docs: contributor guide improvements proposal

[diberry]

What

Proposal for improving contributor-facing documentation so external contributors can be successful without repeated guidance from maintainers.

Why

Only 4 external PRs in the last 100 (2 closed without merge due to friction). No issue templates, no good-first-issues tagged, no .squad/ explainer, no CODE_OF_CONDUCT, no contributor FAQ. Brady and Tamir answer the same questions repeatedly.

How

Audited all contributor-related files on dev. Reviewed 4 external PRs for friction patterns. Identified 8 gaps. Proposes 7 deliverables in priority order:

• P1: Issue templates (.github/ISSUE_TEMPLATE/), good-first-issue curation, .squad/ explainer
• P2: CODE_OF_CONDUCT.md, contributor FAQ, README contributing section
• P3: SECURITY.md typo fix

Full analysis at docs/proposals/contributor-guide-improvements.md.

Testing

• N/A — documentation-only change

Docs

• Proposal document created at docs/proposals/contributor-guide-improvements.md

Exports

N/A

Breaking Changes

None

Waivers

Waived: (c) Code Quality (tests) — documentation-only change, structural exemption per PR_REQUIREMENTS.md

[diberry]

🔒 Security Review: PR #702 Contributor Guide Improvements

Summary

Reviewed the contributor guide proposal with focus on SECURITY.md changes, .squad directory guidance, and issue template security implications. Overall: APPROVED with strong recommendations on CI hardening and information disclosure considerations.

---

✅ Approved Areas

1. SECURITY.md Typo Fix (P3)

• Minor typo correction ("manor" → "manner") is harmless and improves professionalism
• No security implications
• 👍 Approve

2. .squad/ Directory Explainer (P1)

• Excellent security boundary clarification: Clear directive that external contributors should NOT modify .squad/ files
• Prevents accidental (or malicious) changes to internal team state
• Proposed language is clear: "❌ Do NOT modify any files in .squad/ in your PRs"
• However, RECOMMEND: Add automated enforcement
  • Add a .squad/.gitattributes with �xport-ignore or
  • Add a CI check to fail PRs that modify .squad/* files with a helpful message
  • This shifts from "please don't" to "can't" — much stronger defense

3. Issue Templates (P1)

• Good: Bug reports require version, environment, reproduction steps — reduces security-relevant information gaps
• Good: Structured templates reduce accidental exposure of sensitive info in unstructured reports
• Important clarification needed: Templates should remind users NOT to include:
  • Credentials, API keys, or personal tokens
  • Sensitive environment configuration
  • Real usernames/emails in examples

4. CI Hardening Changes

• Excellent additions observed in workflow files:
  • ✅ GitHub API rate limit monitoring (prevents enumeration/brute force risks)
  • ✅ npm registry health checks (prevents MITM during publish)
  • ✅ Lockfile stability checks (prevents dependency confusion attacks)
  • ✅ Composite action deduplication (reduces maintenance burden, improves auditability)
• These are solid defense-in-depth improvements

---

⚠️ Recommendations (Non-Blocking)

1. Automated .squad/ PR Rejection

Consider a pre-commit hook or CI check that automatically rejects PRs containing .squad/ changes:
\\yaml

• name: "🚫 Reject .squad/ modifications"
  run: |
  if git diff --name-only HEAD~1 | grep -q "^\.squad/"; then
  echo "Error: PR contains modifications to .squad/ (off-limits for external contributors)"
  exit 1
  fi
  \\

2. Issue Template Security Section

Add a "⚠️ Security" subsection in bug/feature templates:
\\markdown

⚠️ Security Reminder

• Do NOT include API keys, tokens, credentials, or passwords in this issue
• Do NOT share private configuration or email addresses
• If reporting a security vulnerability, use [GitHub Private Vulnerability Reporting](link to SECURITY.md)
  \\

3. FAQ Entry on Vulnerability Reporting

The P2 FAQ mentions "What's the .squad/ directory?" but should also include:

• "How do I report a security vulnerability?" → Link to SECURITY.md Private Vulnerability Reporting

4. Contributor FAQ: Information Disclosure

Recommend adding to P2 FAQ:

• "What shouldn't I include in bug reports?" → Keys, credentials, PII, internal paths, versions of internal tools

---

🔍 What Works Well

1. Clear .squad/ boundary — Prevents information disclosure and team-internal state changes
2. Structured issue templates — Enables consistent security information collection
3. CI hardening thoughtfulness — Rate limiting, registry health, lockfile validation show threat modeling
4. Proposal-driven approach — Well-documented rationale makes future audits easier

---

🎯 Summary

APPROVED. This PR meaningfully improves the contributor onboarding experience while introducing no new security risks. The CI hardening additions are particularly strong. I recommend adding automated .squad/ rejection as a follow-up PR (separate from this one) to move from policy to enforcement.

