Files
Tirth Kanani aef940fcde chore(repo): add issue/PR templates, SECURITY.md, CoC, package metadata; widen CI triggers
Closes a cluster of community-profile gaps (#248, #249, #251, #252) in one
PR rather than four micro-PRs that all touch the same surface area.

### Templates (#251, #252)

- .github/ISSUE_TEMPLATE/bug_report.yml — required fields for repro
  (plugin version, platform, OS, project language, file count); the four
  pieces of context that are missing from ~every current bug report.
- .github/ISSUE_TEMPLATE/feature_request.yml — leads with the *problem*
  rather than the proposed solution, which keeps maintainer review focused
  on whether to solve, not just how.
- .github/ISSUE_TEMPLATE/question.yml — separate from bug to keep the
  bug queue triagable.
- .github/ISSUE_TEMPLATE/config.yml — disables blank issues and routes
  general discussion to README + Discussions.
- .github/PULL_REQUEST_TEMPLATE.md — includes the version-bump checklist
  that CLAUDE.md says must stay in sync across 5 manifests; otherwise
  every contributor learns this rule by getting their PR bounced.

### Community files

- CODE_OF_CONDUCT.md — short, project-specific document that names the
  expectations and reporting path. Not a verbatim Contributor Covenant
  to keep it readable.
- SECURITY.md — describes the project's local-only threat model
  explicitly so reporters know what's in / out of scope before they
  spend time on a writeup. Points at GitHub private vulnerability
  reporting as the primary channel.

### CI (#249)

- ci.yml now also runs on pushes to main, not only PRs. Without this,
  a direct push to main (which happens when maintainers merge a PR
  branch locally) doesn't trigger CI, so a regression can land green-
  looking and stay broken for days.
- Added a concurrency group that cancels stale runs for the same ref.
  Saves runner minutes and keeps the per-ref status meaningful.
- Used `github.ref` (a controlled value), not user-controlled input,
  so no script-injection surface.

### package.json (#248)

- Added description, license, repository, bugs, homepage, keywords —
  the standard set for npm package discoverability and so GitHub's
  community-profile check shows the project at 100%.
2026-05-31 21:29:13 +01:00

35 lines
1.1 KiB
YAML

name: Feature request
description: Suggest an idea or improvement
title: "feat: "
labels: ["enhancement"]
body:
- type: textarea
id: problem
attributes:
label: What problem are you trying to solve?
description: Describe the user pain or workflow gap. Concrete examples help more than abstract framing.
placeholder: |
When onboarding new engineers to our 8k-file Go monorepo, they spend
days finding the auth boundary. /understand finds the files but the
dashboard doesn't visually separate "trusted" from "untrusted" zones.
validations:
required: true
- type: textarea
id: proposal
attributes:
label: Proposed solution (optional)
description: If you have an idea for what the feature should look like, share it. Skip if you'd rather just describe the problem.
- type: textarea
id: alternatives
attributes:
label: Alternatives you've considered
description: Other tools, workarounds, or approaches you've tried.
- type: input
id: scope
attributes:
label: Which part of the project?
placeholder: "skill / dashboard / core / agents / all"