diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..800413c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,75 @@ +name: Bug report +description: Report a reproducible problem in agent-memory-sdk. +title: "bug: " +labels: + - bug +body: + - type: markdown + attributes: + value: | + Thanks for reporting a bug. Please remove secrets, API keys, database + credentials, local memory files, and production logs before posting. + - type: input + id: version + attributes: + label: Package version + description: Which version of agent-memory-sdk are you using? + placeholder: "0.0.1" + validations: + required: true + - type: dropdown + id: runtime + attributes: + label: Runtime + options: + - Node.js + - Bun + - Deno + - Other + validations: + required: true + - type: dropdown + id: adapter + attributes: + label: Memory or provider adapter + options: + - local + - sqlite + - postgres + - openai + - anthropic + - gemini + - xai + - openAICompatible + - core + - not sure + validations: + required: true + - type: textarea + id: reproduction + attributes: + label: Minimal reproduction + description: Share the smallest code sample or repository that reproduces the issue. + render: ts + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected behavior + validations: + required: true + - type: textarea + id: actual + attributes: + label: Actual behavior + validations: + required: true + - type: textarea + id: environment + attributes: + label: Environment + description: Include OS, package manager, Node.js version, and relevant database/provider details. + placeholder: "macOS 15, Node.js 22, pnpm 10" + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..6967683 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Security report + url: https://github.com/gharibyan/agent-memory/security/policy + about: Please report suspected vulnerabilities privately. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..a7628da --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,45 @@ +name: Feature request +description: Suggest an improvement or new adapter for agent-memory-sdk. +title: "feat: " +labels: + - enhancement +body: + - type: textarea + id: problem + attributes: + label: Problem + description: What are you trying to build, and where does the SDK get in the way? + validations: + required: true + - type: textarea + id: proposal + attributes: + label: Proposed API or behavior + description: Show the TypeScript API or behavior you would expect. + render: ts + validations: + required: true + - type: dropdown + id: area + attributes: + label: Area + options: + - agent runtime + - memory retrieval + - local storage + - SQLite + - Postgres + - model provider + - packaging + - docs + - examples + - other + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + description: What workaround are you using today? + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/question.yml b/.github/ISSUE_TEMPLATE/question.yml new file mode 100644 index 0000000..346ee9d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.yml @@ -0,0 +1,21 @@ +name: Question +description: Ask about usage, architecture, or package behavior. +title: "question: " +labels: + - question +body: + - type: textarea + id: question + attributes: + label: Question + description: What are you trying to understand or decide? + validations: + required: true + - type: textarea + id: context + attributes: + label: Context + description: Include the package version, runtime, storage adapter, provider, and any relevant code. + render: ts + validations: + required: false diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..2581cdc --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,22 @@ +## Summary + + + +## Verification + + + +- [ ] `pnpm test` +- [ ] `pnpm lint` +- [ ] `pnpm pack:check` + +## Package Safety + +- [ ] The public npm package remains `agent-memory-sdk`. +- [ ] Internal workspace packages remain private build units. +- [ ] Package dry-run output does not include private apps, local memory files, + logs, screenshots, databases, or generated tarballs. + +## Notes + + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..2647acf --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,61 @@ +# Contributing to agent-memory-sdk + +Thanks for taking the time to improve `agent-memory-sdk`. This project is a +TypeScript-first pnpm workspace that publishes one public npm package: +`agent-memory-sdk`. + +## Project Boundaries + +- `packages/agent-memory` is the public package and should keep + `createAgent({ model })` easy