---

Reviewed by: RETRO (Security Specialist, Squad SDK/CLI)

[diberry]

✅ DevRel Review: Contributor Guide Improvements Proposal

Reviewer: PAO (DevRel) | Context: Contributor experience, OSS best practices

---

Overview

Flight's proposal is excellent — it's data-driven, prioritized, scoped, and directly addresses real friction patterns. This is exactly the kind of audit-first approach that prevents premature optimization and fixes actual problems.

---

Strengths

1. Empirical Foundation ⭐

• The audit is concrete: 4 external PRs analyzed, 8 gaps identified, friction patterns documented
• "Only 4 external PRs in last 100" is a clear signal
• PR feat: add cursor positioning and selection to InputPrompt #639 / Dev #633 case studies show cold-start problem — this is the root issue, not just missing docs

This matters: Proposals grounded in data = higher adoption and trust

2. Clear Prioritization

• P1/P2/P3 structure with effort estimates is actionable
• Execution plan suggested (2a+2c+2e+2f+2g as one PR, 2b as separate)
• Success criteria are measurable and contributor-centric

This matters: Prevents "nice to have" scope creep

3. Contributor-Centric Language

The proposal speaks from contributor POV:

• "cold start problem"
• "no on-ramp"
• "wasted effort on doomed features"

This is important for DevRel: It shows empathy and reframes as enabling success, not policing contributions.

---

Detailed Feedback

✅ Items 2a–2f (GitHub UX / Docs)

2a. Issue Templates — STRONG

• YAML form enforcement > markdown (💯 best practice)
• Auto-labels per type (saves triager time)
• Concrete fields: version, OS, reproduction steps
• Suggestion: Consider adding
  eproducible: yes/no checkbox in bug template — marks confirmed vs. needs triage

2b. Good First Issue Curation — ALIGNED

• "5–10 issues" is realistic (not 50)
• "Getting Started" comment format is actionable
• Workflow documentation prevents label decay

2c. .squad/ Explainer — CRITICAL & MISSING

Excellent catch. The proposed text is clear:
`

• ❌ Do NOT modify any files in .squad/ in your PRs
• ✅ You can READ .squad/decisions.md
  `
• Add to CONTRIBUTING.md under a new section (good placement)
• Future: Consider a CI gate (prevent-squad-changes in actions) — out of scope here but flag it as follow-up

2d. CODE_OF_CONDUCT.md — STANDARD & TRUSTED

• Contributor Covenant v2.1 is industry standard ✓
• Brady as enforcement contact is clear ✓
• Suggestion: Add link in CONTRIBUTING.md Footer (TL;DR section) — contributors may skip it otherwise

2e. Contributor FAQ — HIGH IMPACT

Topics are perfect:

• "Which branch?" (people WILL get this wrong)

• "Do I need a changeset?" (repeated question)

• "How do I know what's safe to work on?" (prevents feat: add cursor positioning and selection to InputPrompt #639 pattern)

• "My PR CI is failing" (common blocker)

• Suggestion: Consider a "CI Failures Quick Diagnostic" with inline links to actual logs/steps — that's where most struggle

2f. README Contributing Section — DISCOVERY WIN

The emoji-led "Ways to Contribute" format is inviting and clear. Good job on:

• ✅ Placing it early (discovery)
• ✅ Linking to templates (guides via issue creation)
• ✅ Bold callout on dev branch

---

⚠️ Items to Consider

1. Open Question 3 — Label Consolidation

Should status:contributor-invited be renamed to help wanted?

DevRel take: YES, consolidate. GitHub's "help wanted" has special UX exposure (explore page, CLI shortcuts). status:* labels are internal taxonomy — redundant for external contributors. Keep it simple.

Action: Add to follow-up tasks

---

2. Scope Boundary: The CI Changes in This PR

The diff includes a lot of CI hardening that's NOT mentioned in the proposal:

• .github/actions/setup-squad-node (composite action, DRY improvement)
• GitHub API rate limit monitoring
• npm registry health checks
• Lockfile stability validation

Question: Is this intentional or did Flight include them for review?

If intentional: The CI changes are solid (especially lockfile validation post-v0.9.1), but they dilute the contributor guide PR's focus.

Recommendation: Separate the CI hardening (item 7, 9, 10 from internal audit) into a sibling PR (e.g., "ci: hardening health checks and retry patterns"). This PR should be contributor docs only. Keeps concerns clean.

