merge: bring feature/project-init into main

vsxd · vsxd · commit 7f2a2d5a6515 · 2026-03-13T10:38:30.000+08:00
# Conflicts:
#	README.md
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,35 @@
+name: Bug Report
+description: Report a defect in SkillHub
+title: "[Bug] "
+labels:
+  - bug
+body:
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: What happened?
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps To Reproduce
+      description: Include commands, requests, or UI flow
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+    validations:
+      required: true
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Branch, commit, runtime profile, browser, OS, etc.
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs Or Screenshots
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Report
+    url: https://example.invalid/security-contact
+    about: Do not file public issues for suspected vulnerabilities.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,28 @@
+name: Feature Request
+description: Propose a new capability or workflow improvement
+title: "[Feature] "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What user or operator problem does this solve?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed Solution
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: Auth, API, migration, deployment, observability, or UX impact
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,27 @@
+## Summary
+
+- What changed?
+- Why is this needed?
+
+## Validation
+
+- [ ] Backend tests passed
+- [ ] Frontend typecheck/build passed
+- [ ] Smoke test run when relevant
+
+Commands run:
+
+```bash
+# paste commands here
+```
+
+## Risk
+
+- User-facing impact:
+- Deployment or migration impact:
+- Rollback approach:
+
+## Notes
+
+- Related issue:
+- Follow-up work:
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,33 @@
+# Code of Conduct
+
+## Our Standard
+
+Contributors and maintainers are expected to keep discussion technical,
+respectful, and constructive.
+
+Examples of expected behavior:
+
+- Focus on the problem, tradeoffs, and evidence.
+- Assume good intent, but challenge weak reasoning directly.
+- Share actionable feedback.
+- Respect different levels of experience and domain knowledge.
+
+Examples of unacceptable behavior:
+
+- Harassment, insults, or personal attacks
+- Bad-faith argumentation or repeated hostility
+- Publishing private or sensitive information without permission
+- Disruptive behavior that blocks productive collaboration
+
+## Enforcement
+
+Project maintainers may remove comments, reject contributions, or restrict
+participation for behavior that violates this code of conduct.
+
+Serious or repeated violations may result in a temporary or permanent ban from
+project spaces.
+
+## Reporting
+
+Report conduct issues privately to the maintainers through an internal contact
+channel. Do not use public issues for personal or sensitive reports.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,75 @@
+# Contributing to SkillHub
+
+## Scope
+
+SkillHub is a self-hosted registry for agent skills. Contributions should
+preserve the existing architecture and product direction documented in
+[`docs/`](./docs).
+
+## Before You Start
+
+- Read [`README.md`](./README.md) for local development commands.
+- Check the relevant design docs before changing behavior.
+- Open an issue for non-trivial changes before sending a large pull request.
+
+## Development Setup
+
+Prerequisites:
+
+- Docker and Docker Compose
+- Java 21
+- Node.js and `pnpm`
+
+Start the local stack:
+
+```bash
+make dev-all
+```
+
+Useful commands:
+
+```bash
+make test
+make typecheck-web
+make build-web
+./scripts/smoke-test.sh
+```
+
+Stop the stack:
+
+```bash
+make dev-all-down
+```
+
+## Change Guidelines
+
+- Keep changes focused. Avoid mixing refactors with behavior changes.
+- Follow existing module boundaries across `server/`, `web/`, and `docs/`.
+- Add or update tests when behavior changes.
+- Update docs when APIs, auth flows, deployment, or operator workflows change.
+- Prefer backward-compatible changes unless the issue explicitly allows a break.
+
+## Pull Requests
+
+Before opening a pull request, make sure:
+
+- The branch is rebased or merged cleanly from the target branch.
+- Relevant backend tests pass.
+- Frontend typecheck/build passes when frontend files changed.
+- Smoke coverage is updated when operator-facing workflows change.
+- The pull request description explains motivation, scope, and rollout impact.
+
+## Commit Style
+
+Conventional-style subjects are preferred, for example:
+
+- `feat(auth): add local account login`
+- `fix(ops): align smoke test with csrf flow`
+- `docs(deploy): clarify runtime image usage`
+
+## Reporting Security Issues
+
+Do not open public issues for suspected security vulnerabilities.
+
+Report them privately to the maintainers through your internal security process
+or a private maintainer contact channel.
diff --git a/README.md b/README.md
@@ -33,8 +33,7 @@ firewall, with the same polish you'd expect from a public registry.
 
 ## Quick Start
 
-Start the full local stack with:
-`curl -fsSL https://raw.githubusercontent.com/iflytek/skillhub/main/compose.release.yml -o compose.release.yml && curl -fsSL https://raw.githubusercontent.com/iflytek/skillhub/main/.env.release.example -o .env.release && docker compose --env-file .env.release -f compose.release.yml up -d`
+Start the full local stack with: `curl -fsSL https://raw.githubusercontent.com/iflytek/skillhub/main/scripts/runtime.sh | sh -s -- up`
 
 ### Prerequisites
 
@@ -205,6 +204,12 @@ Run it against a local backend:
 Contributions are welcome. Please open an issue first to discuss
 what you'd like to change.
 
+- Contribution guide: [`CONTRIBUTING.md`](./CONTRIBUTING.md)
+- Code of conduct: [`CODE_OF_CONDUCT.md`](./CODE_OF_CONDUCT.md)
+
+- Contribution guide: [`CONTRIBUTING.md`](./CONTRIBUTING.md)
+- Code of conduct: [`CODE_OF_CONDUCT.md`](./CODE_OF_CONDUCT.md)
+
 ## License
 
 MIT
diff --git a/scripts/runtime.sh b/scripts/runtime.sh
