model, commit convention (Conventional Commits + DCO sign-off), SPDX header policy, test contract, PR workflow. - **SECURITY.md** — 90-day embargo, disclosure scope, hardening pointer. - **.editorconfig** — project-wide defaults (LF, UTF-8, trailing newline, Rust 4-space). - **justfile** — implements the user's CI contract recipes (`ci-setup`, `qa`, `ci-build`, `ci-package`) as stubs + `dev-up` / `dev-down` wrappers for the Compose deployment (gated until #2 lands) + a `spec-check` helper. - **spec/LICENSE-CC-BY-SA-4.0** — note that the spec directory is CC-BY-SA while code is AGPLv3. ## Acceptance criteria (from #1) ### Licensing - [x] `LICENSE` file contains AGPLv3 text (already in initial commit). - [x] `spec/` carries a CC-BY-SA-4.0 note. - [x] SPDX header policy documented in `CONTRIBUTING.md`. ### Project meta - [x] `CODE_OF_CONDUCT.md` — Contributor Covenant 2.1. - [x] `CONTRIBUTING.md` — issues, PRs, Conventional Commits, DCO. - [x] `SECURITY.md` — 90-day default. - [x] `.editorconfig`. ### Justfile - [x] `ci-setup`, `qa`, `ci-build`, `ci-package` stubs per convention. - [x] `just dev-up` / `just dev-down` wrappers (gated until #2 lands). ## Test plan - [x] `just --list` parses and shows every recipe. - [x] `just dev-up` without a compose file prints a helpful error pointing to #2. - [ ] CI pipeline does not exist yet (chore tracked separately). ## Notes The CoC is the upstream Contributor Covenant 2.1 fetched verbatim — not regenerated — to avoid drift from the canonical text. 
Baseline repository hygiene so contributors can onboard cleanly.

- Contributor Covenant 2.1 as CODE_OF_CONDUCT.md
- CONTRIBUTING.md with branching, commit, SPDX, and test conventions
- SECURITY.md with 90-day embargo and scope
- .editorconfig with project-wide defaults
- justfile implementing the user's CI contract (ci-setup/qa/ci-build/
  ci-package) and dev-up/dev-down helpers
- spec/LICENSE-CC-BY-SA-4.0 note for specification text

Closes #1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Claude Desktop <claude-desktop@jacquin.app>
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
area:agents
Agent types, pool, config

  
area:backend
Koinos Rust backend (axum)

  
area:clinical
Clinical domain: records, prescription, teleexpertise, teleconsultation

  
area:dashboard
Dashboard UI + observability

  
area:deploy
Compose, CI, operator tooling

  
area:design
UI/UX mockups — routes to designer

  
area:design-review
Design review — routes to design-reviewer

  
area:devices
Device Gateway and connectors

  
area:docs
Documentation, IG, operator manual

  
area:federation
Matrix, FHIR cross-instance, ActivityPub

  
area:identity
Zitadel, LLDAP, PSC, FranceConnect+

  
area:infra
Deployment, isolation, containers

  
area:interop
FHIR profiles, DMP, MSSanté, INSi, Carte Vitale, DICOM

  
area:meta
Governance, project-wide chores

  
area:security
Security review

  
area:sessions
Session store, SDK resume

  
area:web
SvelteKit web client

  
area:webhook
Webhook routing + handlers

  
area:workdir
Clone cache, worktrees, git identity

  
type:bug
Defect

  
type:chore
Maintenance, tooling, infra

  
type:epic
Large scope spanning multiple user stories

  
type:meta
Tracking / decisions, not implementation

  
type:user-story
User-facing story with acceptance criteria

No labels
area:agents
area:backend
area:clinical
area:dashboard
area:deploy
area:design
area:design-review
area:devices
area:docs
area:federation
area:identity
area:infra
area:interop
area:meta
area:security
area:sessions
area:web
area:webhook
area:workdir
type:bug
type:chore
type:epic
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/koinos!21
No description provided.