From 5868505dae9017f0b1d0c105f7d963055489d9ce Mon Sep 17 00:00:00 2001 From: offbyonebit <83889256+offbyonebit@users.noreply.github.com> Date: Thu, 7 May 2026 08:48:39 -0500 Subject: [PATCH] Add community standards files - CODE_OF_CONDUCT.md: Contributor Covenant 2.1 - CONTRIBUTING.md: Contribution guidelines - SECURITY.md: Security policy with vulnerability reporting - Issue templates: bug_report, feature_request, general_issue - Pull request template --- .github/ISSUE_TEMPLATE/bug_report.yml | 74 ++++++++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 43 +++++++ .github/ISSUE_TEMPLATE/general_issue.yml | 32 +++++ .github/PULL_REQUEST_TEMPLATE.md | 43 +++++++ CODE_OF_CONDUCT.md | 132 +++++++++++++++++++++ CONTRIBUTING.md | 86 ++++++++++++++ SECURITY.md | 82 +++++++++++++ 7 files changed, 492 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/ISSUE_TEMPLATE/general_issue.yml create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..6a11d35 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,74 @@ +--- +name: Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["bug"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + - type: textarea + id: description + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + placeholder: Tell us what you see! + validations: + required: true + - type: textarea + id: reproduction + attributes: + label: To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + 1. Go to '...' + 2. Click on '...' + 3. See error + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected behavior + description: A clear and concise description of what you expected to happen. + validations: + required: true + - type: dropdown + id: os + attributes: + label: Operating System + description: Which operating system are you using? + options: + - Windows + - macOS + - Linux + validations: + required: true + - type: input + id: version + attributes: + label: ClipSync Version + description: What version of ClipSync are you running? + placeholder: e.g., v1.2.3 + validations: + required: true + - type: input + id: python + attributes: + label: Python Version + description: What version of Python are you using? + placeholder: e.g., 3.11.5 + validations: + required: true + - type: textarea + id: logs + attributes: + label: Relevant logs + description: Please copy and paste any relevant log output. This will be automatically formatted into code. + render: text + - type: textarea + id: context + attributes: + label: Additional context + description: Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..a93e667 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,43 @@ +--- +name: Feature Request +description: Suggest an idea for this project +title: "[Feature]: " +labels: ["enhancement"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to suggest a feature! + - type: textarea + id: problem + attributes: + label: Is your feature request related to a problem? + description: A clear and concise description of what the problem is. + placeholder: I'm always frustrated when... + - type: textarea + id: solution + attributes: + label: Describe the solution you'd like + description: A clear and concise description of what you want to happen. + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Describe alternatives you've considered + description: A clear and concise description of any alternative solutions or features you've considered. + - type: dropdown + id: os + attributes: + label: Operating System + description: Which operating system(s) would this feature apply to? + multiple: true + options: + - Windows + - macOS + - Linux + - type: textarea + id: context + attributes: + label: Additional context + description: Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/general_issue.yml b/.github/ISSUE_TEMPLATE/general_issue.yml new file mode 100644 index 0000000..e223fe6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/general_issue.yml @@ -0,0 +1,32 @@ +--- +name: General Issue +description: File a general issue or question +title: "[Issue]: " +labels: ["question"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this issue! + - type: textarea + id: description + attributes: + label: Describe the issue or question + description: A clear and concise description of your issue or question. + validations: + required: true + - type: dropdown + id: os + attributes: + label: Operating System + description: Which operating system are you using? + options: + - Windows + - macOS + - Linux + - Not applicable + - type: textarea + id: context + attributes: + label: Additional context + description: Add any other context about the issue here. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e986e82 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,43 @@ + + +## Description + + +## Related Issue + + +## Type of Change + + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Documentation update +- [ ] Code cleanup or refactoring +- [ ] Test addition or update + +## Testing + + +- [ ] I have run existing tests and they pass +- [ ] I have added new tests for my changes (if applicable) +- [ ] I have tested on Windows +- [ ] I have tested on macOS +- [ ] I have tested on Linux + +## Checklist + + +- [ ] My code follows the project's code style +- [ ] I have added type hints where appropriate +- [ ] I have updated documentation (if needed) +- [ ] I have checked that linting passes (`ruff check .