Skip to content

Commit 8bff5b8

Browse files
committed
Add comprehensive security, licensing, and attribution framework
Security improvements: - Added SECURITY.md with vulnerability reporting and best practices - Created GitHub Actions workflow for automated security scanning - Added CodeQL analysis, dependency review, and secrets scanning - Created env.example for secure environment variable setup Licensing and attribution: - Added MIT License for open source free use - Created comprehensive CREDITS.md acknowledging all content creators - Added proper attribution for 100+ design system resources - Included links to original authors' websites and profiles Documentation and community: - Added detailed CONTRIBUTING.md with guidelines for contributions - Updated README with licensing, security, and community information - Added clear content attribution requirements - Established ethical guidelines for content sharing Repository is now properly secured and prepared for public use while respecting all original content creators and their intellectual property.
1 parent 8851e60 commit 8bff5b8

File tree

7 files changed

+698
-4
lines changed

7 files changed

+698
-4
lines changed

.github/workflows/security.yml

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
name: Security Checks
2+
3+
on:
4+
push:
5+
branches: [ main, develop ]
6+
pull_request:
7+
branches: [ main ]
8+
schedule:
9+
# Run security checks weekly on Sundays at 2 AM UTC
10+
- cron: '0 2 * * 0'
11+
12+
jobs:
13+
security-audit:
14+
name: Security Audit
15+
runs-on: ubuntu-latest
16+
17+
steps:
18+
- name: Checkout code
19+
uses: actions/checkout@v4
20+
21+
- name: Setup Node.js
22+
uses: actions/setup-node@v4
23+
with:
24+
node-version: '20'
25+
cache: 'npm'
26+
27+
- name: Install dependencies
28+
run: npm ci
29+
30+
- name: Run npm audit
31+
run: npm audit --audit-level high
32+
33+
- name: Check for known vulnerabilities
34+
run: npm audit --audit-level moderate --json > audit-results.json || true
35+
36+
- name: Upload audit results
37+
uses: actions/upload-artifact@v4
38+
if: always()
39+
with:
40+
name: security-audit-results
41+
path: audit-results.json
42+
43+
dependency-review:
44+
name: Dependency Review
45+
runs-on: ubuntu-latest
46+
if: github.event_name == 'pull_request'
47+
48+
steps:
49+
- name: Checkout code
50+
uses: actions/checkout@v4
51+
52+
- name: Dependency Review
53+
uses: actions/dependency-review-action@v4
54+
with:
55+
fail-on-severity: high
56+
57+
codeql-analysis:
58+
name: CodeQL Analysis
59+
runs-on: ubuntu-latest
60+
permissions:
61+
actions: read
62+
contents: read
63+
security-events: write
64+
65+
steps:
66+
- name: Checkout code
67+
uses: actions/checkout@v4
68+
69+
- name: Initialize CodeQL
70+
uses: github/codeql-action/init@v3
71+
with:
72+
languages: typescript, javascript
73+
74+
- name: Setup Node.js
75+
uses: actions/setup-node@v4
76+
with:
77+
node-version: '20'
78+
cache: 'npm'
79+
80+
- name: Install dependencies
81+
run: npm ci
82+
83+
- name: Perform CodeQL Analysis
84+
uses: github/codeql-action/analyze@v3
85+
86+
secrets-scan:
87+
name: Secrets Scan
88+
runs-on: ubuntu-latest
89+
90+
steps:
91+
- name: Checkout code
92+
uses: actions/checkout@v4
93+
94+
- name: Run TruffleHog OSS
95+
uses: trufflesecurity/trufflehog@main
96+
with:
97+
path: ./
98+
base: main
99+
head: HEAD
100+
extra_args: --debug --only-verified

CONTRIBUTING.md

Lines changed: 260 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,260 @@
1+
# Contributing to Design Systems MCP
2+
3+
Thank you for your interest in contributing to the Design Systems MCP! This project thrives on community contributions and we welcome all forms of participation.
4+
5+
## 🤝 **Ways to Contribute**
6+
7+
### **🐛 Bug Reports & Issues**
8+
- Check [existing issues](../../issues) first to avoid duplicates
9+
- Use the issue templates when available
10+
- Provide clear reproduction steps
11+
- Include environment details (OS, Node.js version, etc.)
12+
13+
### **💡 Feature Requests**
14+
- Search existing issues for similar requests
15+
- Clearly describe the problem and proposed solution
16+
- Explain the use case and potential impact
17+
- Consider starting a [discussion](../../discussions) for major features
18+
19+
### **📚 Content Contributions**
20+
- Add new design system documentation and resources
21+
- Improve existing content organization
22+
- Update outdated information
23+
- Enhance content metadata and tagging
24+
25+
### **🔧 Code Contributions**
26+
- Fix bugs and issues
27+
- Improve performance and reliability
28+
- Add new MCP tools and capabilities
29+
- Enhance the user interface and experience
30+
31+
### **📖 Documentation**
32+
- Improve setup and usage instructions
33+
- Add examples and tutorials
34+
- Fix typos and unclear explanations
35+
- Translate documentation
36+
37+
## 🚀 **Getting Started**
38+
39+
### **1. Fork & Clone**
40+
```bash
41+
# Fork the repository on GitHub first, then:
42+
git clone https://github.com/your-username/design-systems-mcp.git
43+
cd design-systems-mcp
44+
```
45+
46+
### **2. Set Up Development Environment**
47+
```bash
48+
# Install dependencies
49+
npm install
50+
51+
# Set up environment variables
52+
cp env.example .dev.vars
53+
# Edit .dev.vars with your OpenAI API key
54+
55+
# Start development server
56+
npm run dev
57+
```
58+
59+
### **3. Create a Branch**
60+
```bash
61+
# Create a descriptive branch name
62+
git checkout -b feature/your-feature-name
63+
# or
64+
git checkout -b fix/issue-description
65+
```
66+
67+
### **4. Make Changes**
68+
- Follow the existing code style and conventions
69+
- Write clear, descriptive commit messages
70+
- Test your changes locally
71+
- Update documentation as needed
72+
73+
### **5. Submit Pull Request**
74+
- Push your branch to your fork
75+
- Create a pull request to the main repository
76+
- Fill out the PR template completely
77+
- Link related issues in the description
78+
79+
## 📚 **Adding Content**
80+
81+
### **Content Guidelines**
82+
83+
**✅ Content we welcome:**
84+
- Public design system documentation
85+
- Open source design resources
86+
- Educational articles and guides
87+
- Best practices and methodologies
88+
- Official documentation from design tools
89+
- Case studies with proper attribution
90+
91+
**❌ Content to avoid:**
92+
- Copyrighted material without permission
93+
- Internal/private company documentation
94+
- Content without proper attribution
95+
- Duplicate or redundant resources
96+
- Low-quality or incomplete guides
97+
98+
### **Attribution Requirements**
99+
100+
When adding content, you **must**:
101+
102+
1. **Verify permission** to share the content
103+
2. **Provide proper attribution** to original authors
104+
3. **Include source links** and original URLs
105+
4. **Update CREDITS.md** with author information
106+
5. **Respect original licensing** and terms
107+
108+
### **Content Addition Process**
109+
110+
1. **Add source content** to `local-content-library/`
111+
2. **Run ingestion scripts:**
112+
```bash
113+
# For PDFs
114+
npm run ingest:pdf path/to/document.pdf
115+
116+
# For URLs
117+
npm run ingest:url https://example.com/article
118+
119+
# For bulk CSV
120+
npm run ingest:csv path/to/urls.csv
121+
```
122+
3. **Update content loading** in `src/index.ts`
123+
4. **Test locally** with `npm run dev`
124+
5. **Update CREDITS.md** with attribution
125+
6. **Submit pull request** with changes
126+
127+
## 🔧 **Development Guidelines**
128+
129+
### **Code Style**
130+
- Use TypeScript for type safety
131+
- Follow existing naming conventions
132+
- Write self-documenting code with clear variable names
133+
- Add comments for complex logic
134+
- Use meaningful commit messages
135+
136+
### **Testing**
137+
- Test all changes locally before submitting
138+
- Verify the MCP server responds correctly
139+
- Test the AI chat interface thoroughly
140+
- Check that new content is searchable and accessible
141+
142+
### **Performance**
143+
- Keep content chunks reasonably sized
144+
- Optimize search performance
145+
- Minimize memory usage
146+
- Consider bandwidth for content loading
147+
148+
### **Security**
149+
- Never commit API keys or sensitive data
150+
- Follow the security guidelines in [SECURITY.md](SECURITY.md)
151+
- Use environment variables for configuration
152+
- Validate user inputs appropriately
153+
154+
## 🔒 **Security Considerations**
155+
156+
### **For Contributors**
157+
- **Never commit secrets** - Use `.env` or `.dev.vars` files
158+
- **Review dependencies** - Check for known vulnerabilities
159+
- **Validate inputs** - Sanitize any user-provided data
160+
- **Report security issues** privately to maintainers
161+
162+
### **For Content**
163+
- **Respect copyright** - Only add content you have permission to share
164+
- **Verify sources** - Ensure content comes from legitimate sources
165+
- **Check for PII** - Remove any personal information from content
166+
- **Review metadata** - Ensure no sensitive information in tags or descriptions
167+
168+
## 📝 **Pull Request Guidelines**
169+
170+
### **Before Submitting**
171+
- [ ] Code follows project conventions
172+
- [ ] Changes have been tested locally
173+
- [ ] Documentation has been updated
174+
- [ ] New content includes proper attribution
175+
- [ ] No secrets or sensitive data included
176+
- [ ] Related issues are referenced
177+
178+
### **PR Description Should Include**
179+
- **Summary** of changes made
180+
- **Motivation** for the changes
181+
- **Testing** performed
182+
- **Screenshots** for UI changes
183+
- **Breaking changes** if any
184+
- **Attribution updates** for new content
185+
186+
### **Review Process**
187+
1. **Automated checks** must pass
188+
2. **Manual review** by maintainers
189+
3. **Security scan** for sensitive data
190+
4. **Attribution verification** for content
191+
5. **Testing** in development environment
192+
193+
## 🎯 **Project Priorities**
194+
195+
### **High Priority**
196+
- Security and privacy improvements
197+
- Performance optimizations
198+
- High-quality design system content
199+
- Bug fixes and stability
200+
201+
### **Medium Priority**
202+
- New MCP tools and capabilities
203+
- UI/UX improvements
204+
- Documentation enhancements
205+
- Integration improvements
206+
207+
### **Lower Priority**
208+
- Nice-to-have features
209+
- Experimental functionality
210+
- Aesthetic improvements
211+
212+
## 💬 **Community Guidelines**
213+
214+
### **Be Respectful**
215+
- Use inclusive and welcoming language
216+
- Respect different perspectives and experiences
217+
- Focus on constructive feedback
218+
- Help others learn and grow
219+
220+
### **Be Collaborative**
221+
- Ask questions when unclear
222+
- Share knowledge and insights
223+
- Help review others' contributions
224+
- Participate in discussions
225+
226+
### **Be Ethical**
227+
- Respect intellectual property rights
228+
- Provide proper attribution
229+
- Don't share sensitive or private information
230+
- Follow platform terms of service
231+
232+
## 🆘 **Getting Help**
233+
234+
### **Questions?**
235+
- Check the [README](README.md) for basic information
236+
- Search [existing issues](../../issues) for similar questions
237+
- Start a [discussion](../../discussions) for general questions
238+
- Ask in your pull request for specific code questions
239+
240+
### **Stuck?**
241+
- Review the [setup guide](README.md#quick-start) again
242+
- Check your environment variables and API keys
243+
- Try the troubleshooting section in the README
244+
- Open an issue with detailed information about your problem
245+
246+
### **Need Support?**
247+
- 🐛 **Bug reports:** [GitHub Issues](../../issues)
248+
- 💬 **General questions:** [GitHub Discussions](../../discussions)
249+
- 🔒 **Security issues:** Email maintainers privately
250+
- 📚 **Documentation:** Check [README](README.md) and [project docs](../../wiki)
251+
252+
## 📄 **License**
253+
254+
By contributing to this project, you agree that your contributions will be licensed under the [MIT License](LICENSE).
255+
256+
Your contributions of content must respect the original authors' rights and include proper attribution as outlined in [CREDITS.md](CREDITS.md).
257+
258+
---
259+
260+
Thank you for contributing to the Design Systems MCP community! 🙏

0 commit comments

Comments
 (0)