Skip to content

docs: add community health files for A+ portfolio standards#26

Merged
donny-devops merged 1 commit into
mainfrom
enhancement/a-plus-upgrade
Jul 7, 2026
Merged

docs: add community health files for A+ portfolio standards#26
donny-devops merged 1 commit into
mainfrom
enhancement/a-plus-upgrade

Conversation

@donny-devops

Copy link
Copy Markdown
Owner

Changes

  • Add CONTRIBUTING.md with comprehensive contribution guidelines
  • Add SUPPORT.md with clear support channels and response times
  • Add CHANGELOG.md following Keep a Changelog format

Context

Part of portfolio A+ upgrade initiative to achieve top 1% GitHub profile standards.

Impact

  • ✅ Improves open-source readiness
  • ✅ Sets clear expectations for contributors
  • ✅ Provides structured support channels
  • ✅ Enables semantic versioning tracking

Docs-only addition, safe to merge.

- CONTRIBUTING.md: comprehensive contribution guidelines
- SUPPORT.md: clear support channels and response times
- CHANGELOG.md: semantic versioning change log template

Part of portfolio A+ upgrade initiative.
Copilot AI review requested due to automatic review settings July 7, 2026 17:09
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@amazon-q-developer amazon-q-developer Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

This PR adds community health files to improve the repository's open-source standards. However, there are several critical issues that need to be addressed before merging:

Critical Issues Found

  1. PII Exposure: Personal name exposed in LinkedIn URL (SUPPORT.md)
  2. Broken References: Multiple references to non-existent files (CODE_OF_CONDUCT.md, SECURITY.md, LICENSE)
  3. Invalid Links: Placeholder version tag in CHANGELOG.md will cause 404 errors
  4. Wrong Technology Stack: Python examples in a Node.js/TypeScript project

Recommended Actions

  • Fix broken file references and links
  • Remove or genericize PII from documentation
  • Align examples with the actual project technology stack
  • Consider adding the referenced files (CODE_OF_CONDUCT.md, SECURITY.md) in a follow-up PR

Once these issues are resolved, this will be a valuable addition to the repository's documentation.


You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

Comment thread CONTRIBUTING.md

## Code of Conduct

This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to uphold this code.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove reference to CODE_OF_CONDUCT.md as this file is not included in the PR and does not exist in the repository. The broken link will confuse contributors.

Suggested change
This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to uphold this code.
This project follows the Contributor Covenant Code of Conduct. By participating, you agree to uphold this code.

Comment thread CONTRIBUTING.md
Comment on lines +21 to +23
# Install dependencies (see README for specifics)
# Example for Python projects:
# pip install -e ".[dev]"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove Python-specific example from a Node.js/TypeScript project. This causes confusion for contributors attempting to set up the development environment.

Suggested change
# Install dependencies (see README for specifics)
# Example for Python projects:
# pip install -e ".[dev]"
# Install dependencies (see README for specifics)
npm install

Comment thread SUPPORT.md
Comment on lines +33 to +34
- See [SECURITY.md](SECURITY.md) for responsible disclosure process
- Email security concerns to the maintainer (see SECURITY.md)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove references to SECURITY.md as this file is not included in the PR and does not exist in the repository. Contributors attempting to report security vulnerabilities will encounter broken links.

Suggested change
- See [SECURITY.md](SECURITY.md) for responsible disclosure process
- Email security concerns to the maintainer (see SECURITY.md)
- Email security concerns to the maintainer at <security_email>
- Use responsible disclosure practices when reporting vulnerabilities