`) +- [ ] I have checked that type checking passes (`mypy clipsync/`) + +## Screenshots + + +## Additional Notes + diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..1b4873c --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement by opening +an issue or by contacting @offbyonebit on GitHub. All complaints will be reviewed and investigated +promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, during this period is allowed. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..8423789 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,86 @@ +# Contributing to ClipSync + +Thank you for considering contributing to ClipSync! This guide will help you +get started. + +## How to Contribute + +### Reporting Bugs + +Before creating bug reports, please check the existing issues to see if the +problem has already been reported. When creating a bug report, include: + +* A clear and descriptive title +* Steps to reproduce the behavior +* Expected vs actual behavior +* Your operating system and Python version +* Any relevant logs or error messages + +### Suggesting Features + +Feature suggestions are welcome! Before submitting, please: + +* Check if the feature already exists or has been suggested +* Explain the use case and why it would be valuable +* Describe how it should work + +### Pull Requests + +1. Fork the repository +2. Create a new branch for your feature or bug fix: + ```bash + git checkout -b feature/your-feature-name + ``` +3. Make your changes +4. Run tests if applicable: + ```bash + python -m pytest tests/ + ``` +5. Run linting: + ```bash + ruff check . + mypy clipsync/ + ``` +6. Commit your changes with clear, descriptive commit messages +7. Push to your fork and submit a pull request + +## Development Setup + +1. Clone the repository: + ```bash + git clone https://github.com/offbyonebit/clipsync.git + cd clipsync + ``` + +2. Create a virtual environment: + ```bash + python -m venv .venv + source .venv/bin/activate # On Windows: .venv\Scripts\activate + ``` + +3. Install dependencies: + ```bash + pip install -r requirements.txt + ``` + +4. Run ClipSync: + ```bash + python -m clipsync + ``` + +## Code Style + +* Follow PEP 8 style guidelines +* Use type hints where possible +* Keep functions focused and modular +* Write docstrings for public APIs + +## Testing + +* Write tests for new functionality +* Ensure existing tests pass +* Test on multiple platforms if possible (Windows, macOS, Linux) + +## Questions? + +Feel free to open an issue for any questions or discussions about contributing. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..7bfd5f9 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,82 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| Latest | :white_check_mark: | +| < Latest| :x: | + +We recommend always using the latest version of ClipSync for the most secure +experience. + +## Reporting a Vulnerability + +We take the security of ClipSync seriously. If you discover a security +vulnerability, please follow these steps: + +### How to Report + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them by contacting @offbyonebit on GitHub via direct message +or create a draft security advisory in the repository. + +You should receive a response within 48 hours. If for some reason you do not, +please follow up to ensure we received your original message. + +### What to Include + +Please include the following information in your report: + +* Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.) +* Full paths of source file(s) related to the issue +* Location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit it + +### Preferred Languages + +We prefer all communications to be in English. + +## Security Best Practices + +When using ClipSync, follow these best practices: + +1. **Keep your encryption passphrase secure** - If you enable at-rest + encryption, use a strong, unique passphrase and share it only with trusted + devices. + +2. **Verify device IDs** - When pairing devices, always verify the device ID + through the QR code or manual entry to prevent man-in-the-middle attacks. + +3. **Keep Syncthing updated** - ClipSync relies on Syncthing for peer-to-peer + communication. Ensure your Syncthing installation is kept up to date. + +4. **Monitor connected devices** - Regularly review the list of paired devices + and remove any that are no longer needed. + +5. **Use firewall rules** - Consider restricting Syncthing's network access + to only trusted networks if you're concerned about exposure. + +## Disclosure Policy + +Once a security issue is reported: + +1. We will acknowledge receipt of your report within 48 hours +2. We will investigate the issue and confirm the vulnerability +3. We will develop a fix and test it thoroughly +4. We will release a security update and publish an advisory +5. We will credit the reporter (unless you prefer to remain anonymous) + +We aim to resolve critical vulnerabilities within 30 days of disclosure. + +## Security Updates + +Security updates will be announced via: + +* GitHub Releases with security advisories +* Updates to the SECURITY.md file +* Direct notification to affected users for critical issues