---

3. Missing Context: What's in the Proposal vs What's Actually Implemented?

The PR title says "proposal" but the diff shows:

• ✅ Proposal document (docs/proposals/contributor-guide-improvements.md) — review-only
• ✅ CI workflow changes — implementation

Clarification needed: Is this PR for approval of the proposal or implementation of proposals + CI hardening?

• If approval: Don't mix in CI changes
• If implementation: The PR body should explain why CI is included

---

Messaging & Tone ✨

The proposal language is excellent:

• Respectful ("contributors lack context")
• Problem-first ("cold start problem")
• Actionable ("look for these labels")

One small note: In section 2f (README), the emoji usage is fun, but ensure they render consistently across browsers/terminals. Emojis can be a11y-risky for some users. The fallback text (bold verb) is good, but test on mobile + terminal.

---

OSS Best Practices Checklist

Practice	Status	Notes
Issue templates (structured data)	✅ Proposed	YAML format enforces required fields
CODE_OF_CONDUCT (trust signal)	✅ Proposed	Contributor Covenant v2.1 (industry standard)
Good first issues (on-ramp)	✅ Proposed	Workflow doc prevents decay
FAQ/troubleshooting (reduce friction)	✅ Proposed	Targets real pain points
Branch strategy clarity	✅ Proposed	Bold callout in README + FAQ
Contributor recognition	✅ Exists	CONTRIBUTORS.md already in place
Labels for contribution categories	✅ Proposed	Label consolidation (see Open Q3)

---

Recommendation

✅ APPROVE the contributor guide proposal (items 2a–2f + 2g)

This should ship. The audit is solid, the priorities are clear, and success metrics are measurable.

🔄 SEPARATE the CI hardening changes (into a sibling PR)

The CI improvements (setup-squad-node, rate limits, registry checks) are good, but they belong in a focused "CI Hardening" PR with their own justification.

�� Next Steps for Implementation

1. This PR merges as approved proposal → signals commitment to contributor experience
2. Follow-up sprint (1 week): Implement 2a+2c+2e+2f+2g (4 hrs estimated)
3. Parallel sprint: 2b (good first issue curation — requires issue audit)
4. Separate PR: CI hardening (I don't see a tool called task in github copilot #9, Copilot client parity: Squad works fully only on GitHub Copilot CLI #10 health checks + composite action)
5. Open question follow-up: Address Q1, Q2, Q3 in team sync

---

Final Thoughts

This proposal raises the bar for contributor experience in a thoughtful way. The data-driven approach and clear execution plan show that Flight understands both the problem and the solution.

The goal—"external contributors can be successful using only the docs"—is worth investing in. Even small improvements here compound: better contributions → less triage → more focus on features.

🚀 Ready to approve & ship.

---

PAO (DevRel)

[diberry]

🔍 CI/CD Contributor Guide Review

Reviewed by: Booster (CI/CD Engineer) on behalf of Dina Berry

✅ Strengths

1. CI Requirements Clarity: GOOD
The proposal explicitly addresses CI as a pain point in section 2e (FAQ):

• ✅ "My PR CI is failing" with guidance on reading CI output, common causes (missing changeset, build errors, lint failures)
• ✅ Correct branch strategy ("always dev, never main") prominently featured
• ✅ Changeset requirement explained with npx changeset add workflow

2. CI Hardening in Scope
The PR diff includes real CI improvements (CI Hardening items 6–10):

• ✅ Composite action setup-squad-node reduces duplication in 4 workflows
• ✅ Registry health checks before publish (prevents partial failures)
• ✅ GitHub API rate limit monitoring in Ralph/Triage/Insider workflows
• ✅ Lockfile stability check prevents drift-related incidents

These are solid infrastructure improvements that support contributor success indirectly.

⚠️ Gaps: CI-Specific Documentation

1. NO Issue Templates for CI Bugs ❌
The proposal lists issue template types (bug, feature, documentation, config) but does NOT include a CI-specific template or configuration. This is a missed opportunity:

• External contributors who encounter CI failures (flaky tests, timeout issues, registry failures) need a structured way to report them
• Recommendation: Add a 5th template: .github/ISSUE_TEMPLATE/ci_bug.yml with fields:
  • Workflow name(s) affected
  • Frequency (always/intermittent/once)
  • CI run link (GitHub Actions URL)
  • Local reproduction possible? (yes/no)
  • Logs or error output (optional textarea)

2. CI Requirements Not Explicit Enough ⚠️
The proposal talks about CI in FAQ but doesn't explicitly document requirements:

• Missing: "What CI checks must pass?" (lint, test, build, changeset validation, package-lock stability, etc.)
• Missing: "How long do CI checks typically take?"
• Missing: "What if I can't reproduce a CI failure locally?"
• Recommendation: Add a "CI in Squad" section to CONTRIBUTING.md explaining:
  • What checks run (link to .github/workflows/)
  • Why each check matters (for external contributors to understand, not just follow)
  • How to debug failures locally (npm run lint, npm test, npm run build, etc.)

