Closes a cluster of community-profile gaps (#248, #249, #251, #252) in one PR rather than four micro-PRs that all touch the same surface area. ### Templates (#251, #252) - .github/ISSUE_TEMPLATE/bug_report.yml — required fields for repro (plugin version, platform, OS, project language, file count); the four pieces of context that are missing from ~every current bug report. - .github/ISSUE_TEMPLATE/feature_request.yml — leads with the *problem* rather than the proposed solution, which keeps maintainer review focused on whether to solve, not just how. - .github/ISSUE_TEMPLATE/question.yml — separate from bug to keep the bug queue triagable. - .github/ISSUE_TEMPLATE/config.yml — disables blank issues and routes general discussion to README + Discussions. - .github/PULL_REQUEST_TEMPLATE.md — includes the version-bump checklist that CLAUDE.md says must stay in sync across 5 manifests; otherwise every contributor learns this rule by getting their PR bounced. ### Community files - CODE_OF_CONDUCT.md — short, project-specific document that names the expectations and reporting path. Not a verbatim Contributor Covenant to keep it readable. - SECURITY.md — describes the project's local-only threat model explicitly so reporters know what's in / out of scope before they spend time on a writeup. Points at GitHub private vulnerability reporting as the primary channel. ### CI (#249) - ci.yml now also runs on pushes to main, not only PRs. Without this, a direct push to main (which happens when maintainers merge a PR branch locally) doesn't trigger CI, so a regression can land green- looking and stay broken for days. - Added a concurrency group that cancels stale runs for the same ref. Saves runner minutes and keeps the per-ref status meaningful. - Used `github.ref` (a controlled value), not user-controlled input, so no script-injection surface. ### package.json (#248) - Added description, license, repository, bugs, homepage, keywords — the standard set for npm package discoverability and so GitHub's community-profile check shows the project at 100%.
1.5 KiB
Code of Conduct
We want this project to be a welcoming place for everyone who wants to contribute, learn, or use it — regardless of experience level, background, or identity.
In short
- Be respectful. Treat others the way you'd want to be treated.
- Assume good intent. Most disagreements are misunderstandings.
- Be constructive. Critique ideas, not people. Suggest improvements.
- Keep it on-topic. This project is about understanding codebases.
What's not OK
- Personal attacks, insults, or sustained disruption of discussions.
- Posting someone's private information without their explicit permission.
- Repeatedly ignoring requests from maintainers to change behavior.
Reporting
If you see behavior that violates this code, please open a private email to the maintainer listed in the repository profile, or use GitHub's private vulnerability / abuse reporting.
Maintainers will review reports and take whatever action they think is appropriate — typically a private warning, sometimes a temporary or permanent ban from the project. Reports will be kept confidential.
Scope
This code applies in all project spaces: issues, pull requests, discussions, commits, and any other project-affiliated channel.
This document is intentionally short. It's based on the spirit of the Contributor Covenant without reproducing it verbatim.