Merge pull request #8 from AHS12/dev

Release Candidate for V1.0.0

Author: AHS12

.github/pull_request_template.md

@@ -0,0 +1,34 @@
+## Description
+
+Brief summary of changes and motivation.
+
+Fixes # (issue)
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Breaking change
+- [ ] Documentation update
+
+## Testing
+
+- [ ] Tests added/updated
+- [ ] All tests pass locally
+- [ ] Tested with both tenancy modes (if applicable)
+
+**Test Environment:**
+- PHP: 
+- Laravel: 
+
+## Checklist
+
+- [ ] Code follows project style
+- [ ] Self-reviewed code
+- [ ] Updated documentation
+- [ ] Backward compatible (or breaking change documented)
+- [ ] No new warnings/errors
+
+## Additional Notes
+
+Any extra context or screenshots.

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[mdazizulhakim.cse@gmail.com](mdazizulhakim.cse@gmail.com).
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

README.md

@@ -1,4 +1,4 @@
-# laravel-setanjo - Multi-Tenant Laravel Settings Package
+# laravel-setanjo - Laravel Settings Package with Multi-Tenant Support
 
 <p align="center">
 <a href="https://github.com/ahs12/laravel-setanjo/actions"><img src="https://github.com/ahs12/laravel-setanjo/actions/workflows/run-tests.yml/badge.svg" alt="Build Status"></a>
@@ -7,16 +7,18 @@
 <a href="https://packagist.org/packages/ahs12/laravel-setanjo"><img src="https://img.shields.io/packagist/l/ahs12/laravel-setanjo" alt="License"></a>
 </p>
 
-A powerful Laravel package for managing application settings with multi-tenant support. Store global settings or tenant-specific configurations with automatic type casting, caching, and a clean API. Perfect for A/B testing, feature flags, and user preferences.
+A powerful Laravel package for managing application settings and configurations. Store global application settings or model-specific configurations (user preferences, company settings, etc.) with automatic type casting, caching, and a clean API. Perfect for feature flags, A/B testing, user preferences, and dynamic configuration management.
+
+**Note**: This package does **not** provide multi-tenancy features for your application. However, if your Laravel project already has multi-tenancy implemented, this package can store tenant-specific settings alongside your existing tenant architecture.
 
 ## Features
 
--   🏢 **Multi-Tenant Support**: Both strict and polymorphic tenancy modes
--   🗃️ **Polymorphic Storage**: Store settings for any model type
--   🏛️ **Global Settings**: Settings without any tenant scope
+-   🏢 **Multi-Tenant Ready**: Works with existing multi-tenant applications
+-   🗃️ **Model-Specific Settings**: Store settings for any Eloquent model (User, Company, etc.)
+-   🏛️ **Global Settings**: Application-wide settings without model scope
 -   ⚡ **Caching**: Optional caching with configurable cache store
--   🔒 **Validation**: Validate tenant models and prevent unauthorized access
--   📦 **Clean API**: Simple, intuitive API inspired by popular packages
+-   🔒 **Validation**: Validate models and prevent unauthorized access
+-   📦 **Clean API**: Simple, intuitive API for setting and retrieving values
 -   🧪 **Fully Tested**: Comprehensive test suite included
 -   ✅ **Type Safety**: Automatic type detection and conversion
 

SECURITY.md

@@ -0,0 +1,115 @@
+# Security Policy
+
+## Supported Versions
+
+We take security seriously and provide security updates for the following versions of laravel-setanjo:
+
+| Version | Supported          | Laravel Compatibility |
+| ------- | ------------------ | -------------------- |
+| 1.x.x   | :white_check_mark: | Laravel 10.x, 11.x, 12.x  |
+| < 1.0   | :white_check_mark: | Laravel 10.x, 11.x, 12.x  |
+
+**Note**: Only the latest major version receives security updates. We recommend keeping your installation up to date with the latest stable release.
+
+## Reporting a Vulnerability
+
+We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please follow these steps:
+
+### How to Report
+
+**Please DO NOT create a public GitHub issue for security vulnerabilities.**
+
+Instead, report security issues privately by:
+
+1. **Email**: Send details to [mdazizulhakim.cse@gmail.com](mdazizulhakim.cse@gmail.com) or the package maintainer directly
+2. **GitHub Security Advisory**: Use GitHub's private vulnerability reporting feature
+
+
+### What to Include
+
+When reporting a security vulnerability, please include:
+
+- **Description** of the vulnerability and its potential impact
+- **Steps to reproduce** the issue with detailed instructions
+- **Affected versions** or version ranges
+- **Proof of concept** code or screenshots (if applicable)
+- **Suggested fix** or mitigation (if you have ideas)
+- **Your contact information** for follow-up questions
+
+### Response Timeline
+
+We are committed to responding to security reports promptly:
+
+- **Initial Response**: Within 48 hours of report
+- **Assessment**: Within 7 days we'll provide initial assessment
+- **Fix Development**: Critical issues will be prioritized for immediate fixes
+- **Disclosure**: Coordinated disclosure after fix is available
+
+### What to Expect
+
+**If the vulnerability is accepted:**
+- We'll work with you to understand and reproduce the issue
+- Develop and test a fix
+- Release a security patch
+- Credit you in the security advisory (if desired)
+- Coordinate public disclosure timing
+
+**If the vulnerability is declined:**
+- We'll explain why it's not considered a security issue
+- Provide guidance if it's a configuration or usage issue
+- Suggest alternative reporting channels if appropriate
+
+## Security Considerations
+
+### Multi-Tenant Security
+
+This package handles multi-tenant data. Key security considerations:
+
+- **Tenant Isolation**: Settings are properly isolated between tenants
+- **Authorization**: Validate tenant access before reading/writing settings
+- **Model Validation**: Ensure only allowed models can be used as tenants
+
+### Best Practices
+
+When using laravel-setanjo:
+
+1. **Validate Input**: Always validate setting values before storage
+2. **Sanitize Output**: Be cautious when displaying user-provided setting values
+3. **Access Control**: Implement proper authorization for setting management
+4. **Audit Trail**: Consider logging sensitive setting changes
+5. **Cache Security**: Ensure cache stores are properly secured
+
+### Known Security Considerations
+
+- Settings stored in database are not encrypted by default
+- Cache invalidation timing may expose information about setting changes
+- Polymorphic mode requires careful tenant model validation
+
+## Security Updates
+
+Security updates will be:
+
+- Released as patch versions (e.g., 1.0.x)
+- Documented in [CHANGELOG.md](CHANGELOG.md) with security labels
+- Announced through GitHub releases
+- Tagged with `security` label
+
+## Acknowledgments
+
+We thank the security research community for helping keep laravel-setanjo secure. Security researchers who responsibly disclose vulnerabilities will be acknowledged in:
+
+- Security advisories
+- CHANGELOG.md
+- Hall of fame (if established)
+
+## Contact
+
+For security-related questions or concerns:
+
+- **Security Issues**: Use private reporting methods above
+- **General Security Questions**: Create a GitHub discussion
+- **Documentation**: Suggest improvements via pull request
+
+---
+
+**Remember**: Security is everyone's responsibility. If you're unsure whether something is a security issue, err on the side of caution and report

composer.json

@@ -1,12 +1,15 @@
 {
     "name": "ahs12/laravel-setanjo",
-    "description": "Multi-tenant Laravel settings package with polymorphic support",
+    "description": "Laravel settings package for managing application configurations, user preferences, feature flags, and A/B testing with multi-tenant support",
     "keywords": [
         "laravel",
         "settings",
+        "configuration",
+        "feature-flags",
+        "ab-testing",
+        "user-preferences",
         "multi-tenant",
-        "polymorphic",
-        "configuration"
+        "polymorphic"
     ],
     "homepage": "https://github.com/ahs12/laravel-setanjo",
     "license": "MIT",