3. .squad/ Directory Explainer is Good ✅
The proposed .squad/ boundary section (2c) is clear and prevents external contributors from accidentally modifying Squad team state files. This indirectly improves CI by avoiding spurious .squad/ changes in PRs.

🎯 Specific Feedback for Proposal Refinement

Section	Current Status	Recommendation
Issue templates (2a)	✅ Planned but incomplete	Add ci_bug.yml template for CI-specific failures
FAQ: CI failures (2e)	✅ Mentioned but vague	Expand to "How to Debug CI Failures" subsection with concrete commands
FAQ: Branch strategy (2e)	✅ Strong	Keep as-is (dev vs main is critical)
Changeset requirement (2e)	✅ Covered	✓ Good
FAQ: What's .squad/? (2e)	✅ Strong	✓ Good
CI/CD documentation in README (2f)	⚠️ Not addressed	Link to CI section in CONTRIBUTING.md

📋 Actionable Next Steps

Before shipping this PR:

1. If Issue Templates Ship in This PR:

   • Confirm all 4 templates (bug, feature, docs, config) have been implemented
   • Add a 5th: ci_bug.yml for CI-specific failures
   • Add auto-labels per template (add type:ci for CI template)

2. If FAQ Expands in Follow-up:

   • Create a dedicated "Debugging CI" subsection
   • Include: npm run lint, npm test, npm run build commands contributors can run locally
   • Link to GitHub Actions output interpretation guide

3. .squad/ Explainer (P1 — Critical):

   • ✅ This is the right priority. Prevents PR friction immediately.

---

🎓 Bottom Line for External Contributors

After this PR ships (with CI template addition), external contributors will be able to:

1. ✅ Understand why CI checks exist
2. ✅ Know what branches to target (dev, never main)
3. ✅ Know changesets are required
4. ⚠️ Partially understand how to debug CI failures (needs FAQ expansion)
5. ✅ Report CI bugs in a structured way (needs ci_bug.yml template)

Recommendation: Approve with a note to add the CI issue template and FAQ subsection.

---

@bradygaster — Is the CI template (5th template type) in scope for this PR, or should it be a follow-up? If follow-up, I'd recommend making it immediate (P1.5) since external contributors hit CI issues regularly.

[diberry]

FIDO Quality Review: Contributor Guide Improvements Proposal ✅

Status: APPROVED — This proposal is well-scoped, data-driven, and will measurably reduce contributor friction.

Strengths

✅ Data-Driven — 4/100 external PRs analyzed; real friction patterns identified (PR #639: wasted effort on deprecated feature; PR #633: wrong branch/empty body)
✅ Gap Audit Comprehensive — Existing docs audited (CONTRIBUTING.md strong, issue templates missing) + friction patterns extracted
✅ Right Priorities — P1 (issue templates, good-first-issue labels, .squad/ explainer) hits highest ROI
✅ Measurable Success Criteria — "New contributor can go discovery→ready-for-review using docs alone" is testable
✅ Scope is Right — Not over-scoped; CI changes (in diff) may belong in separate PR for focus

Will This Reduce Friction? Yes, measurably.

Pattern	Fix	Confidence
"Where do I start?"	good-first-issue labels (2b)	HIGH
"What do I include in bug report?"	Issue templates (2a) enforce required fields	HIGH
"Did I do this right?"	CONTRIBUTING FAQ (2e) centralizes answers	HIGH
"Should I touch .squad/?"	.squad/ explainer (2c)	HIGH

4 HIGH-confidence friction fixes = strong ROI.

Clarifications Needed

1. Issue Template: Capture Affected Version Range — Ask "What version fixed it?" for regressions; helps triagers identify backport needs
2. Good-First-Issue Workflow — Who tags issues? When? How do contributors claim them? (Prevents orphaned issues)
3. .squad/ Explainer: Mention Dotenv Patterns — Clarify .env, .squadrc aren't off-limits; only .squad/ is
4. CI Changes in This Diff — Are these part of the proposal, or separate? If separate, consider its own PR to keep concerns clean

Recommendation

Ship the proposal. The plan is solid, gaps are real, ROI is clear. Once implemented, expect measurable increases in external PR quality and frequency. After merging, prioritize 2a+2c+2e (4 hrs) next sprint for highest immediate impact.

FIDO Sign-Off: ✅ Approved.

[diberry]

📋 QUICK REFERENCE: What to Ship in This PR

This PR is documentation-only (proposal + workflow hardening). For maximum automation, follow up w>> This PR is documentation-only (proposal + workflow hardening). For maximum automation, follow up wi>> This PR is documentation-only (proposal + workflow hardening). For maximum automation, follow up with>> This PR is documentation-only (proposal + workflow hardening). For maximum automation, follow up with:

PR #2 (Immediate):

• Issue templates (YAML files in .github/ISSUE_TEMPLATE/)
• Workflow: `squad-protect-internal.yml>> - Workflow: `squad-protect-internal.yml>> - Workflow: `squad-protect-internal.yml` (block .squad/ changes)

PR #3 (Week 1):

• Workflow: `squad-pr-quality-gate.yml` (PR checklist validation)
• Workflow:>> - Workflow: >> - Workflow: `squad-welcome.yml` (first-time contributor welcome)

PR #4 (Week 2):

• Workflow: `squad-good-first-issues.yml` (auto-de>> - Workflow: `squad-good-first-issues.yml` (auto-det>> - Workflow: `squad-good-first-issues.yml` (auto-detect candidates)
• Workflow: `squad-faq-responder.yml` (keyword-based FAQ linking)

Supporting docs (in this PR or next):

->> - FAQ section in CONTRIBUTING.md

• .squad/ explainer in CONTRIBUTING.md
• README contributing enhancement

---

💡 **Key In>> ### 💡 **Key Ins>> ### 💡 **Key Insi>> ### 💡 Key Insight for Brady

Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs **before human r >> Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs **before human re>> Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review
Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review, auto-welcome first-timers, and auto-flag good opportunities for contributors. That's fewer back-and-forth comments
Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review, auto-welcome first-timers, and auto-flag good opportunities for contributors. That's fewer back-and-forth comments,>> Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review, auto-welcome first-timers, and auto-flag good opportunities for contributors. That's fewer back-and-forth comments, >> Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review, auto-welcome first-timers, and auto-flag good opportunities for contributors. That's fewer back-and-forth comments, less context-switching for Tamir/Brady, and better contributor experience.

Cost: ~12–15 hours of workflow development. **>> Cost: ~12–15 hours of workflow development. **B>> Cost: ~12–15 hours of workflow development. **Br>> Cost: ~12–15 hours of workflow development. Breaks even after ~20 external contributor interactions (rough es
Cost: ~12–15 hours of workflow development. Breaks even after ~20 external contributor interactions (rough estimate based on current friction patterns).

---

*This analys>> *This analysi>> *This analysis assumes existing workflows (`squad-triage.yml`, `squad-heartbeat.yml`) can be extended. If Squad's
*This analysis assumes existing workflows (`squad-triage.yml`, `squad-heartbeat.yml`) can be extended. If Squad's CI/CD infrastructure h>> *This analysis assumes existing workflows (`squad-triage.yml`, `squad-heartbeat.yml`) can be extended. If Squad's CI/CD infrastructure ha>> This analysis assumes existing workflows (`squad-triage.yml`, `squad-heartbeat.yml`) can be extended. If Squad's CI/CD infrastructure has constraints, let me know and I can adjust.
"@

Write-Output $automation_analysis

}; echo __BEGIN___COMMAND_DONE_MARKER>> }; echo BEGIN___COMMAND_DONE_MARKER$>> }; echo BEGIN___COMMAND_DONE_MARKER$LASTEXITCODE
BEGIN___COMMAND_OUTPUT_MARKER

🤖 Automation Analysis: Contributor Guide Improvements (PR #702)

Brady wants maximum automation — here's what can be automated, partially automated, or should remain manual for each
h proposed improvement.

---

✅ FULLY AUTOMATABLE ITEMS

1. Issue Templates (2a) → Auto-Labeling + Template Validation

What it does:

• YAML form templates auto-enforce required fields (GitHub native feature)
• Auto-apply type labels: \ ype:bug, \ ype:feature, \ ype:docs\ based on template selected

How to implement:

• Create 4 YAML templates in .github/ISSUE_TEMPLATE/:
  • ug_report.yml\ (required: version, OS, steps to reproduce)
  • 
    eature_request.yml\ (required: problem statement)
  • \documentation.yml\ (required: what's missing)
  • \config.yml\ (blank issue escape hatch)
• Add GitHub Actions workflow: On issue open → Auto-label based on template used�
  • Use \ctions/github-script\ to read issue metadata and apply appropriate label
  • Example: If issue was created from ug_report.yml, apply \ ype:bug\

Extends existing:

• Reuse \squad-triage.yml\ workflow; add labeling step for template-based labels

Effort: 2–3 hours (YAML templates + workflow)

