From 1aefdd0ab0250e172e4bdfa40cbaebfdab356bc7 Mon Sep 17 00:00:00 2001
From: lestephen <30328443+lestephen@users.noreply.github.com>
Date: Fri, 6 Mar 2026 23:57:21 -0800
Subject: [PATCH 1/5] Add CI workflow and Dependabot configuration

CI runs lint and tests on push/PR to master using Node 20.
Dependabot checks npm dependencies weekly and GitHub Actions monthly.
---
 .github/dependabot.yml   | 20 ++++++++++++++++++++
 .github/workflows/ci.yml | 25 +++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..06d1f96
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+    target-branch: master
+    open-pull-requests-limit: 10
+    groups:
+      production:
+        dependency-type: production
+      dev:
+        dependency-type: development
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    target-branch: master
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..8b7d173
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,25 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  lint-and-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+
+      - run: npm ci
+
+      - run: npm run lint
+
+      - run: npm run test:run

From 8abbd7e314a7217adec153d432078933d57c2e34 Mon Sep 17 00:00:00 2001
From: lestephen <30328443+lestephen@users.noreply.github.com>
Date: Fri, 6 Mar 2026 23:57:25 -0800
Subject: [PATCH 2/5] Add security policy, PR template, and bug report issue
 template

- SECURITY.md with supported versions and reporting instructions
- PR template with summary and test plan checklist
- Bug report template alongside existing AI content report template
---
 .github/ISSUE_TEMPLATE/bug-report.md | 34 ++++++++++++++++++++++++++++
 .github/pull_request_template.md     |  9 ++++++++
 SECURITY.md                          | 34 ++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md
 create mode 100644 .github/pull_request_template.md
 create mode 100644 SECURITY.md

diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
new file mode 100644
index 0000000..b7b74a6
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -0,0 +1,34 @@
+---
+name: Bug Report
+about: Report a bug or unexpected behavior
+title: ''
+labels: 'bug'
+assignees: ''
+---
+
+## Description
+<!-- A clear and concise description of the bug -->
+
+
+## Steps to Reproduce
+
+1.
+2.
+3.
+
+## Expected Behavior
+<!-- What you expected to happen -->
+
+
+## Actual Behavior
+<!-- What actually happened -->
+
+
+## Environment
+
+- **OS**: <!-- e.g., Windows 11, macOS 15 -->
+- **App Version**: <!-- e.g., 1.1.0 -->
+- **Install Source**: <!-- Microsoft Store / Mac App Store / GitHub Release -->
+
+## Additional Context
+<!-- Screenshots, logs, or any other relevant information -->
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..028f4de
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+## Summary
+
+<!-- Brief description of the changes -->
+
+## Test Plan
+
+- [ ] Ran `npm run lint` with no errors
+- [ ] Ran `npm run test:run` with all tests passing
+- [ ] Tested manually in dev mode (`npm start`)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..6bf1d38
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.1.x   | Yes                |
+| < 1.1   | No                 |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Compose Booster, please report it responsibly.
+
+**Do not open a public issue.**
+
+Instead, use one of these methods:
+
+1. **GitHub Private Vulnerability Reporting** - Use the [Security Advisories](https://github.com/lestephen/compose-booster/security/advisories/new) page to report privately.
+2. **Email** - Send details to the maintainer via the email listed on the [GitHub profile](https://github.com/lestephen).
+
+### What to Include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+### Response Timeline
+
+- **Acknowledgment** within 48 hours
+- **Initial assessment** within 1 week
+- **Fix or mitigation** as soon as practical, depending on severity
+
+We appreciate responsible disclosure and will credit reporters in the release notes (unless you prefer to remain anonymous).

From 132532a11d5c0a2b142f62b6b980299641f87775 Mon Sep 17 00:00:00 2001
From: lestephen <30328443+lestephen@users.noreply.github.com>
Date: Fri, 6 Mar 2026 23:57:28 -0800
Subject: [PATCH 3/5] Remove AI attribution example from commit message
 template

The project convention is to keep commit messages clean without
AI-generated annotations.
---
 CONTRIBUTING.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 4857beb..7ad31d8 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -293,11 +293,7 @@ python scripts/add_license_headers.py
    ```bash
    git commit -m "Add feature: your feature description
 
-   Detailed explanation of changes...
-
-   🤖 Generated with [Claude Code](https://claude.com/claude-code)
-
-   Co-Authored-By: Your Name <your-email@example.com>"
+   Detailed explanation of changes..."
    ```
 
 5. **Push to your fork**

From 0d4f87f4597845505d3a30e8dfa7ca92fc63fc44 Mon Sep 17 00:00:00 2001
From: lestephen <30328443+lestephen@users.noreply.github.com>
Date: Fri, 6 Mar 2026 23:57:33 -0800
Subject: [PATCH 4/5] Pin Node version to 20 via .nvmrc

---
 .nvmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .nvmrc

diff --git a/.nvmrc b/.nvmrc
new file mode 100644
index 0000000..209e3ef
--- /dev/null
+++ b/.nvmrc
@@ -0,0 +1 @@
+20

From c9a33a0ce0f5a59295c7bbb1a303f44999d9fa16 Mon Sep 17 00:00:00 2001
From: lestephen <30328443+lestephen@users.noreply.github.com>
Date: Fri, 6 Mar 2026 23:59:02 -0800
Subject: [PATCH 5/5] Fix eslint import/no-unresolved error in vitest.config.ts

The vitest/config import works correctly but the eslint import
resolver cannot locate it. Suppress the false positive so CI
lint passes cleanly.
---
 vitest.config.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vitest.config.ts b/vitest.config.ts
index a5aa588..3c567f9 100644
--- a/vitest.config.ts
+++ b/vitest.config.ts
@@ -4,6 +4,7 @@
 //
 // Copyright (c) 2025 Stephen Le
 
+// eslint-disable-next-line import/no-unresolved
 import { defineConfig } from 'vitest/config';
 import path from 'path';