chore: open-source governance, slim Docker default, real-PDF example#1
Merged
Merged
Conversation
OSS governance: - Add LICENSE (MIT), CONTRIBUTING, CODE_OF_CONDUCT, SECURITY - Add PR template, issue templates, CODEOWNERS - Add docs/BRANCH_PROTECTION.md with gh-cli recipe - Add scripts/git-hooks/pre-commit (blocks direct commits to main, runs local CI) - Update CI workflow: PR-only on main, add ruff format check, GHA docker buildx cache Docker: - Dockerfile: install base deps only by default, opt-in via EXTRAS build arg - docker-compose: pass EXTRAS=celery,postgres,s3 to api/worker, make .env optional, drop obsolete version Real-PDF example: - examples/real_pdf_analysis/ downloads Apple Inc. FY24-Q4 consolidated financial statements PDF and runs full pipeline with mock LLM - README documents how to point at other filings and switch to real LLMs Cleanup: - .gitignore: ignore .mypy_cache, *.egg-info, example outputs/fixtures - Untrack src/financial_report_agent.egg-info
There was a problem hiding this comment.
Pull request overview
This PR packages several repo-wide “project hygiene” improvements: adding standard open-source governance docs and templates, slimming the default Docker image by making extras opt-in, and adding a runnable end-to-end example that exercises the pipeline on a real public-company PDF using the mock LLM.
Changes:
- Added governance/security/community documentation and GitHub templates (PR template, issue templates, CODEOWNERS) plus a local pre-commit hook and branch protection guide.
- Updated CI to focus on
main, add concurrency cancellation, enable pip caching, and use Buildx with GHA cache for Docker builds. - Made Docker default to base dependencies (extras opt-in via
EXTRASbuild arg) and added a real-PDF end-to-end example with outputs ignored by git.
Reviewed changes
Copilot reviewed 23 out of 24 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/financial_report_agent.egg-info/top_level.txt | Removes tracked build artifact metadata from the repo. |
| src/financial_report_agent.egg-info/SOURCES.txt | Removes tracked build artifact metadata from the repo. |
| src/financial_report_agent.egg-info/requires.txt | Removes tracked build artifact metadata from the repo. |
| src/financial_report_agent.egg-info/PKG-INFO | Removes tracked build artifact metadata from the repo. |
| src/financial_report_agent.egg-info/dependency_links.txt | Removes tracked build artifact metadata from the repo. |
| SECURITY.md | Adds a security policy and reporting guidance. |
| scripts/git-hooks/pre-commit | Adds a local pre-commit hook to block commits to main/master and run local CI. |
| README.md | Links to the new real-PDF example and contributing/licensing info. |
| LICENSE | Adds MIT license text. |
| examples/real_pdf_analysis/run_example.py | Adds a runnable script that downloads a public PDF and runs the pipeline. |
| examples/real_pdf_analysis/README.md | Documents how to run the real-PDF example and interpret outputs. |
| examples/real_pdf_analysis/.gitignore | Ignores generated example outputs and downloaded PDFs. |
| docs/BRANCH_PROTECTION.md | Documents canonical branch protection settings and a gh CLI recipe. |
| Dockerfile | Makes extras opt-in via EXTRAS build arg to slim default images. |
| docker-compose.yml | Updates compose to pass EXTRAS, make .env optional, and drop obsolete version:. |
| CONTRIBUTING.md | Adds contribution workflow, local CI expectations, and project conventions. |
| CODE_OF_CONDUCT.md | Adds a short Code of Conduct referencing Contributor Covenant. |
| .gitignore | Ignores mypy cache, egg-info, and example runtime artifacts. |
| .github/workflows/ci.yml | Updates CI triggers, adds concurrency + pip cache, and modernizes Docker build caching. |
| .github/pull_request_template.md | Adds a PR template aligned with the new workflow. |
| .github/ISSUE_TEMPLATE/feature_request.yml | Adds a feature request issue form. |
| .github/ISSUE_TEMPLATE/config.yml | Configures issue creation and links security reporting. |
| .github/ISSUE_TEMPLATE/bug_report.yml | Adds a bug report issue form. |
| .github/CODEOWNERS | Adds default code owner configuration. |
Comments suppressed due to low confidence (1)
docker-compose.yml:46
workersetsS3_ENDPOINT=http://minio:9000but does not depend on theminioservice. This can cause the worker to start before MinIO is available and fail early (depending on connection retry behavior). Addminiotoworker.depends_onor otherwise ensure the worker waits/retries appropriately.
