chore(repo): add issue/PR templates, SECURITY.md, CoC, package metadata; widen CI triggers

Closes a cluster of community-profile gaps (#248, #249, #251, #252) in one
PR rather than four micro-PRs that all touch the same surface area.

### Templates (#251, #252)

- .github/ISSUE_TEMPLATE/bug_report.yml — required fields for repro
  (plugin version, platform, OS, project language, file count); the four
  pieces of context that are missing from ~every current bug report.
- .github/ISSUE_TEMPLATE/feature_request.yml — leads with the *problem*
  rather than the proposed solution, which keeps maintainer review focused
  on whether to solve, not just how.
- .github/ISSUE_TEMPLATE/question.yml — separate from bug to keep the
  bug queue triagable.
- .github/ISSUE_TEMPLATE/config.yml — disables blank issues and routes
  general discussion to README + Discussions.
- .github/PULL_REQUEST_TEMPLATE.md — includes the version-bump checklist
  that CLAUDE.md says must stay in sync across 5 manifests; otherwise
  every contributor learns this rule by getting their PR bounced.

### Community files

- CODE_OF_CONDUCT.md — short, project-specific document that names the
  expectations and reporting path. Not a verbatim Contributor Covenant
  to keep it readable.
- SECURITY.md — describes the project's local-only threat model
  explicitly so reporters know what's in / out of scope before they
  spend time on a writeup. Points at GitHub private vulnerability
  reporting as the primary channel.

### CI (#249)

- ci.yml now also runs on pushes to main, not only PRs. Without this,
  a direct push to main (which happens when maintainers merge a PR
  branch locally) doesn't trigger CI, so a regression can land green-
  looking and stay broken for days.
- Added a concurrency group that cancels stale runs for the same ref.
  Saves runner minutes and keeps the per-ref status meaningful.
- Used `github.ref` (a controlled value), not user-controlled input,
  so no script-injection surface.

### package.json (#248)

- Added description, license, repository, bugs, homepage, keywords —
  the standard set for npm package discoverability and so GitHub's
  community-profile check shows the project at 100%.
This commit is contained in:
Tirth Kanani
2026-05-31 21:29:13 +01:00
Unverified
parent 470cc01dc5
commit aef940fcde
9 changed files with 303 additions and 0 deletions
+85
View File
@@ -0,0 +1,85 @@
name: Bug report
description: Report something that isn't working
title: "bug: "
labels: ["bug"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to file a bug. The more concrete you can be,
the faster it gets fixed. If you can include the analyzed project's
primary language and an approximate file count, that's gold.
- type: textarea
id: what-happened
attributes:
label: What happened?
description: What did you do, what did you expect to happen, and what actually happened?
placeholder: |
1. Ran `/understand --full` on a ~3,000 file Rust project
2. Expected: dashboard opens with the graph
3. Got: dashboard shows "Failed to load graph: schema validation error"
validations:
required: true
- type: textarea
id: reproduce
attributes:
label: Minimal reproduction
description: Smallest set of steps (or a link to a public repo) that reproduces the issue.
validations:
required: false
- type: input
id: version
attributes:
label: Plugin version
description: Run `/understand --version` or check `~/.claude/plugins/cache/understand-anything/understand-anything/`.
placeholder: "e.g. 2.7.4"
validations:
required: true
- type: dropdown
id: platform
attributes:
label: Platform / client
multiple: true
options:
- Claude Code (CLI)
- Claude Code (VS Code extension)
- Claude Code (JetBrains)
- Cursor
- GitHub Copilot CLI
- opencode
- Other (please describe in "What happened?")
validations:
required: true
- type: input
id: os
attributes:
label: OS + Node version
placeholder: "e.g. macOS 14.5 (arm64), Node v22.6.0"
validations:
required: true
- type: input
id: project-language
attributes:
label: Primary language of the analyzed project
placeholder: "e.g. TypeScript, Python, Swift…"
- type: input
id: file-count
attributes:
label: Approximate file count of the analyzed project
placeholder: "e.g. ~3,000"
- type: textarea
id: logs
attributes:
label: Relevant logs
description: |
Any console output, the contents of `.understand-anything/intermediate/`
if it still exists, or screenshots of the dashboard error.
render: shell
+8
View File
@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: README & docs
url: https://github.com/Lum1104/Understand-Anything#readme
about: Most usage questions are answered in the project README.
- name: Discussions
url: https://github.com/Lum1104/Understand-Anything/discussions
about: For open-ended discussion, design proposals, or sharing how you use the tool.
@@ -0,0 +1,34 @@
name: Feature request
description: Suggest an idea or improvement
title: "feat: "
labels: ["enhancement"]
body:
- type: textarea
id: problem
attributes:
label: What problem are you trying to solve?
description: Describe the user pain or workflow gap. Concrete examples help more than abstract framing.
placeholder: |
When onboarding new engineers to our 8k-file Go monorepo, they spend
days finding the auth boundary. /understand finds the files but the
dashboard doesn't visually separate "trusted" from "untrusted" zones.
validations:
required: true
- type: textarea
id: proposal
attributes:
label: Proposed solution (optional)
description: If you have an idea for what the feature should look like, share it. Skip if you'd rather just describe the problem.
- type: textarea
id: alternatives
attributes:
label: Alternatives you've considered
description: Other tools, workarounds, or approaches you've tried.
- type: input
id: scope
attributes:
label: Which part of the project?
placeholder: "skill / dashboard / core / agents / all"
+24
View File
@@ -0,0 +1,24 @@
name: Question / usage help
description: Ask a question about how to use the project
title: "question: "
labels: ["question"]
body:
- type: markdown
attributes:
value: |
For general usage questions. If you found a bug, please use the bug
report template instead — it asks for the information needed to
reproduce.
- type: textarea
id: question
attributes:
label: Your question
validations:
required: true
- type: textarea
id: tried
attributes:
label: What have you already tried?
description: Helps avoid suggesting things you've already ruled out.
+26
View File
@@ -0,0 +1,26 @@
## Summary
<!-- One or two sentences on what this PR changes and why. -->
## Linked issue(s)
<!-- e.g. Closes #123, Refs #456. Leave empty if there's no tracking issue. -->
## How I tested this
<!-- Concrete steps. "Ran the test suite" is fine; "Ran /understand on a 3k-file
Swift repo and verified the dashboard shows non-empty edges" is better. -->
- [ ] `pnpm lint`
- [ ] `pnpm --filter @understand-anything/core test`
- [ ] `pnpm test`
- [ ] Manual smoke test (describe above)
## Versioning
<!-- If this PR ships a user-visible behavior change, bump the version in ALL
five manifests per CLAUDE.md. If it's docs/tests/internal-only, leave them
alone and the maintainer will bump on merge. -->
- [ ] Version bumped in all five manifests, OR
- [ ] N/A — internal/docs-only change
+14
View File
@@ -1,7 +1,21 @@
name: CI
on:
# Run on every PR so a contributor's first push gets feedback.
pull_request:
# Also run on direct pushes to main so the "main is green" signal is real.
# Without this, main can silently break for days when someone bypasses
# review. (#249)
push:
branches: [main]
# Cancel any in-flight CI for the same ref when a new commit is pushed —
# saves runner minutes and keeps the latest commit's status the only one
# anyone reads. `github.ref` is a controlled value (refs/heads/* or
# refs/pull/*/merge), not user-controlled input, so it's safe to interpolate.
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
ci: