docs: add PR template and security policy

- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors
- Add SECURITY.md with vulnerability reporting instructions
This commit is contained in:
Nicolas Varrot
2026-02-11 21:35:29 +00:00
parent fd66fed96f
commit d02009475b
2 changed files with 52 additions and 0 deletions

25
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,25 @@
## Description
<!-- What does this PR do? Why is it needed? -->
## Type of Change
- [ ] 🐛 Bug fix
- [ ] ✨ New feature
- [ ] 💅 Style / UI change
- [ ] ♻️ Refactor (no behavior change)
- [ ] 📝 Documentation
- [ ] 🧪 Tests
- [ ] 🔧 Build / CI / tooling
## Checklist
- [ ] `npm run build` passes with zero errors
- [ ] Tested in browser (dev server or production build)
- [ ] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/)
- [ ] No secrets or credentials included
- [ ] Translations updated in `src/lib/i18n.ts` if UI text changed
## Screenshots
<!-- If this changes the UI, add before/after screenshots or a short GIF -->

27
SECURITY.md Normal file
View File

@@ -0,0 +1,27 @@
# Security Policy
## Supported Versions
| Version | Supported |
|---------|-----------|
| Latest | ✅ |
## Architecture
PinchChat is a **static frontend** — it runs entirely in the browser. There is no server-side component.
- Gateway credentials are entered at runtime and stored in `localStorage`
- No secrets are baked into the build
- All communication happens over WebSocket to your own OpenClaw gateway
## Reporting a Vulnerability
If you discover a security issue, please **do not** open a public issue.
Instead, email **contact@nicolasvarrot.fr** with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.