gortium/openconcho
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add OSS community health files

Browse Source 
- CONTRIBUTING.md: contributor onboarding, conventional commit rules, local setup
- CODE_OF_CONDUCT.md: adopts Contributor Covenant 2.1 by reference
- SECURITY.md: vulnerability reporting via GitHub private advisories, scope boundaries
- .github/ISSUE_TEMPLATE/config.yml: disables blank issues, links to discussions and Honcho upstream

Lifts the GitHub community profile score from 57% toward 100%.
This commit is contained in:
Offending Commit
2026-05-01 09:57:57 -05:00
parent 2349a1d41d
commit 3fa4d599fe
4 changed files with 120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Honcho upstream issues
url: https://github.com/plastic-labs/honcho/issues
about: Bugs in the Honcho server itself, not the OpenConcho UI.
- name: Question or discussion
url: https://github.com/offendingcommit/openconcho/discussions
about: General questions, ideas, or design discussion.

13
CODE_OF_CONDUCT.md Normal file
View File

@@ -0,0 +1,13 @@
# Code of Conduct
This project adopts the [Contributor Covenant, version 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) as its code of conduct.
The full text is available at the link above.
## Reporting
Report violations to the maintainer at the email address listed on the [GitHub profile of @offendingcommit](https://github.com/offendingcommit). All reports are reviewed and investigated promptly and fairly.
## Scope
This Code of Conduct applies within all project spaces — issues, pull requests, discussions, and any other public or private channel where you represent the project.

63
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,63 @@
# Contributing to OpenConcho
Thanks for your interest in helping out. This is a small, focused project — please read this before opening a PR.
## Ground rules
- **Open an issue first** for anything beyond a small fix. Discussion saves wasted work.
- **Conventional commits** are required (`feat:`, `fix:`, `docs:`, `refactor:`, `test:`, `chore:`). They drive [semantic-release](https://semantic-release.gitbook.io/).
- **One logical change per PR.** Easier to review, easier to revert.
## Local setup
```bash
git clone https://github.com/offendingcommit/openconcho.git
cd openconcho
pnpm install
pnpm dev # web dev server at http://localhost:5173
```
For desktop work:
```bash
pnpm --filter @openconcho/desktop dev
```
## Before opening a PR
```bash
pnpm lint # Biome lint
pnpm typecheck # tsc --noEmit
pnpm test # Vitest
pnpm build # full build
```
All four must pass. CI will block the merge otherwise.
## Coding standards
The full standards live in [`.claude/rules/coding-standards.md`](.claude/rules/coding-standards.md). The short version:
- TypeScript strict mode; no `any`.
- No hardcoded URLs — connection config lives in `localStorage` under `openconcho:config`.
- Use CSS variables (`var(--text-1)`) for theme-aware colors, never Tailwind color utilities.
- Cast TanStack Router `params` as `as never` at navigation callsites.
- One assertion per test.
## API schema changes
`src/api/schema.d.ts` is generated. Don't edit it by hand — run:
```bash
pnpm generate:api
```
…after updating `openapi.json`.
## Reporting bugs
Use the [bug report template](.github/ISSUE_TEMPLATE/bug_report.yml). Include the Honcho version, your OS, and reproduction steps.
## License
By contributing, you agree your contributions are licensed under the [MIT License](LICENSE).

36
SECURITY.md Normal file
View File

@@ -0,0 +1,36 @@
# Security Policy
## Supported Versions
OpenConcho follows semantic versioning via [semantic-release](https://semantic-release.gitbook.io/). Only the latest minor release on `main` receives security fixes.
| Version | Supported |
|---------|-----------|
| latest | ✅ |
| older | ❌ |
## Reporting a Vulnerability
**Please do not open public issues for security reports.**
Use GitHub's [private vulnerability reporting](https://github.com/offendingcommit/openconcho/security/advisories/new) to file a report. Include:
- A description of the issue and its impact
- Steps to reproduce
- Affected version(s)
- Any mitigations you've identified
You should expect an acknowledgement within 72 hours and a fix or status update within 14 days.
## Scope
OpenConcho is a frontend client. It stores connection config (`base URL`, optional `token`) in `localStorage` under the keys `openconcho:config` and `openconcho:theme`. It makes no network requests outside the Honcho instance you configure.
In-scope:
- XSS, CSRF, or other client-side vulnerabilities in the OpenConcho UI
- Token leakage from `localStorage` to third parties
- Build-toolchain supply-chain issues
Out of scope:
- Vulnerabilities in your own Honcho instance — report those upstream at [plastic-labs/honcho](https://github.com/plastic-labs/honcho)
- Issues that require physical access to an unlocked device