Comment thread CHANGELOG.md
- Security fixes and improvements
```

[Unreleased]: https://github.com/donny-devops/node-ts-api-gateway/compare/vX.Y.Z...HEAD

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the placeholder vX.Y.Z with a valid version tag or remove the comparison link until a first release is published. The current link will return a 404 error.

Suggested change
[Unreleased]: https://github.com/donny-devops/node-ts-api-gateway/compare/vX.Y.Z...HEAD
[Unreleased]:

Comment thread SUPPORT.md

For private inquiries or collaboration:
- **GitHub**: [@donny-devops](https://github.com/donny-devops)
- **LinkedIn**: [Adonis Jimenez](https://www.linkedin.com/in/adonis-jimenez-01a42a245/)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 PII Exposure: Replace personal name in LinkedIn URL with a placeholder to avoid exposing personally identifiable information in public documentation.

Suggested change
- **LinkedIn**: [Adonis Jimenez](https://www.linkedin.com/in/adonis-jimenez-01a42a245/)
- **LinkedIn**: [<maintainer_name>](<linkedin_profile_url>)

@ecc-tools

ecc-tools Bot commented Jul 7, 2026

Copy link
Copy Markdown

Analyzing 200 commits...

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds documentation files including CHANGELOG.md, CONTRIBUTING.md, and SUPPORT.md. The review feedback points out that the development setup in CONTRIBUTING.md incorrectly references Python commands instead of Node.js commands, several relative links in SUPPORT.md are broken, and CONTRIBUTING.md links to a non-existent CODE_OF_CONDUCT.md file.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread CONTRIBUTING.md
Comment on lines +21 to +26
# Install dependencies (see README for specifics)
# Example for Python projects:
# pip install -e ".[dev]"

# Run tests
# See README.md for project-specific test commands

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This repository is a Node.js/TypeScript project, but the development setup instructions contain Python-specific commands (pip install). Please update these instructions to use Node.js commands (such as npm install and npm test) to match the project's actual tech stack.

Suggested change
# Install dependencies (see README for specifics)
# Example for Python projects:
# pip install -e ".[dev]"
# Run tests
# See README.md for project-specific test commands
# Install dependencies
npm install
# Run tests
npm test

Comment thread SUPPORT.md
Comment on lines +10 to +11
- **Issues**: Check [existing issues](../../issues) - your question may already be answered
- **Discussions**: Browse [GitHub Discussions](../../discussions) (if enabled) for Q&A and community support

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Since SUPPORT.md is located in the root directory of the repository (rather than in a .github/ subdirectory), the relative links ../../issues and ../../discussions will resolve incorrectly (resulting in 404 errors on GitHub). Using root-relative paths starting with / will ensure these links resolve correctly to the repository's tabs.

Suggested change
- **Issues**: Check [existing issues](../../issues) - your question may already be answered
- **Discussions**: Browse [GitHub Discussions](../../discussions) (if enabled) for Q&A and community support
- **Issues**: Check [existing issues](/issues) - your question may already be answered
- **Discussions**: Browse [GitHub Discussions](/discussions) (if enabled) for Q&A and community support

Comment thread CONTRIBUTING.md

## Code of Conduct

This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to uphold this code.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The repository does not currently contain a CODE_OF_CONDUCT.md file, so this relative link will result in a 404 error. Please either add the CODE_OF_CONDUCT.md file to the repository, link to an external Code of Conduct URL, or remove/comment out this section until the file is added.

Suggested change
This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to uphold this code.
This project follows the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/). By participating, you agree to uphold this code.

@ecc-tools

ecc-tools Bot commented Jul 7, 2026

Copy link
Copy Markdown

Analysis Complete

Generated ECC bundle from 1 commits | Confidence: 50%

View Pull Request #27

Repository Profile
Attribute Value
Language TypeScript
Framework Not detected
Commit Convention conventional
Test Directory separate
Changed Files (3)
Metric Value
Files changed 3
Additions 202
Deletions 0

Top hotspots

Path Status +/-
CONTRIBUTING.md added +83 / -0
SUPPORT.md added +61 / -0
CHANGELOG.md added +58 / -0

Top directories

Directory Files Total changes
. 3 202
Analysis Depth Readiness (commit-history, 7%)

ECC Tools uses this to decide whether recommendations should stay at commit-history/setup guidance or expand into CI, security, harness, reference-set, AI-routing, and team backlog work.

Area Status Evidence / Next Step
Commit history Partial 1 commits sampled
CI/CD signals Missing Add workflow files or CI troubleshooting evidence so ECC Tools can reason about pipeline setup.
Security evidence Missing Add AgentShield, audit, SARIF, SBOM, or security review evidence so recommendations can cover security posture.
Harness configuration Missing Add Claude, Codex, OpenCode, Zed, dmux, MCP, plugin, or cross-harness config evidence for harness-agnostic recommendations.
Reference/eval evidence Missing Add fixtures, golden traces, reference sets, or evaluator benchmarks so deeper recommendations have regression evidence.
AI routing and cost controls Missing Add model-routing, budget, usage, or cost-control files before relying on AI-heavy automation recommendations.
Team handoff and project tracking Missing Add roadmap, runbook, project, Linear, or follow-up tracking docs so generated work can land in a team queue.
Reference Set Readiness (0/7, 0%)
Area Status Evidence / Next Step
