diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e2145ff --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,25 @@ +## Description + + + +## Type of Change + +- [ ] ๐Ÿ› Bug fix +- [ ] โœจ New feature +- [ ] ๐Ÿ’… Style / UI change +- [ ] โ™ป๏ธ Refactor (no behavior change) +- [ ] ๐Ÿ“ Documentation +- [ ] ๐Ÿงช Tests +- [ ] ๐Ÿ”ง Build / CI / tooling + +## Checklist + +- [ ] `npm run build` passes with zero errors +- [ ] Tested in browser (dev server or production build) +- [ ] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) +- [ ] No secrets or credentials included +- [ ] Translations updated in `src/lib/i18n.ts` if UI text changed + +## Screenshots + + diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..9f5edc5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,27 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|---------|-----------| +| Latest | โœ… | + +## Architecture + +PinchChat is a **static frontend** โ€” it runs entirely in the browser. There is no server-side component. + +- Gateway credentials are entered at runtime and stored in `localStorage` +- No secrets are baked into the build +- All communication happens over WebSocket to your own OpenClaw gateway + +## Reporting a Vulnerability + +If you discover a security issue, please **do not** open a public issue. + +Instead, email **contact@nicolasvarrot.fr** with: + +- A description of the vulnerability +- Steps to reproduce +- Potential impact + +You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.