Skip to content

chore: add community health files and CI improvements#14

Open
dihannahdi wants to merge 1 commit intoUniversal-Commerce-Protocol:mainfrom
dihannahdi:chore/community-health-and-ci
Open

chore: add community health files and CI improvements#14
dihannahdi wants to merge 1 commit intoUniversal-Commerce-Protocol:mainfrom
dihannahdi:chore/community-health-and-ci

Conversation

@dihannahdi
Copy link

@dihannahdi dihannahdi commented Feb 22, 2026

Summary

Adds essential community health files and CI hardening for the ucp-schema project.

Changes

New Files

  • CONTRIBUTING.md — Comprehensive contributing guide covering prerequisites, development workflow (Makefile targets, feature flags, project layout), PR process with conventional commits, coding standards, testing guidelines, and CLA instructions.
  • SECURITY.md — Security policy with vulnerability reporting instructions (GitHub Security Advisories), response timeline, and scope definition.
  • .github/dependabot.yml — Automated dependency updates for both Cargo crates and GitHub Actions (weekly schedule, conventional commit prefixes).

CI Improvements (ci.yml)

  • MSRV check job — Installs Rust 1.70 (the declared
    ust-version) and runs \cargo check --all-targets\ to catch accidental use of newer language features.
  • No-default-features job — Builds and tests without the
    emote\ feature flag to verify the codebase compiles correctly in offline-only mode.
  • Updated the \�uild\ job's
    eeds\ to gate on the two new jobs.

Category

  • Core Protocol
  • Infrastructure
  • Documentation
  • UCP Schema
  • Community Health (.github)

Checklist

  • I have read the contributing guidelines
  • My changes follow the project's coding standards
  • I have tested my changes locally
  • CI checks are expected to pass

@dihannahdi
chore: add community health files and CI improvements
48165e0 
- Add CONTRIBUTING.md with development workflow, PR process, and coding standards
- Add SECURITY.md with vulnerability reporting policy and response timeline
- Add .github/dependabot.yml for automated Cargo and GitHub Actions updates
- Add MSRV (1.70) check job to CI to validate rust-version claim
- Add no-default-features job to CI to verify builds without remote support
@dihannahdi dihannahdi requested a review from a team as a code owner February 22, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dihannahdi