Add AI policy for codegen and improved github template

Author: Shashikant86

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-  - name: 💬 GitHub Discussions
-    url: https://github.com/SuperagenticAI/dspy-code/discussions
-    about: Ask questions, share ideas, and discuss with the community
   - name: 📚 Documentation
-    url: https://dspy-code.super-agentic.ai
+    url: https://superagenticai.github.io/dspy-code/
     about: Read the full documentation

.github/ISSUE_TEMPLATE/documentation.yml

@@ -30,7 +30,7 @@ body:
     attributes:
       label: Documentation Location
       description: Where is the documentation issue? (URL or file path)
-      placeholder: https://dspy-code.super-agentic.ai/guide/...
+      placeholder: https://superagenticai.github.io/dspy-code/guide/...
     validations:
       required: true
 

.github/SECURITY.md

@@ -0,0 +1,53 @@
+# Security Policy
+
+## Supported Versions
+
+We actively support and provide security updates for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :white_check_mark: |
+| < 0.1.0 | :x:                |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you discover a security vulnerability, please report it via email to **[email protected]** with the following information:
+
+* **Description**: A clear description of the vulnerability
+* **Impact**: The potential impact of the vulnerability
+* **Steps to Reproduce**: Detailed steps to reproduce the issue
+* **Suggested Fix**: If you have a suggested fix, please include it
+* **Affected Versions**: Which versions are affected
+
+### What to Expect
+
+* **Acknowledgment**: We will acknowledge receipt of your report within 48 hours
+* **Initial Assessment**: We will provide an initial assessment within 7 days
+* **Updates**: We will keep you informed of our progress
+* **Resolution**: We will work with you to understand and resolve the issue quickly
+* **Disclosure**: We will coordinate disclosure with you after the issue is resolved
+
+### Security Best Practices
+
+When reporting vulnerabilities:
+* Do not access or modify user data without explicit permission
+* Do not perform any actions that could harm users or their data
+* Do not disclose the vulnerability publicly until it has been resolved
+* Follow responsible disclosure practices
+
+## Security Updates
+
+Security updates will be released as patch versions (e.g., 0.1.1 → 0.1.2) and will be documented in the [CHANGELOG.md](../CHANGELOG.md).
+
+## Security Considerations for Contributors
+
+* Never commit secrets, API keys, or credentials
+* Use environment variables for sensitive configuration
+* Follow secure coding practices
+* Review dependencies for known vulnerabilities
+* Keep dependencies up to date
+
+Thank you for helping keep DSPy Code secure! 🔒
+

.github/pull_request_template.md

@@ -67,6 +67,7 @@ pytest tests/
 ## Additional Notes
 
 <!-- Any additional information that reviewers should know -->
+<!-- If you used AI tools, see CONTRIBUTING.md for disclosure requirements -->
 
 ## Reviewer Notes
 

AI-GENERATED-CODE-POLICY.md

@@ -0,0 +1,32 @@
+# AI-Generated Code Policy
+
+## Summary
+We welcome contributions that used AI tools, provided they meet our quality, testing, security and licensing expectations. AI-generated code is treated the same as human-written code — it must be reviewed, tested, and owned by the contributor.
+
+## Disclosure
+If you used AI to produce any part of your contribution, include the following in your PR description:
+- **Model/Agent** (e.g., "GPT-5 Thinking mini via Copilot")
+- **How AI was used** (e.g., "boilerplate, implementation draft, tests, docs")
+- **Manual validation** performed (linters, tests, security checks)
+
+Simple autocompletion does not require disclosure. Substantial generation (functions, algorithms, large refactors, tests, docs) requires disclosure.
+
+## Contributor responsibilities
+- You remain fully responsible for the code you submit. Understand, test, and be able to explain all changes.
+- All code (AI or human) must pass linters and tests and meet project coding standards.
+- Provide documentation and tests for non-trivial changes.
+
+## IP, licensing, and security
+- By contributing you confirm you have the right to contribute the content (including AI outputs) under this project's license.
+- Do not submit content that includes proprietary, copyrighted, or secret data.
+- Avoid insecure patterns and secrets in contributions.
+
+## Workflow rules
+- For **core**, API, or architectural changes open an **Issue** first and discuss; link the Issue from the PR.
+- Small bug fixes and docs may open PRs directly, but still follow disclosure and testing requirements.
+
+## Maintainer rights
+Maintainers may reject or modify PRs that diverge from project goals, introduce undue complexity, or violate the above rules.
+
+## Enforcement and updates
+This policy may be updated as the ecosystem evolves. If maintainers suspect problematic AI-generated content they may request provenance, tests, or rework.