Deep analyzer corpus Missing Add analyzer fixture, golden, benchmark, or reference-set files that can catch analyzer regressions.
RAG/evaluator comparison Missing Add retrieval or evaluator reference-set comparison fixtures with expected ranking behavior.
PR salvage/review corpus Missing Add stale-PR, review-thread, reopen-flow, or salvage reference cases for queue cleanup automation.
Discussion triage corpus Missing Add public discussion triage fixtures, golden cases, or reference sets for informational, answered, and no-response classifications.
Harness compatibility Missing Add cross-harness, adapter-compliance, or harness-audit evidence for Claude, Codex, OpenCode, Zed, dmux, and agent surfaces.
Security evidence Missing Attach security evidence such as SBOMs, SARIF, audit reports, or AgentShield evidence packs.
CI failure-mode evidence Missing Add captured CI failure logs, dry-run fixtures, or troubleshooting docs for common workflow failure modes.
Review Activity (2 reviews, 8 inline comments, 8 unresolved threads)
Signal Count
Approvals 0
Change requests 0
Comment-only reviews 2
Dismissed reviews 0
Pending reviews 0
Review threads 8
Unresolved threads 8
Outdated threads 0
Latest review Commented
Latest submitted at 2026-07-07T17:11:04Z

Top unresolved thread files

Path Unresolved Outdated
CONTRIBUTING.md 4 0
SUPPORT.md 3 0
CHANGELOG.md 1 0

Latest reviewer states

Reviewer State Submitted
@Amazon-Q-Developer[bot] Commented 2026-07-07T17:10:28Z
@gemini-code-assist[bot] Commented 2026-07-07T17:11:04Z
Review Follow-up Signals (2)
Severity Signal Evidence
HIGH Clear unresolved review threads 8 unresolved review thread(s) remain
MEDIUM Get an explicit approval No approving review is recorded for this PR

Recommended next actions

  • Resolve, reply to, or explicitly carry forward each unresolved thread before treating the PR as review-complete.
  • Ask for an approval after requested changes and unresolved discussions are addressed.
  • Prioritize CONTRIBUTING.md (4 unresolved thread(s), 0 outdated).
  • Prioritize SUPPORT.md (3 unresolved thread(s), 0 outdated).
  • Prioritize CHANGELOG.md (1 unresolved thread(s), 0 outdated).
Generated Instincts (15)
Domain Count
git 4
code-style 9
testing 2

After merging, import with:

/instinct-import .claude/homunculus/instincts/inherited/node-ts-api-gateway-instincts.yaml

Files

  • .claude/ecc-tools.json
  • .claude/skills/node-ts-api-gateway/SKILL.md
  • .agents/skills/node-ts-api-gateway/SKILL.md
  • .agents/skills/node-ts-api-gateway/agents/openai.yaml
  • .claude/identity.json
  • .codex/config.toml
  • .codex/AGENTS.md
  • .codex/agents/explorer.toml
  • .codex/agents/reviewer.toml
  • .codex/agents/docs-researcher.toml
  • .claude/homunculus/instincts/inherited/node-ts-api-gateway-instincts.yaml

ECC Tools | Everything Claude Code

@donny-devops donny-devops merged commit f8a7405 into main Jul 7, 2026
10 of 12 checks passed
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 96ca99d678

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread SUPPORT.md
**Do not open public issues for security vulnerabilities.**

- See [SECURITY.md](SECURITY.md) for responsible disclosure process
- Email security concerns to the maintainer (see SECURITY.md)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Provide the private security contact you reference

This new support path tells reporters to email security concerns via SECURITY.md, but the repository's SECURITY.md contains no email address and only says to use GitHub private vulnerability reporting "if enabled" or contact the maintainer directly. In repositories without private vulnerability reporting enabled, a reporter following these instructions is left with no concrete private disclosure channel after being told not to open a public issue.

Useful? React with 👍 / 👎.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds community health documentation intended to improve the repository’s open-source readiness and support/contribution workflows.

Changes:

  • Added a CONTRIBUTING.md guide describing contribution workflow and PR expectations.
  • Added a SUPPORT.md page listing support channels, response times, and security reporting guidance.
  • Added a CHANGELOG.md scaffold based on Keep a Changelog / SemVer.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
CONTRIBUTING.md Adds contribution workflow and development expectations; needs minor corrections to align with this repo and avoid broken links.
SUPPORT.md Documents support channels and guidance; needs wording tweaks to match current repo configuration (no issue templates).
CHANGELOG.md Adds changelog scaffold; should better align with Keep a Changelog conventions given current project versioning.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CONTRIBUTING.md
Comment on lines +21 to +26
# Install dependencies (see README for specifics)
# Example for Python projects:
# pip install -e ".[dev]"

# Run tests
# See README.md for project-specific test commands
Comment thread CONTRIBUTING.md
Comment on lines +67 to +69
## Code of Conduct

This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you agree to uphold this code.
Comment thread SUPPORT.md
### 🐛 Found a Bug?

1. **Search existing issues** to see if it's already reported
2. If not found, **open a new issue** using the bug report template
Comment thread SUPPORT.md

### 💡 Feature Requests

- Open an issue with the **feature request** template
Comment thread CHANGELOG.md
Comment on lines +8 to +31
## [Unreleased]

### Added
- Initial release with core functionality
- Comprehensive documentation
- CI/CD pipeline with security scanning
- Docker support

### Changed
- N/A

### Deprecated
- N/A

### Removed
- N/A

### Fixed
- N/A

### Security
- Added security scanning with Trivy and Gitleaks
- Implemented harden-runner for supply chain security

Comment thread CHANGELOG.md
### Added
- New features

### Changed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants