docs: add PR template and security policy
- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors - Add SECURITY.md with vulnerability reporting instructions
This commit is contained in:
25
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
25
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
@@ -0,0 +1,25 @@
|
||||
## Description
|
||||
|
||||
<!-- What does this PR do? Why is it needed? -->
|
||||
|
||||
## Type of Change
|
||||
|
||||
- [ ] 🐛 Bug fix
|
||||
- [ ] ✨ New feature
|
||||
- [ ] 💅 Style / UI change
|
||||
- [ ] ♻️ Refactor (no behavior change)
|
||||
- [ ] 📝 Documentation
|
||||
- [ ] 🧪 Tests
|
||||
- [ ] 🔧 Build / CI / tooling
|
||||
|
||||
## Checklist
|
||||
|
||||
- [ ] `npm run build` passes with zero errors
|
||||
- [ ] Tested in browser (dev server or production build)
|
||||
- [ ] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/)
|
||||
- [ ] No secrets or credentials included
|
||||
- [ ] Translations updated in `src/lib/i18n.ts` if UI text changed
|
||||
|
||||
## Screenshots
|
||||
|
||||
<!-- If this changes the UI, add before/after screenshots or a short GIF -->
|
||||
27
SECURITY.md
Normal file
27
SECURITY.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
|---------|-----------|
|
||||
| Latest | ✅ |
|
||||
|
||||
## Architecture
|
||||
|
||||
PinchChat is a **static frontend** — it runs entirely in the browser. There is no server-side component.
|
||||
|
||||
- Gateway credentials are entered at runtime and stored in `localStorage`
|
||||
- No secrets are baked into the build
|
||||
- All communication happens over WebSocket to your own OpenClaw gateway
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security issue, please **do not** open a public issue.
|
||||
|
||||
Instead, email **contact@nicolasvarrot.fr** with:
|
||||
|
||||
- A description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
|
||||
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.
|
||||
Reference in New Issue
Block a user