CONTRIBUTING.md

@@ -31,14 +31,27 @@ Enhancement suggestions are tracked as [GitHub issues](https://github.com/Supera
 
 We welcome pull requests! For major changes, please open an issue first to discuss what you would like to change.
 
+### AI-generated contributions
+
+See [AI-GENERATED-CODE-POLICY.md](AI-GENERATED-CODE-POLICY.md) for our rules about contributions that use AI tools. If you used AI, please disclose the model/agent and how it was used in your PR description.
+
 ## Development Setup
 
 ### Prerequisites
 
-* Python 3.10 or higher
+* Python 3.10 or higher (we support Python 3.10, 3.11, 3.12, and 3.13)
 * [uv](https://github.com/astral-sh/uv) (recommended) or pip
 * Git
 
+### Supported Platforms
+
+We test on:
+* Linux (Ubuntu)
+* macOS
+* Windows (limited testing)
+
+If you encounter platform-specific issues, please report them with your OS details.
+
 ### Quick Setup
 
 1. **Fork and clone the repository**
@@ -64,6 +77,8 @@ source .venv/bin/activate  # On Windows: .venv\Scripts\activate
 pip install -e ".[dev,test,docs]"
 ```
 
+**Note:** The `-e` flag installs the package in "editable" or "development" mode. This means changes to the source code are immediately reflected without reinstalling. The `dspy-code` command will use your local development version.
+
 3. **Install pre-commit hooks**
 
 ```bash
@@ -112,6 +127,16 @@ ruff check --fix .
 ruff format .
 ```
 
+### 4a. Type Checking (Optional but Recommended)
+
+We use [mypy](https://mypy.readthedocs.io/) for static type checking:
+
+```bash
+mypy dspy_code
+```
+
+Note: Some third-party libraries (dspy, mcp, etc.) may not have complete type stubs, so some `ignore_missing_imports` exceptions are configured in `pyproject.toml`.
+
 ### 5. Commit
 
 Use [Conventional Commits](https://www.conventionalcommits.org/):
@@ -139,6 +164,30 @@ git push origin feature/your-feature-name
 
 Then create a pull request on GitHub.
 
+**CI/CD Expectations:**
+* All PRs must pass CI checks (linting, formatting, tests)
+* Tests must pass on all supported Python versions (3.10, 3.11, 3.12, 3.13)
+* Code must pass Ruff linting and formatting checks
+* Coverage should not decrease significantly
+* Fix any CI failures before requesting review
+
+### 7. Code Review Process
+
+All pull requests require review before merging. Here's what reviewers look for:
+
+* **Functionality**: Does the code work as intended?
+* **Tests**: Are there adequate tests covering the changes?
+* **Documentation**: Is the code documented appropriately?
+* **Style**: Does the code follow our coding standards?
+* **Breaking changes**: Are any breaking changes properly documented?
+* **Performance**: Are there any obvious performance issues?
+
+**Review expectations:**
+* Be respectful and constructive in feedback
+* Respond to review comments promptly
+* Address all requested changes before requesting re-review
+* Keep PRs focused and reasonably sized (<500 lines when possible)
+
 ## Coding Standards
 
 ### Python Style
@@ -209,12 +258,24 @@ pytest -n auto
 
 ## Documentation
 
-Documentation will be available on GitHub Pages once set up.
+Documentation is available at [https://superagenticai.github.io/dspy-code/](https://superagenticai.github.io/dspy-code/).
 
-For now, refer to:
-- README.md for overview and quick start
-- Code docstrings for API documentation
-- Examples in `examples/` directory
+When updating documentation:
+* Update relevant docstrings for API changes
+* Update examples if behavior changes
+* Add new examples for new features
+* Update the main documentation site (in `docs/`) for user-facing changes
+* Follow the existing documentation style
+
+### Changelog
+
+We follow [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+When making changes:
+* Add entries to `CHANGELOG.md` under `[Unreleased]`
+* Use appropriate categories: `Added`, `Changed`, `Deprecated`, `Removed`, `Fixed`, `Security`
+* For breaking changes, clearly mark them and explain migration steps
+* Link to related issues/PRs when applicable
 
 ## Project Structure
 
@@ -231,15 +292,165 @@ dspy-code/
 └── examples/          # Example scripts
 ```
 
