refactor: dev

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: duck-organization
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
+thanks_dev: # Replace with a single thanks.dev username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependencies:
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/deploy.yaml

@@ -17,6 +17,7 @@ jobs:
     if: >
       (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') ||
       (github.event.workflow_run.conclusion == 'success' &&
+       github.event.workflow_run.event == 'push' &&
        github.event.workflow_run.head_branch == 'main')
     steps:
       - name: Check out repository

CONTRIBUTING.md

@@ -1,20 +1,20 @@
 # Contributing to Quest Bot
 
-Contributing to Quest Bot requires basic knowledge of Typescript, Discord.JS and prisma.
+Contributing to Quest Bot requires basic knowledge of TypeScript, Discord.JS and Prisma.
 
 ## AI Rules
 
-Please refrain from using AI to create new features. Using AI to help you *understand* how to make something is fine but you can't have it vibecode or make features for you. This is especially important for HackClub events. You can use AI to help *draft* a feature.
+Please refrain from using AI to create new features. Using AI to help you *understand* how to make something is fine but you can't have it write code or make features for you. This is especially important for HackClub events. You can use AI to help *draft* a feature.
 
-When commiting code you take *full* responsibility for what you are commiting.
+When committing code you take *full* responsibility for what you are committing.
 
 ## Pull requests
 
-Please submit pull requests to the `dev` branch, unless this is a feature which requires a seperate branch.
+Please submit pull requests to the `dev` branch, unless this is a feature which requires a separate branch.
 Make sure to test the code you have made before creating a pull request.
-Format for commit messages, fix|upd|chore|dockerfile: (change made).
+Use conventional commit messages for all commits.
 
 > [!NOTE]
-> When contributing to this project you agree that you have all rights to the content you have contributed and that these align with the projects license.
+> When contributing to this project you agree that you have all rights to the content you have contributed and that these align with the project's license.
 
 ## Thanks for your interest! ❤️

Dockerfile

@@ -10,7 +10,7 @@ COPY apps/bot/prisma ./apps/bot/prisma/
 RUN pnpm install --frozen-lockfile
 
 COPY . .
-RUN pnpm --filter @quest/bot build
+RUN pnpm --filter @duckorganization/questbot build
 
 FROM node:24-alpine
 WORKDIR /app
@@ -22,8 +22,8 @@ COPY pnpm-workspace.yaml ./
 COPY apps/bot/package.json ./apps/bot/package.json
 COPY apps/bot/prisma.config.ts ./apps/bot/prisma.config.ts
 COPY apps/bot/prisma ./apps/bot/prisma/
-RUN pnpm install --prod --frozen-lockfile --filter @quest/bot
+RUN pnpm install --prod --frozen-lockfile --filter @duckorganization/questbot
 
 COPY --from=builder /app/apps/bot/dist ./apps/bot/dist
 
-CMD ["sh", "-c", "pnpm --filter @quest/bot db:push && pnpm --filter @quest/bot start"]
+CMD ["sh", "-c", "pnpm --filter @duckorganization/questbot db:push && pnpm --filter @duckorganization/questbot start"]

README.md

@@ -1,6 +1,6 @@
 <div style="text-align: center;">
 
-  <img src=".github/assets/LargeDuckBannerWhite.png" alt="Duck Organization Banner" />
+  <img src=".github/assets/LargeDuckBanner.png" alt="Duck Organization Banner" />
 
 ---
 
@@ -38,6 +38,12 @@ Feel free to open a pull request! Just make sure to follow the guidelines at [CO
 5. Run the development server with `pnpm dev`
 6. The bot will register commands automatically on startup.
 
+# Security
+
+Quest Bot undergoes frequent security audits that help it stay safe!
+
+If you ever find a security vulnerabitity, do not hesitate to make a report! We are more than happy to review it.
+
 # License
 
 This project is licensed under the Affero GNU General Public License v3.0 (AGPL-3.0). See LICENSE for more details.