Code: Would look like:
\\yaml

• name: Auto-label issues by template
  uses: actions/github-script@v7
  with:
  script: |
  const template = context.payload.issue.body?.includes('### Reproduction Steps') ? 'bug' :
  context.payload.issue.body?.includes('### Problem Statement') ? 'feature' : 'other';
  github.rest.issues.addLabels({
  owner: context.repo.owner,
  repo: context.repo.repo,
  issue_number: context.issue.number,
  labels: [\ ype:\]
  });
  \\

---

2. Good First Issue Auto-Detection (2b) → Workflow + Curation Tool

What it does:

• Workflow identifies issues that meet "good first issue" criteria (low complexity, good-scoped, has tests)
• Bot notifies maintainers when new candidate appears
• Workflow prevents accidental removal of the label (audit step in heartbeat job)

How to implement:

• Step 1: Create a .github/scripts/find-good-first-issues.js\ (Node.js script or Python) that:
  • Filters issues by: assignee == null, labels include \help wanted, size < 300 lines touched, has test files mentione
    ed, NOT squad:* labels
  • Exports JSON list of candidates
• Step 2: New workflow: \squad-good-first-issues.yml\ (triggered weekly or on-demand)
  • Runs script, produces candidate list
  • Posts comment on maintainer ticket or Slack (via webhook) with candidates
  • Maintainers manually verify and apply \good first issue\ label (1–2 min per issue)
• Step 3: Extend \squad-heartbeat.yml\ with audit:
  • Count \good first issue\ issues
  • Alert if count drops below 5
  • Add to weekly "Contributor Health" report

Extends existing:

• Reuse \squad-heartbeat.yml\ for audit + alerting
• Reuse .squad/squad.js\ or create new .github/scripts/\ entry

Effort: 4–6 hours (script + workflow + testing)

Sample workflow trigger:
\\yaml
on:
schedule:
- cron: '0 9 * * 1' # Weekly Monday morning
workflow_dispatch:
\\

---

3. .squad/ Protection → CI Gate (Blocking PR merge)

What it does:

• *Rejects any PR that modifies .squad/* files if opened by non-maintainers
• Workflow runs on \pull_request\ event, blocks if:
  • PR author is NOT in maintainers list (Brady, Tamir, Flight)
  • PR touches any file in .squad/\
• Comment on PR: "This PR includes changes to .squad/ (Team-internal state). Only maintainers can modify this directory
  y. Please remove these changes."

How to implement:

• New workflow: .github/workflows/squad-protect-internal.yml\
  • Trigger: \on: pull_request\�
  • Use \ctions/github-script\ to:
    • Get list of changed files
    • Check if any match .squad/**\
    • Check PR author against maintainers list
    • If non-maintainer + .squad/ changes → \core.setFailed()\ (blocks merge)
    • Comment on PR with explanation

Extends existing:

• Would be separate workflow (or added to existing \squad-triage.yml)

Effort: 1–2 hours (script + workflow)

Code sample:
\\yaml

• name: Block .squad/ changes from non-maintainers
  uses: actions/github-script@v7
  with:
  script: |
  const maintainers = ['brady', 'tamir', 'flight'];
  const author = context.payload.pull_request.user.login;
  const files = await github.rest.pulls.listFiles({
  owner: context.repo.owner,
  repo: context.repo.repo,
  pull_number: context.issue.number
  });
  const squaddirchanges = files.data.filter(f => f.filename.startsWith('.squad/'));

  if (squaddirchanges.length > 0 && !maintainers.includes(author)) {
    core.setFailed('❌ PRs cannot modify .squad/ (internal team state). Remove these changes.');
    github.rest.issues.createComment({...});
  }
  

\\

---

4. Contributor Onboarding → Welcome Bot

What it does:

• On first-time contributor's first PR or first issue: Auto-post welcome message with:
  • Links to CONTRIBUTING.md, CODE_OF_CONDUCT, FAQ
  • Pointer to \good first issue\ label for next time
  • Mention of squad member to tag for help

**How to implement:**�

• Use GitHub Actions \ctions/first-time-contributor-label@v2\ or similar
• Or build custom workflow:
  • Trigger: \on: [pull_request, issues]\
  • Check: Is author's first contribution? (use GitHub API)
  • If yes: Post templated comment with links + encouragement

Extends existing:

• Reuse \squad-triage.yml\ or create new \squad-welcome.yml\

Effort: 1–2 hours (action + workflow)

---

5. FAQ Auto-Linking → Bot in Issues/PRs

What it does:

• When someone posts common keywords in issue/PR comments ("Which branch?", "changeset", "CI failing", ".s
  squad"), bot auto-replies with FAQ link

How to implement:

