Skip to content

chore: add MIT license and security policy#41

Merged
FranRom merged 1 commit into
mainfrom
chore/add-mit-license-and-security-policy
May 18, 2026
Merged

chore: add MIT license and security policy#41
FranRom merged 1 commit into
mainfrom
chore/add-mit-license-and-security-policy

Conversation

@FranRom
Copy link
Copy Markdown
Owner

@FranRom FranRom commented May 17, 2026

Summary

P0 of the OSS-readiness audit — unblocks flipping the repo to public.

  • LICENSE — MIT, 2026 FranRom.
  • package.json — adds "license": "MIT" so GitHub auto-detects and renders the license badge.
  • SECURITY.md — coordinated-disclosure policy scoped to the actual attack surface (URL scheme allowlist, MCP path traversal, apply-queue races, CV parser, install scripts). Explicit out-of-scope list for upstream sources, LLM CLIs, and exposing the local UI publicly.
  • README.md — replaces the "Personal project — no license. Don't redistribute." footer with an MIT pointer.
  • CONTRIBUTING.md — replaces the "The repo has no open-source license" line with an MIT pointer.

No code changes — docs + metadata only.

Test plan

  • Pre-commit hook passes locally (Biome lint, 3× tsconfig typecheck, UI patterns check).
  • git ls-files config/ at HEAD shows only profile.default.json + slugs.json (no CV / applied list / brief / preferences leak).
  • After merge: GitHub's "Community Standards" tab shows ✅ for License + Security policy.
  • After merge: gh repo view FranRom/pupila --json licenseInfo returns MIT License.
  • After merge: GitHub UI shows the MIT badge on the repo card and a "Cite this repository" prompt is no longer the only metadata.

Follow-up (not in this PR)

  • P1 polish (README badges + slim, CODE_OF_CONDUCT, .nvmrc, .editorconfig, issue/PR templates, demo GIF) — separate branch.
  • Flip repo to public + add description / topics / homepage URL on GitHub.

@FranRom FranRom self-assigned this May 17, 2026
@FranRom FranRom requested review from ibsenjg and ogarciarevett May 17, 2026 19:07
ogarciarevett
ogarciarevett approved these changes May 17, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@ogarciarevett ogarciarevett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's f go

@FranRom FranRom force-pushed the chore/add-mit-license-and-security-policy branch from 7e82bf5 to ada49dd Compare May 18, 2026 09:02
@FranRom
chore: add MIT license and security policy
efcdf60 
P0 work to make the repo open-source ready:

- LICENSE: MIT, 2026 FranRom
- package.json: declare "license": "MIT" so GitHub auto-detects + shows the badge
- SECURITY.md: coordinated disclosure policy with in-scope (URL allowlist, MCP
  path traversal, apply-queue races, CV parser, install scripts) / out-of-scope
  (upstream sources, LLM CLIs, exposing the local UI publicly) sections
- README.md: replace "Personal project — no license. Don't redistribute." with
  an MIT pointer
- CONTRIBUTING.md: replace "The repo has no open-source license" line with the
  MIT pointer
@FranRom FranRom force-pushed the chore/add-mit-license-and-security-policy branch from ada49dd to efcdf60 Compare May 18, 2026 09:39
@FranRom FranRom merged commit b3c070f into main May 18, 2026
1 check passed
@FranRom FranRom deleted the chore/add-mit-license-and-security-policy branch May 18, 2026 10:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ogarciarevett ogarciarevett ogarciarevett approved these changes

@ibsenjg ibsenjg Awaiting requested review from ibsenjg

Assignees

@FranRom FranRom

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FranRom @ogarciarevett