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version      | Supported          |
+| ------------ | ------------------ |
+| Latest Tag   | :white_check_mark: |
+
+## Unsupported types of vulnerabilities
+
+| Type          | Supported          |
+| ------------- | ------------------ |
+| Rate limits   | :x:                |
+| Limits        | :x:                |
+| DDOS/DOS      | :x:                |
+
+If it is *critical* please submit it.
+
+## Reporting a Vulnerability
+
+Please report vulnerabilties through Github Advisories.
+
+Don't be afraid to report a vulnerability! If we have to close it there are no consequences!
+
+If a vulnerability is of high severity it will be looked into reasonably fast.
+Vulnerabilties get accepted and denied all the time, if your vulnerability is denied
+and you believe it was denied falsely than you can either reopen it or create a new one
+if it is of high priority.

apps/bot/.prettierignore

@@ -0,0 +1 @@
+dist/

apps/bot/LICENSE

@@ -0,0 +1 @@
+../../LICENSE

apps/bot/README.md

@@ -0,0 +1 @@
+../../README.md

apps/bot/package.json

@@ -1,42 +1,59 @@
 {
 	"$schema": "https://json.schemastore.org/package.json",
-	"name": "@quest/bot",
-	"version": "0.1.0",
+	"name": "@duckorganization/questbot",
+	"version": "0.1.5",
 	"private": true,
 	"type": "module",
+	"description": "A Discord bot built with Sapphire framework",
+	"license": "AGPL-3.0-or-later",
+	"author": "Duck Organization",
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/duck-organization/quest-bot.git"
+	},
+	"main": "./dist/index.js",
+	"bin": {
+		"questbot": "./dist/sharder.js"
+	},
+	"files": [
+		"dist",
+		"prisma/schema.prisma",
+		"README.md",
+		"LICENSE"
+	],
 	"scripts": {
 		"build": "rimraf dist && prisma generate && tsc",
-		"lint": "prettier --check . && eslint --ext .ts --format=pretty src",
-		"format": "prettier --write . && eslint --ext .ts --fix --format=pretty src",
+		"lint": "prettier --check .",
+		"format": "prettier --write .",
 		"predev": "pnpm build",
 		"start": "node --env-file-if-exists=../../.env dist/sharder.js",
 		"dev": "concurrently \"tsc --watch --preserveWatchOutput\" \"node --watch --watch-preserve-output --env-file-if-exists=../../.env dist/index.js\"",
 		"db:push": "prisma db push",
-		"db:generate": "prisma generate"
+		"db:generate": "prisma generate",
+		"postinstall": "prisma generate",
+		"prepublishOnly": "pnpm build"
 	},
 	"dependencies": {
-		"@discordjs/core": "^2.3.0",
-		"@prisma/adapter-pg": "^7.7.0",
-		"@prisma/client": "^7.7.0",
+		"@discordjs/core": "^2.4.0",
+		"@prisma/adapter-pg": "^7.8.0",
+		"@prisma/client": "^7.8.0",
 		"@sapphire/framework": "^5.5.0",
 		"@types/ms": "^2.1.0",
 		"discord.js": "^14.26.4",
-		"dotenv": "^17.4.2",
+		"ipaddr.js": "^2.4.0",
 		"ms": "^2.1.3",
-		"prisma": "^7.7.0",
-		"zod": "^4.3.6"
+		"prisma": "^7.8.0",
+		"sharp": "^0.34.5",
+
+		"zod": "^4.4.3"
 	},
 	"devDependencies": {
-		"@sapphire/ts-config": "^5.0.1",
-		"@types/node": "^22.18.8",
+		"@sapphire/ts-config": "^5.0.3",
+		"@types/node": "^25.8.0",
 		"concurrently": "^9.2.1",
-		"eslint": "^9.39.4",
-		"eslint-config-neon": "^0.2.7",
-		"eslint-formatter-compact": "^8.40.0",
-		"eslint-formatter-pretty": "^7.0.0",
-		"prettier": "^3.6.2",
+		"prettier": "^3.8.3",
 		"rimraf": "^6.1.3",
-		"typescript": "~5.9.3"
+		"typescript": "~6.0.3"
 	},
 	"engines": {
 		"node": ">=22.12.0"
@@ -46,4 +63,4 @@
 		"#lib/*": "./dist/lib/*",
 		"#prisma/*": "./dist/generated/prisma/*"
 	}
-}
+}

apps/bot/prisma.config.ts

@@ -1,14 +1,12 @@
-// This file was generated by Prisma, and assumes you have installed the following:
-// npm install --save-dev prisma dotenv
-import "dotenv/config";
-import { defineConfig } from "prisma/config";
+/// <reference types="node" />
+import { defineConfig } from 'prisma/config';
 
 export default defineConfig({
-  schema: "prisma/schema.prisma",
-  migrations: {
-    path: "prisma/migrations",
-  },
-  datasource: {
-    url: process.env["DATABASE_URL"],
-  },
+	schema: 'prisma/schema.prisma',
+	migrations: {
+		path: 'prisma/migrations',
+	},
+	datasource: {
+		url: process.env['DATABASE_URL'] ?? '',
+	},
 });