to use. +- `packages/core` is runtime-neutral. Do not add Node `fs`, provider SDKs, or + database drivers there. +- `packages/local`, `packages/sqlite`, and `packages/postgres` own persistence + adapters. +- `packages/openai`, `packages/anthropic`, `packages/gemini`, and + `packages/xai` own model provider adapters. +- `apps/*` are examples and demos. They are private and must never be included + in npm package output. + +## Development Setup + +```sh +pnpm install +pnpm build +pnpm test +pnpm lint +pnpm pack:check +``` + +Use Node.js and pnpm versions compatible with the `packageManager` field in +`package.json`. + +## Before Opening a Pull Request + +Please make sure the change is focused and includes tests when SDK behavior +changes. + +Run: + +```sh +pnpm test +pnpm lint +pnpm pack:check +``` + +`pnpm pack:check` should show only the public `agent-memory-sdk` artifact. It +must not include `apps/playground`, `.memory`, `.ai-memory`, generated tarballs, +screenshots, logs, or local databases. + +## Pull Request Expectations + +- Explain the problem and the approach. +- Include examples or docs updates when public API behavior changes. +- Keep source changes in TypeScript under `src`. +- Keep generated output in `dist` and do not hand-edit it. +- Keep build scripts cleaning `dist` before TypeScript compilation. + +## Issues + +Use the issue templates when possible. For security issues, do not open a public +issue; follow the instructions in `SECURITY.md`. diff --git a/README.md b/README.md index 6fbbab3..3e8fd98 100644 --- a/README.md +++ b/README.md @@ -192,6 +192,10 @@ pnpm pack:check Package dry-runs must only publish the `agent-memory-sdk` artifact and must not include `apps/playground`, `.memory`, local databases, logs, screenshots, or generated tarballs. +## Contributing + +Issues and pull requests are welcome. Please read [CONTRIBUTING.md](./CONTRIBUTING.md) before opening a pull request, and use [SECURITY.md](./SECURITY.md) for private vulnerability reports. + ## License MIT License. See [LICENSE](./LICENSE). diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..80b70d1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security Policy + +## Supported Versions + +Security fixes are considered for the latest published version of +`agent-memory-sdk`. + +## Reporting a Vulnerability + +Please do not open a public issue for suspected vulnerabilities. + +Report security concerns by email to: + +```text +khachatur.gharibyan@gmail.com +``` + +Include as much detail as you can safely share: + +- affected package or adapter +- version or commit +- reproduction steps +- expected impact +- whether credentials, local memory files, or database contents are involved + +You should receive an initial response within 7 days. If the issue is accepted, +we will coordinate a fix and disclosure timeline before publishing details. + +## Handling Secrets + +Never include real provider API keys, database credentials, local memory files, +or production logs in public issues, pull requests, screenshots, or example +apps. diff --git a/test/repository-hygiene.test.mjs b/test/repository-hygiene.test.mjs index 4e71056..fd253a9 100644 --- a/test/repository-hygiene.test.mjs +++ b/test/repository-hygiene.test.mjs @@ -67,6 +67,27 @@ test("github codeowners routes repository changes to gharibyan", async () => { assert.match(codeowners, /^\* @gharibyan$/m) }) +test("github community health files are present", async () => { + const codeOfConduct = await read("CODE_OF_CONDUCT.md") + const contributing = await read("CONTRIBUTING.md") + const security = await read("SECURITY.md") + const pullRequestTemplate = await read(".github/PULL_REQUEST_TEMPLATE.md") + const issueConfig = await read(".github/ISSUE_TEMPLATE/config.yml") + const bugReport = await read(".github/ISSUE_TEMPLATE/bug_report.yml") + const featureRequest = await read(".github/ISSUE_TEMPLATE/feature_request.yml") + const question = await read(".github/ISSUE_TEMPLATE/question.yml") + + assert.match(codeOfConduct, /Contributor Covenant/) + assert.match(contributing, /agent-memory-sdk/) + assert.match(contributing, /pnpm pack:check/) + assert.match(security, /Reporting a Vulnerability/) + assert.match(pullRequestTemplate, /Package Safety/) + assert.match(issueConfig, /blank_issues_enabled: false/) + assert.match(bugReport, /Bug report/) + assert.match(featureRequest, /Feature request/) + assert.match(question, /Question/) +}) + test("gitignore excludes local IDE project settings", async () => { const gitignore = await read(".gitignore")