- CELERY_BROKER_URL=redis://redis:6379/0
- STORAGE_BACKEND=postgres
- DATABASE_URL=postgresql://jetbot:jetbot@postgres:5432/jetbot
- S3_ENDPOINT=http://minio:9000
volumes:
- app-data:/app/data
depends_on:
- redis
- postgres
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| language: str, | ||
| ) -> str: | ||
| # Force the mock LLM so the example is fully offline / deterministic. | ||
| os.environ.setdefault("LLM_DEFAULT_MODEL", "mock:mock") |
| If you discover a security vulnerability, please **do not** open a public | ||
| GitHub issue. Instead, report it privately via GitHub's | ||
| [Private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) | ||
| feature on this repository, or email the maintainers. |
| - Be respectful and welcoming. | ||
| - No harassment, discrimination, or personal attacks. | ||
| - Assume good intent; disagree on technical content, not on people. | ||
| - Report unacceptable behavior to the maintainers via the address listed in |
Comment on lines
+38
to
+56
| ```bash | ||
| gh api -X PUT \ | ||
| repos/magic-alt/jetbot/branches/main/protection \ | ||
| -F required_status_checks.strict=true \ | ||
| -F 'required_status_checks.contexts[]=lint-and-test' \ | ||
| -F enforce_admins=true \ | ||
| -F required_pull_request_reviews.required_approving_review_count=1 \ | ||
| -F required_pull_request_reviews.dismiss_stale_reviews=true \ | ||
| -F required_pull_request_reviews.require_code_owner_reviews=true \ | ||
| -F required_linear_history=true \ | ||
| -F allow_force_pushes=false \ | ||
| -F allow_deletions=false \ | ||
| -F required_conversation_resolution=true \ | ||
| -F restrictions= # empty restrictions block all direct pushes | ||
| ``` | ||
|
|
||
| > Note: The `restrictions` block must be sent as an empty object/array to | ||
| > mean "nobody may push directly". Adjust per the GitHub REST API docs if | ||
| > running this through a tool that requires a different JSON shape. |
Comment on lines
3
to
+7
| on: | ||
| push: | ||
| branches: [master, main] | ||
| branches: [main] | ||
| pull_request: | ||
| branches: [master, main] | ||
| branches: [main] |
magic-alt
added a commit
that referenced
this pull request
Jun 6, 2026
…xample chore: open-source governance, slim Docker default, real-PDF example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three things in one branch:
317 passed, 2 skipped, Docker image builds (~50 s with base deps) andcurl /healthreturns{"status":"ok","version":"0.1.0"}from the running container.main).Scope of changes
LICENSE(MIT),CONTRIBUTING.md,CODE_OF_CONDUCT.md,SECURITY.md,.github/CODEOWNERS,.github/pull_request_template.md,.github/ISSUE_TEMPLATE/*,docs/BRANCH_PROTECTION.md(canonical rules +ghCLI recipe),scripts/git-hooks/pre-commit(blocks direct commits tomain, runs local CI)..github/workflows/ci.yml): PR-only onmain, concurrency cancellation, pip cache, GHA-cached Docker buildx build.Dockerfile,docker-compose.yml): default image now installs base deps only (~50 s build instead of >5 min downloading paddlepaddle/opencv); extras opt-in via--build-arg EXTRAS=.... Compose passesEXTRAS=celery,postgres,s3toapi/workerand makes.envoptional. Dropped obsoleteversion:key.examples/real_pdf_analysis/):run_example.pydownloads Apple's FY24-Q4 Consolidated Financial Statements PDF (~4.9 MB, 4 pages), runs the LangGraph pipeline throughLocalStore, prints the head of the generatedtrader_report.md. README documents how to point it at other filings or switch to a real LLM..mypy_cache/,*.egg-info/, example outputs/fixtures; untracksrc/financial_report_agent.egg-info/.How was this tested?
Follow-up (maintainer action required)
Branch protection rules on
mainneed to be enabled via GitHub UI orghCLI — seedocs/BRANCH_PROTECTION.md. The repo files in this PR cannot enforce that by themselves.Checklist
main