• Workflow: \squad-faq-responder.yml\ (trigger: \issue_comment, \pull_request_comment)
• Use regex to detect keywords:
  • "branch?" → link to CONTRIBUTING.md#branch-strategy
  • "changeset" → link to CONTRIBUTING.md#changelog-entries (or FAQ subsection)
  • "CI fail" → link to FAQ: CI Troubleshooting
  • ".squad" → link to CONTRIBUTING.md#the-squad-directory
• Post comment ONLY if FAQ entry not already linked in same thread (avoid spam)

Extends existing:

• New lightweight workflow

Effort: 2–3 hours (keyword list + regex matching + response templates)

---

6. PR Quality Gate → Automated Checklist Validation

What it does:

• On PR open/edit: Check for:
  • ✅ PR title follows convention (e.g.,
    eat:,
    ix:, \docs:)
  • ✅ Branch is NOT \main\ (must be \dev\ or feature branch from \dev)
  • ✅ Changeset file exists (run
    ind . -name ".changeset/*.md")
  • ✅ No .squad/\ changes (see item 3 above)
  • ✅ Tests pass (wait for CI conclusion)
• Block merge if any of these fail (unless waived)

How to implement:

• Extend \squad-triage.yml\ or create \squad-pr-quality-gate.yml:
  • On \pull_request\ open/edit/reopened
  • Post a status check: \Contributor PR Checklist\ with details
  • If passing: \✅ Check passed\
  • If failing: \❌ Check failed — fix and push\ with breakdown of failures

Note: PR_REQUIREMENTS.md already defines these; CI can enforce programmatically

Extends existing:

• Extend \squad-triage.yml\ or create parallel workflow

Effort: 2–3 hours (validation script + workflow)

---

⚠️ PARTIALLY AUTOMATABLE ITEMS

7. CODE_OF_CONDUCT Enforcement (2d)

What it does (manual):

• CODE_OF_CONDUCT.md is static documentation; adoption is not automated
• But enforcement can be partially automated:
  • Workflow detects problematic language in comments (e.g., slurs, harassment)
  • Posts templated reminder + links to CODE_OF_CONDUCT
  • Flags comment for human review (maintainer lock + investigate)

How to implement:

• Workflow: \squad-conduct-monitor.yml\
  • Trigger: \issue_comment, \pull_request_comment, \discussion_comment\
  • Use regex/keyword list to detect violations
  • Comment: "Please review CODE_OF_CONDUCT.md. Maintainers have been notified."
  • GitHub issue: Auto-create a private issue for Brady/Tamir to review

Note: This is opt-in and still requires human judgment. Fully automated enforcement is risky (false positives).

Effort: 3–4 hours (keyword list curation + workflow + testing)

---

8. Stale Issue Management

What it does (auto + manual):

• Workflow auto-labels issues inactive for 30+ days as \status:stale\
• If still inactive after 14 more days: Ask maintainers if should be closed (manual decision)
• Post comment: "This issue has been inactive for 6 weeks. Should we close it?"

**How to implement:**�

• Use GitHub Action: \ctions/stale@v9\ (community action)
• Config:
  • stale-issue-label: \status:stale\
  • stale-issue-message: "Closing due to inactivity (6 weeks no response). Feel free to reopen if still relevant."
  • Close after: 14 days in stale state

Extends existing:

• New lightweight workflow or extend \squad-heartbeat.yml\

Effort: 1 hour (configure + test)

---

❌ MANUAL / NOT AUTOMATABLE

9. Contributor FAQ (2e) & README Contributing Section (2f) & .squad/ Explainer (2c)

• These are documentation; content creation is inherently manual
• ✅ BUT: Once written, can be enforced:
  • Workflow ensures CONTRIBUTING.md and README.md include required sections (validate structure)
  • Blocks PRs that remove FAQ or intro sections

How to implement:

• Workflow: \squad-docs-structure.yml\
  • On PR: Check that CONTRIBUTING.md includes ## Contributing, ## FAQ, ## .squad/ Directory\
  • Check README.md includes ## Contributing\ section
  • Fail PR if sections removed (prevent accidental deletion)
  • Allow if sections added/expanded

Effort: 1–2 hours

---

10. Good First Issue Curation (2b) — Manual Decision

• Automation can identify candidates, but humans must decide & tag
• See item 2 above for workflow support

