Skip to content

chore: normalize LICENSE copyright to Passion Factory and add community-health files#290

Merged
amondnet merged 2 commits into
mainfrom
chore/oss-community-health
Jul 1, 2026
Merged

chore: normalize LICENSE copyright to Passion Factory and add community-health files#290
amondnet merged 2 commits into
mainfrom
chore/oss-community-health

Conversation

@amondnet

@amondnet amondnet commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Normalizes the LICENSE copyright holder and adds the standard open-source community-health files.

  • LICENSE: copyright holder PleaseAI -> Passion Factory (year 2025 unchanged)
  • CONTRIBUTING.md: bun-based setup and workflow (clone, bun install, bun run lint/type-check/test/build)
  • CODE_OF_CONDUCT.md: Contributor Covenant v2.1, contact conduct@pleaseai.dev
  • SECURITY.md: private vulnerability reporting, contact security@pleaseai.dev
  • .github/PULL_REQUEST_TEMPLATE.md
  • .github/ISSUE_TEMPLATE/: bug_report.md, feature_request.md, config.yml
  • README.md: added a License: MIT badge to the badge row (an npm version badge was already present, so no npm badge was added to avoid a duplicate)

Related issue

Checklist

  • PR title follows Conventional Commits
  • Docs-only change (no code, tests unaffected)
  • No breaking change

Summary by cubic

Normalize LICENSE holder to Passion Factory and add community health files to guide contributions, conduct, and security. Includes Contributor Covenant v2.1 (conduct@pleaseai.dev), SECURITY policy with private reporting via GitHub advisories or security@pleaseai.dev, CONTRIBUTING with Bun workflow, PR/issue templates that link to Discussions and disable blank issues, and an MIT license badge in the README.

Written for commit d217beb. Summary will update on new commits.

@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
gh-please Ready Ready Preview, Comment Jul 1, 2026 4:50pm

Request Review

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@amondnet, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 3 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d55704d3-ccd9-443c-b6f7-34e4a6613626

📥 Commits

Reviewing files that changed from the base of the PR and between 5b8cda0 and d217beb.

📒 Files selected for processing (9)
  • .github/ISSUE_TEMPLATE/bug_report.md
  • .github/ISSUE_TEMPLATE/config.yml
  • .github/ISSUE_TEMPLATE/feature_request.md
  • .github/PULL_REQUEST_TEMPLATE.md
  • CODE_OF_CONDUCT.md
  • CONTRIBUTING.md
  • LICENSE
  • README.md
  • SECURITY.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/oss-community-health

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces essential community and contribution documents, including issue and pull request templates, a code of conduct, contributing guidelines, and a security policy, alongside updating the license copyright. The review feedback identifies two key inconsistencies: the contribution guide's English-only policy conflicts with the project's actual support for Korean documentation, and the pull request template checklist lacks the type-check and build verification steps described in the development workflow.

Comment thread CONTRIBUTING.md Outdated
Comment thread .github/PULL_REQUEST_TEMPLATE.md
@codacy-production

Copy link
Copy Markdown

Not up to standards ⛔

🔴 Issues 1 high

Alerts:
⚠ 1 issue (≤ 0 issues of at least minor severity)

Results:
1 new issue

Category Results
Security 1 high

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Greptile Summary

This is a documentation-only PR that normalizes the LICENSE copyright holder from "PleaseAI" to "Passion Factory" and adds the standard set of open-source community-health files.

  • LICENSE: copyright holder updated to "Passion Factory"; year 2025 unchanged.
  • Community files added: CONTRIBUTING.md (Bun workflow with verified script names), CODE_OF_CONDUCT.md (Contributor Covenant v2.1), SECURITY.md (private advisory reporting + security@pleaseai.dev fallback), PR template, and issue templates for bugs/features.
  • README.md: MIT license badge added to the existing badge row, linking to ./LICENSE.

Confidence Score: 5/5

All changes are documentation and governance files with no effect on runtime code.

No code is modified — only the LICENSE copyright name, markdown docs, and GitHub template files are touched. All script names referenced in CONTRIBUTING.md and the PR template match the actual scripts in package.json. Contact addresses and external links are consistent across files.

No files require special attention.

Important Files Changed

Filename Overview
LICENSE Copyright holder renamed from "PleaseAI" to "Passion Factory"; year 2025 unchanged
CONTRIBUTING.md New file documenting Bun-based setup and workflow; all referenced scripts (lint:fix, type-check, test, build) exist in package.json
CODE_OF_CONDUCT.md New file — standard Contributor Covenant v2.1 with conduct@pleaseai.dev enforcement contact
SECURITY.md New file — references GitHub private vulnerability reporting and security@pleaseai.dev as fallback; 72-hour acknowledgement SLA
README.md MIT license badge added to badge row; links to ./LICENSE
.github/PULL_REQUEST_TEMPLATE.md New PR template with Conventional Commits reminder and standard checklist; script names match package.json
.github/ISSUE_TEMPLATE/bug_report.md New bug report template with bug label auto-applied
.github/ISSUE_TEMPLATE/feature_request.md New feature request template with enhancement label auto-applied
.github/ISSUE_TEMPLATE/config.yml Disables blank issues; directs questions to Discussions and security reports to GitHub's private advisory channel

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Contributor] -->|Opens issue| B{Issue type?}
    B -->|Bug| C[bug_report.md - label: bug]
    B -->|Feature| D[feature_request.md - label: enhancement]
    B -->|Question| E[GitHub Discussions]
    B -->|Security| F[GitHub Private Advisory]
    F --> G[security at pleaseai.dev fallback]

