chore: Add community health files (CONTRIBUTING, SECURITY, CITATION)

Author: TamTunnel

CITATION.cff

@@ -0,0 +1,19 @@
+cff-version: 1.2.0
+message: "If you use this software in your research or agency, please cite it as below."
+authors:
+- family-names: "Tunnel"
+  given-names: "Tam"
+title: "AI Governance Hub"
+version: 0.4.0
+date-released: 2024-01-01
+url: "https://github.com/TamTunnel/AI-Governance-Hub"
+repository-code: "https://github.com/TamTunnel/AI-Governance-Hub"
+license: "Apache-2.0"
+abstract: "A centralized, open-source platform for managing AI models, aligned with NIST AI RMF and EU AI Act requirements. Features include Model Registry, Risk Profiles, Policy Enforcement, and Lineage Tracking."
+keywords:
+  - ai-governance
+  - nist-ai-rmf
+  - eu-ai-act
+  - model-registry
+  - compliance
+  - responsible-ai

CONTRIBUTING.md

@@ -0,0 +1,28 @@
+# Contributing to AI Governance Hub
+
+Thank you for your interest in contributing to AI Governance Hub! This project is open-source and we welcome contributions from the community.
+
+## 🤝 Core Principles
+*   **Safety First:** All code must respect the sensitive nature of governance data. No heavy external dependencies without review.
+*   **Compliance Alignment:** Features should map to specific frameworks (NIST, EU AI Act) where possible.
+*   **Documentation:** Every PR must update the relevant docs. This tool lives and dies by its ability to explain *why* it matters.
+
+## 🛠️ Development Setup
+1.  Clone the repo: `git clone https://github.com/TamTunnel/AI-Governance-Hub.git`
+2.  Install dependencies: `cd backend && poetry install`
+3.  Run the stack: `docker compose up --build`
+4.  Run tests: `cd backend && pytest`
+
+## 📝 Pull Request Process
+1.  Create a feature branch: `git checkout -b feature/amazing-feature`
+2.  Commit your changes: `git commit -m 'feat: Add amazing feature'`
+3.  Push to the branch: `git push origin feature/amazing-feature`
+4.  Open a Pull Request.
+
+## 🧪 Testing
+*   Backend: `pytest` (ensure 100% pass rate)
+*   Frontend: `npm run test`
+*   Linting: `ruff check .`
+
+## 📜 License
+By contributing, you agree that your contributions will be licensed under the [Apache License 2.0](../LICENSE).

SECURITY.md

@@ -0,0 +1,31 @@
+# Security Policy
+
+## 🛡️ Reporting a Vulnerability
+
+**Do not open a GitHub Issue for security vulnerabilities.**
+
+If you discover a security vulnerability in AI Governance Hub, please verify it is reproducible and send a report to:
+
+**security@example.com** (Replace with actual security email if available, otherwise suggest private vulnerability reporting via GitHub)
+
+*   We will acknowledge your report within 48 hours.
+*   We will provide a timeline for a fix.
+*   Please do not disclose the vulnerability publicly until a fix is released.
+
+## 🔒 Supported Versions
+
+| Version | Supported |
+| :--- | :--- |
+| 0.4.x | ✅ Yes |
+| 0.3.x | ❌ No |
+| < 0.3 | ❌ No |
+
+## 🔐 Deployment Security
+
+For production deployments in government or enterprise:
+1.  **Always** deploy behind a TLS-terminating reverse proxy (Nginx).
+2.  **Enable** the RBAC policies suitable for your organization.
+3.  **Rotate** `SECRET_KEY` and Database Credentials regularly.
+4.  **Isolate** the database network from the public internet.
+
+See [Deployment & Security](https://github.com/TamTunnel/AI-Governance-Hub/wiki/Deployment_and_Security) in the Wiki for air-gapped architecture.