---

🎯 RECOMMENDED AUTOMATION PRIORITY

Rank	Item	Automation Type	Effort	Payoff	Dependencies
1	.squad/ Protection (3)	Blocking CI gate	1–2h	HIGH	None
2	PR Quality Gate (6)	Blocking checklist	2–3h	HIGH	None
3	Issue Template Auto-Labeling (1)	Workflow + script	2–3h	MEDIUM	Issue templates must exist
4	Welcome Bot (4)	Workflow	1–2h	MEDIUM	None
5	Good First Issue Detection (2)	Workflow + script	4–6h	MEDIUM	Requires curation tool
6	FAQ Auto-Linker (5)	Keyword-based workflow	2–3h	MEDIUM	FAQ must exist in docs
7	Stale Issue Mgmt (8)	Configured action	1h	LOW	None
8	Conduct Monitor (7)	Keyword workflow	3–4h	LOW	Too many false positives

---

📋 QUICK REFERENCE: What to Ship in This PR

This PR is documentation-only (proposal + workflow hardening). For maximum automation, follow up with:

PR #2 (Immediate):

• Issue templates (YAML files in .github/ISSUE_TEMPLATE/)
• Workflow: \squad-protect-internal.yml\ (block .squad/ changes)

PR #3 (Week 1):

• Workflow: \squad-pr-quality-gate.yml\ (PR checklist validation)
• Workflow: \squad-welcome.yml\ (first-time contributor welcome)

PR #4 (Week 2):

• Workflow: \squad-good-first-issues.yml\ (auto-detect candidates)
• Workflow: \squad-faq-responder.yml\ (keyword-based FAQ linking)

Supporting docs (in this PR or next):

• FAQ section in CONTRIBUTING.md
• .squad/ explainer in CONTRIBUTING.md
• README contributing enhancement

---

💡 Key Insight for Brady

Automation payoff: With workflows 1–6 implemented, Squad could reject ~70% of invalid PRs before human review, a
auto-welcome first-timers, and auto-flag good opportunities for contributors. That's fewer back-and-forth comments, l
less context-switching for Tamir/Brady, and better contributor experience.

Cost: ~12–15 hours of workflow development. Breaks even after ~20 external contributor interactions (rough estim
mate based on current friction patterns).

---

This analysis assumes existing workflows (\squad-triage.yml, \squad-heartbeat.yml) can be extended. If Squad's CI/CD
infrastructure has constraints, let me know and I can adjust.
___BEGIN___COMMAND_DONE_MARKER___0
PS C:\Users\diberry\project-dina>

[diberry]

🔄 Ralph PR status

Check	Status
Mergeable	❌ Merge conflicts
Draft	Yes
Base	dev
Commits	2
Changed files	7

Proposal for contributor guide improvements. Draft + merge conflicts. Needs conflict resolution if this moves forward.

[diberry]

🤖 Upstream Maintenance Check

• Mergeable: MERGEABLE
• Single commit
• CI: All checks green ✅
• File audit: 1 docs file — clean

[Copilot]

Pull request overview

Adds a new proposal document describing gaps and a prioritized plan to improve contributor-facing documentation and GitHub project hygiene, aimed at reducing maintainer back-and-forth and improving external contribution success.

Changes:

• Introduces docs/proposals/contributor-guide-improvements.md with an audit of current contributor docs and identified friction patterns.
• Proposes prioritized deliverables (issue templates, .squad/ explainer, FAQ, README enhancements, CoC, SECURITY typo fix) and success criteria.

[Copilot]

The proposal header metadata format is inconsistent with the other existing docs/proposals/*.md files (which use plain **Issue:**/**Author:**/**Date:**/**Status:** lines, not a blockquote). For consistency and easier scanning, consider matching the established proposal header format and adding an **Issue:** field (or N/A).

Suggested change

	> **Author:** Flight (Lead)
	> **Date:** 2025-07-24
	> **Status:** Draft — awaiting team review
	> **Goal:** External contributors can be successful with issues and PRs without requiring repeated guidance from Brady and Tamir.
	**Issue:** N/A
	**Author:** Flight (Lead)
	**Date:** 2025-07-24
	**Status:** Draft — awaiting team review
	**Goal:** External contributors can be successful with issues and PRs without requiring repeated guidance from Brady and Tamir.

[Copilot]

The proposed FAQ guidance says contributors always need a changeset and references npx changeset add, but the current repo state doesn’t appear to have Changesets wired in (no changeset* scripts in root package.json, no @changesets/cli in package-lock.json, and no workflow checks). As written, this would likely mislead contributors—either adjust the proposal to reflect current enforcement, or call out re-introducing Changesets tooling as a prerequisite for that FAQ guidance.

Suggested change

	- "Do I need a changeset?" — yes, always. How `npx changeset add` works. What to pick for patch/minor/major.
	- "Do I need a changeset?" — once Changesets tooling is (re-)enabled, most PRs will need one. Document how `npx changeset add` works and what to pick for patch/minor/major. Until then, follow maintainer guidance (CI does not currently enforce changesets).