+## Package Development
+
+### Building the Package
+
+To build the package locally:
+
+```bash
+# Install build dependencies
+uv pip install build hatchling twine
+
+# Build wheel and source distribution
+python -m build
+
+# Check the built package
+twine check dist/*
+```
+
+The built packages will be in the `dist/` directory:
+* `dspy_code-X.Y.Z-py3-none-any.whl` - Wheel distribution
+* `dspy_code-X.Y.Z.tar.gz` - Source distribution
+
+### Testing Package Installation
+
+Test installing the built package:
+
+```bash
+# Install from wheel
+uv pip install dist/dspy_code-*.whl
+
+# Or install from source
+uv pip install dist/dspy_code-*.tar.gz
+
+# Verify installation
+dspy-code --version
+```
+
+### Package Structure
+
+The package uses modern Python packaging standards:
+* **`pyproject.toml`** - PEP 517/518 compliant build configuration
+* **`hatchling`** - Modern build backend (no setup.py needed)
+* **`MANIFEST.in`** - Controls which files are included in source distributions (README, LICENSE, CHANGELOG, etc.)
+* **Entry point** - `dspy-code` command defined in `[project.scripts]` mapping to `dspy_code.main:main`
+
+When adding files that should be included in distributions:
+* Update `MANIFEST.in` for source distributions
+* Update `[tool.hatch.build.targets.sdist]` in `pyproject.toml` if needed
+* Test with `python -m build` to verify files are included
+
+### Package Metadata
+
+Package metadata is defined in `pyproject.toml`:
+* Version is managed in `[project]` section
+* Dependencies are listed in `[project.dependencies]`
+* Optional dependencies in `[project.optional-dependencies]`
+* Entry points in `[project.scripts]`
+* URLs (homepage, docs, etc.) in `[project.urls]`
+
+When updating metadata:
+* Update version in `pyproject.toml` (we use semantic versioning)
+* Update `CHANGELOG.md` with release notes
+* Ensure classifiers match the current Python version support
+
+## Release Process
+
+We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html):
+* **MAJOR** (x.0.0): Breaking changes
+* **MINOR** (0.x.0): New features, backwards compatible
+* **PATCH** (0.0.x): Bug fixes, backwards compatible
+
+### Version Management
+
+* Version is stored in `pyproject.toml` under `[project]` → `version`
+* Update version before each release
+* Tag releases in git: `git tag v0.1.2`
+* Version should match the release in CHANGELOG.md
+
+### Breaking Changes
+
+Breaking changes require:
+1. Opening an issue for discussion first
+2. Clear migration guide in the PR
+3. Deprecation warnings (if applicable) before removal
+4. Documentation updates
+5. Entry in CHANGELOG.md under "Changed" with "BREAKING CHANGE:" prefix
+
+### Deprecation Policy
+
+* Deprecated features will be marked with `@deprecated` in docstrings
+* Deprecation warnings will be shown for at least one minor version
+* Breaking changes will be announced in advance when possible
+
+## Security
+
+### Reporting Security Vulnerabilities
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via email to **[email protected]** with:
+* Description of the vulnerability
+* Steps to reproduce
+* Potential impact
+* Suggested fix (if available)
+
+We will acknowledge receipt within 48 hours and provide a timeline for addressing the issue.
+
+For more details, see our [Security documentation](https://superagenticai.github.io/dspy-code/reference/security/).
+
+## Dependency Management
+
+* We use `uv` (recommended) or `pip` for dependency management
+* Dependencies are managed in `pyproject.toml`
+* When adding new dependencies:
+  * Justify why it's needed
+  * Check for license compatibility (MIT-compatible preferred)
+  * Consider the dependency's maintenance status
+  * Update version constraints appropriately
+* Security updates are handled via Dependabot
+
+### Optional Dependencies
+
+The package supports optional dependencies for different LLM providers:
+
+* `dspy-code[openai]` - OpenAI SDK support
+* `dspy-code[anthropic]` - Anthropic SDK support
+* `dspy-code[gemini]` - Google Gemini SDK support
+* `dspy-code[llm-all]` - All LLM providers
+* `dspy-code[mcp-ws]` - WebSocket support for MCP servers
+
+When adding new optional dependencies:
+* Add them to `[project.optional-dependencies]` in `pyproject.toml`
+* Document their purpose in the README
+* Ensure they're truly optional (the package should work without them)
+* Add appropriate error messages if features require them
+
+## Performance Considerations
+
+* Consider performance impact of new features
+* Use appropriate data structures and algorithms
+* Profile code if making performance-critical changes
+* Document any known performance trade-offs
+
 ## Getting Help
 
 * 🐛 [Issue Tracker](https://github.com/SuperagenticAI/dspy-code/issues) - Report bugs
+* 📚 [Documentation](https://superagenticai.github.io/dspy-code/) - Full documentation
 * 📧 Email: [email protected]
 
-## Maintainer
+## Maintainers
 
 * [@Shashikant86](https://github.com/Shashikant86) - Lead Maintainer
 
+## Contributor Recognition
+
+All contributors are recognized in:
+* Git commit history
+* Release notes (for significant contributions)
+* Project documentation (when applicable)
+
 ## License
 
 By contributing, you agree that your contributions will be licensed under the MIT License.