diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..1ef5ee9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,116 @@ +name: Bug report +description: Report a reproducible bug or regression in PepeteX +title: "[Bug]: " +labels: ["bug", "triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to file a bug report! Please fill out the form below so we can reproduce and fix the issue quickly. + + Before submitting, please: + - Search [existing issues](../) to avoid duplicates + - Make sure you are running the latest version + - Redact any secrets, API keys, or sensitive data from logs and screenshots + + - type: textarea + id: description + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + placeholder: When I do X, Y happens instead of Z. + validations: + required: true + + - type: textarea + id: reproduction + attributes: + label: Steps to reproduce + description: Minimal steps required to reproduce the issue. + placeholder: | + 1. Go to '...' + 2. Click on '...' + 3. See error + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected behavior + description: What did you expect to happen? + validations: + required: true + + - type: textarea + id: actual + attributes: + label: Actual behavior + description: What actually happened? Include error messages, stack traces, and screenshots if helpful. + validations: + required: true + + - type: dropdown + id: provider + attributes: + label: AI provider in use + description: Which AI provider were you using when the bug occurred? + options: + - Gemini + - OpenAI-compatible + - CLI proxy + - Not applicable + - Other + validations: + required: true + + - type: dropdown + id: deployment + attributes: + label: Deployment mode + options: + - Local dev (yarn dev) + - Docker Compose (self-hosted) + - Docker Compose (VM) + - Google Cloud Run + - Other + validations: + required: true + + - type: input + id: version + attributes: + label: Version / commit + description: PepeteX version or commit SHA + placeholder: e.g. main@4ea35a5 + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment + description: Node version, OS, browser, etc. + placeholder: | + - Node: 24.x + - OS: macOS 14.5 + - Browser: Chrome 126 + validations: + required: true + + - type: textarea + id: logs + attributes: + label: Relevant logs + description: Paste any relevant log output. Will be automatically formatted as code. + render: shell + + - type: checkboxes + id: terms + attributes: + label: Confirmations + options: + - label: I have searched existing issues and confirmed this is not a duplicate + required: true + - label: I have removed any secrets, credentials, or sensitive data from this report + required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..2538c8e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Security vulnerability + url: https://github.com/busto-dev/pepetex/security/advisories/new + about: Please report security vulnerabilities privately via GitHub Security Advisories (see SECURITY.md). diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..f8ddc5e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,65 @@ +name: Feature request +description: Suggest a new feature or improvement for PepeteX +title: "[Feature]: " +labels: ["enhancement", "triage"] +body: + - type: markdown + attributes: + value: | + Thanks for suggesting a new feature! Please describe the problem you are trying to solve before jumping to a specific solution — it helps us evaluate alternatives. + + - type: textarea + id: problem + attributes: + label: Problem / motivation + description: What problem are you trying to solve? Who is affected? + placeholder: I'm frustrated when [...] because [...] + validations: + required: true + + - type: textarea + id: solution + attributes: + label: Proposed solution + description: Describe the change you would like to see. + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + description: What other approaches did you consider, and why did you discard them? + + - type: dropdown + id: area + attributes: + label: Area + description: Which part of PepeteX does this affect? + options: + - AI generation / workflows + - Providers (Gemini, OpenAI, image, etc.) + - Design systems + - Export (PPTX, thumbnails) + - Admin / RBAC + - UX / UI + - i18n + - Deployment / infra + - Docs + - Other + validations: + required: true + + - type: textarea + id: additional + attributes: + label: Additional context + description: Mockups, links, references, related issues, etc. + + - type: checkboxes + id: terms + attributes: + label: Confirmations + options: + - label: I have searched existing issues and confirmed this is not a duplicate + required: true \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..cb7463b --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,41 @@ +## Summary + + + +## Type of change + + + +- [ ] Bug fix (non-breaking change that fixes an issue) +- [ ] New feature (non-breaking change that adds functionality) +- [ ] Breaking change (fix or feature that would change existing behavior) +- [ ] Documentation update +- [ ] Refactor / code cleanup +- [ ] Tests +- [ ] CI / build / tooling + +## Related issues + + + +## How was this tested? + + + +- [ ] `corepack yarn lint` +- [ ] `corepack yarn typecheck` +- [ ] `corepack yarn test --run` +- [ ] Manual testing (describe below) + +## Screenshots / recordings + + + +## Checklist + +- [ ] My code follows the existing TypeScript and ESLint style +- [ ] I have performed a self-review of my own code +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally +- [ ] I have updated the documentation where needed +- [ ] No secrets or credentials are committed diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..8bc3d5b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Security Policy + +## Supported versions + +PepeteX is under active, AI-assisted ("vibecoded") development and is provided **as-is, with no warranty**. Only the latest `main` branch receives security fixes. Please make sure you are running the most recent version before reporting an issue. + +| Version | Supported | +| ------- | ------------------ | +| `main` | :white_check_mark: | +| older | :x: | + +## Reporting a vulnerability + +**Please do not open a public GitHub issue for security vulnerabilities.** + +Instead, report it privately so we can investigate and ship a fix before details become public: + +1. Go to the repository's **Security → Advisories** tab and choose **"Report a vulnerability"** (GitHub Private Vulnerability Reporting), **or** +2. Email the maintainers at ``. + +Please include as much detail as you can: + +- A description of the vulnerability and its potential impact +- Steps to reproduce (proof-of-concept, affected endpoints/components) +- The version or commit you tested against +- Any suggested remediation, if you have one + +## What to expect + +- **Acknowledgement** within 5 business days. +- An initial assessment and severity classification shortly after. +- Regular updates on remediation progress. +- Public disclosure (and credit, if you wish) once a fix is available. + +## Scope + +This project is self-hosted and depends on operator-supplied configuration — AI provider keys, object storage, and database credentials. Misconfiguration of your own deployment (exposed `.env`, public object storage, weak credentials) is outside the scope of this policy, but we're happy to receive documentation improvements that help others avoid those pitfalls. + +Thank you for helping keep PepeteX and its users safe.