    A -->|Opens PR| H[PULL_REQUEST_TEMPLATE.md]
    H --> I{CI passes?}
    I -->|Yes| J[Request review]
    I -->|No| K[Fix and re-push]
    K --> I

    A -->|Conduct concern| L[CODE_OF_CONDUCT.md enforcement]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Contributor] -->|Opens issue| B{Issue type?}
    B -->|Bug| C[bug_report.md - label: bug]
    B -->|Feature| D[feature_request.md - label: enhancement]
    B -->|Question| E[GitHub Discussions]
    B -->|Security| F[GitHub Private Advisory]
    F --> G[security at pleaseai.dev fallback]

    A -->|Opens PR| H[PULL_REQUEST_TEMPLATE.md]
    H --> I{CI passes?}
    I -->|Yes| J[Request review]
    I -->|No| K[Fix and re-push]
    K --> I

    A -->|Conduct concern| L[CODE_OF_CONDUCT.md enforcement]
Loading

Reviews (2): Last reviewed commit: "chore: apply AI code review suggestions" | Re-trigger Greptile

Comment thread LICENSE

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 issues found across 9 files

Confidence score: 4/5

  • The highest risk is in CONTRIBUTING.md: telling contributors to run bun run lint instead of bun run lint:fix can lead to avoidable lint failures and extra review churn when changes are pushed without auto-fixes — update the workflow step to the required command before merging.
  • .github/PULL_REQUEST_TEMPLATE.md is missing bun run type-check and bun run build, so PRs may be marked ready while still failing CI on checks the team expects — add both checklist items to align contributor behavior with the documented process.
  • The wording in CONTRIBUTING.md around language policy is overly absolute and could confuse contributors about whether maintained translations are acceptable — revise it to state English as the default while explicitly allowing supported translations.
Architecture diagram
sequenceDiagram
    participant C as Contributor / Researcher
    participant GH as GitHub Repository
    participant T as Issue Templates
    participant S as Security Policy
    participant M as Maintainers

    Note over C,M: NEW: Community-Health Files establish contributor & security flows

    C->>GH: Visits repo, sees LICENSE badge & Code of Conduct link
    C->>GH: Reads CONTRIBUTING.md (clone, bun install, lint/test/build)
    C->>GH: Opens a new issue
    GH->>T: Presents bug_report.md or feature_request.md
    alt Bug report
        T-->>C: Form fields (describe bug, reproduce, environment)
        C->>GH: Submits issue
        GH->>M: Notifies maintainers
    else Feature request
        T-->>C: Form fields (problem, solution, alternatives)
        C->>GH: Submits issue
        GH->>M: Notifies maintainers
    end

    opt Security vulnerability
        S-->>C: Redirects to private reporting (Security tab / security@pleaseai.dev)
        C->>S: Follows instructions (not public issue)
        S->>M: Private report received
        M-->>C: Acknowledges within 72h
    end

    C->>GH: Opens pull request
    GH->>C: Shows PR template (checklist, Conventional Commits)
    C->>GH: Submits PR
    GH->>M: Notifies maintainers
Loading

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread CONTRIBUTING.md Outdated
Comment thread .github/PULL_REQUEST_TEMPLATE.md
Comment thread CONTRIBUTING.md Outdated
@pleaseai

pleaseai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@amondnet님의 요청을 완료했습니다 (2m 20s) —— View job


PR Review

  • Analyze PR context and review comments
  • Assess current PR state
  • Provide final response

Assessment

This is a clean docs-only PR. All three automated reviewers' feedback has been addressed in commit d217beb:

Item Status
CONTRIBUTING.md: bun run lintbun run lint:fix (cubic-dev-ai) ✅ Applied
CONTRIBUTING.md: English-only policy → bilingual policy (gemini-code-assist, cubic-dev-ai) ✅ Applied
PULL_REQUEST_TEMPLATE.md: Added type-check and build steps (gemini-code-assist, cubic-dev-ai) ✅ Applied
package.json author vs LICENSE copyright (greptile-apps) ℹ️ See below

On package.json author vs LICENSE copyright

amondnet's explanation is accurate. These two fields serve distinct purposes:

  • LICENSE → legal copyright declaration ("Passion Factory" — the company entity)
  • package.json "author" → npm publishing identity ("PleaseAI" — the @pleaseai scope brand)

They can legitimately differ, and aligning them is an editorial decision for maintainers, not a correctness issue. The explanation is sound.

Minor observation

PULL_REQUEST_TEMPLATE.md line 15 lists bun run lint (verify only), while CONTRIBUTING.md prescribes bun run lint:fix (auto-fix). This is a minor inconsistency — checklist items ideally match the development workflow command. If the intent is for contributors to auto-fix before checking the box, updating to bun run lint:fix would align the two documents. Not blocking, but worth deciding intentionally.

Codacy alert

Codacy reports 1 high-severity issue. This is likely a false positive triggered by email addresses in SECURITY.md/CODE_OF_CONDUCT.md (e.g., security@pleaseai.dev, conduct@pleaseai.dev), which are intentional contact points. Worth confirming in the Codacy dashboard before merging.

Summary

All substantive review feedback has been incorporated. The package.json author distinction is intentional and well-explained. The PR is in good shape to merge once the Codacy alert is confirmed to be a false positive.
| Branch: chore/oss-community-health

@amondnet
amondnet merged commit 638b25f into main Jul 1, 2026
11 of 13 checks passed
@amondnet
amondnet deleted the chore/oss-community-health branch July 1, 2026 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant