[codex] Add community health templates

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,75 @@
+name: Bug report
+description: Report a reproducible problem in agent-memory-sdk.
+title: "bug: "
+labels:
+  - bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a bug. Please remove secrets, API keys, database
+        credentials, local memory files, and production logs before posting.
+  - type: input
+    id: version
+    attributes:
+      label: Package version
+      description: Which version of agent-memory-sdk are you using?
+      placeholder: "0.0.1"
+    validations:
+      required: true
+  - type: dropdown
+    id: runtime
+    attributes:
+      label: Runtime
+      options:
+        - Node.js
+        - Bun
+        - Deno
+        - Other
+    validations:
+      required: true
+  - type: dropdown
+    id: adapter
+    attributes:
+      label: Memory or provider adapter
+      options:
+        - local
+        - sqlite
+        - postgres
+        - openai
+        - anthropic
+        - gemini
+        - xai
+        - openAICompatible
+        - core
+        - not sure
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Minimal reproduction
+      description: Share the smallest code sample or repository that reproduces the issue.
+      render: ts
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual behavior
+    validations:
+      required: true
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Include OS, package manager, Node.js version, and relevant database/provider details.
+      placeholder: "macOS 15, Node.js 22, pnpm 10"
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security report
+    url: https://github.com/gharibyan/agent-memory/security/policy
+    about: Please report suspected vulnerabilities privately.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,45 @@
+name: Feature request
+description: Suggest an improvement or new adapter for agent-memory-sdk.
+title: "feat: "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What are you trying to build, and where does the SDK get in the way?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed API or behavior
+      description: Show the TypeScript API or behavior you would expect.
+      render: ts
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - agent runtime
+        - memory retrieval
+        - local storage
+        - SQLite
+        - Postgres
+        - model provider
+        - packaging
+        - docs
+        - examples
+        - other
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: What workaround are you using today?
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/question.yml

@@ -0,0 +1,21 @@
+name: Question
+description: Ask about usage, architecture, or package behavior.
+title: "question: "
+labels:
+  - question
+body:
+  - type: textarea
+    id: question
+    attributes:
+      label: Question
+      description: What are you trying to understand or decide?
+    validations:
+      required: true
+  - type: textarea
+    id: context
+    attributes:
+      label: Context
+      description: Include the package version, runtime, storage adapter, provider, and any relevant code.
+      render: ts
+    validations:
+      required: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+## Summary
+
+<!-- What changed and why? -->
+
+## Verification
+
+<!-- Mark the commands you ran. Explain any skipped command. -->
+
+- [ ] `pnpm test`
+- [ ] `pnpm lint`
+- [ ] `pnpm pack:check`
+
+## Package Safety
+
+- [ ] The public npm package remains `agent-memory-sdk`.
+- [ ] Internal workspace packages remain private build units.
+- [ ] Package dry-run output does not include private apps, local memory files,
+      logs, screenshots, databases, or generated tarballs.
+
+## Notes
+
+<!-- Link issues, call out breaking changes, or mention follow-up work. -->

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing to agent-memory-sdk
+
+Thanks for taking the time to improve `agent-memory-sdk`. This project is a
+TypeScript-first pnpm workspace that publishes one public npm package:
+`agent-memory-sdk`.
+
+## Project Boundaries
+
+- `packages/agent-memory` is the public package and should keep
+  `createAgent({ model })` easy to use.
+- `packages/core` is runtime-neutral. Do not add Node `fs`, provider SDKs, or
+  database drivers there.
+- `packages/local`, `packages/sqlite`, and `packages/postgres` own persistence
+  adapters.
+- `packages/openai`, `packages/anthropic`, `packages/gemini`, and
+  `packages/xai` own model provider adapters.
+- `apps/*` are examples and demos. They are private and must never be included
+  in npm package output.
+
+## Development Setup
+
+```sh
+pnpm install
+pnpm build
+pnpm test
+pnpm lint
+pnpm pack:check
+```
+
+Use Node.js and pnpm versions compatible with the `packageManager` field in
+`package.json`.
+
+## Before Opening a Pull Request
+
+Please make sure the change is focused and includes tests when SDK behavior
+changes.
+
+Run:
+
+```sh
+pnpm test
+pnpm lint
+pnpm pack:check
+```
+
+`pnpm pack:check` should show only the public `agent-memory-sdk` artifact. It
+must not include `apps/playground`, `.memory`, `.ai-memory`, generated tarballs,
+screenshots, logs, or local databases.
+
+## Pull Request Expectations
+
+- Explain the problem and the approach.
+- Include examples or docs updates when public API behavior changes.
+- Keep source changes in TypeScript under `src`.
+- Keep generated output in `dist` and do not hand-edit it.
+- Keep build scripts cleaning `dist` before TypeScript compilation.
+
+## Issues
+
+Use the issue templates when possible. For security issues, do not open a public
+issue; follow the instructions in `SECURITY.md`.

README.md

@@ -192,6 +192,10 @@ pnpm pack:check
 
 Package dry-runs must only publish the `agent-memory-sdk` artifact and must not include `apps/playground`, `.memory`, local databases, logs, screenshots, or generated tarballs.
 
+## Contributing
+
+Issues and pull requests are welcome. Please read [CONTRIBUTING.md](./CONTRIBUTING.md) before opening a pull request, and use [SECURITY.md](./SECURITY.md) for private vulnerability reports.
+
 ## License
 
 MIT License. See [LICENSE](./LICENSE).

SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are considered for the latest published version of
+`agent-memory-sdk`.
+
+## Reporting a Vulnerability
+
+Please do not open a public issue for suspected vulnerabilities.
+
+Report security concerns by email to:
+
+```text
+khachatur.gharibyan@gmail.com
+```
+
+Include as much detail as you can safely share:
+
+- affected package or adapter
+- version or commit
+- reproduction steps
+- expected impact
+- whether credentials, local memory files, or database contents are involved
+
+You should receive an initial response within 7 days. If the issue is accepted,
+we will coordinate a fix and disclosure timeline before publishing details.
+
+## Handling Secrets
+
+Never include real provider API keys, database credentials, local memory files,
+or production logs in public issues, pull requests, screenshots, or example
+apps.

test/repository-hygiene.test.mjs

@@ -67,6 +67,27 @@ test("github codeowners routes repository changes to gharibyan", async () => {
   assert.match(codeowners, /^\* @gharibyan$/m)
 })
 
+test("github community health files are present", async () => {
+  const codeOfConduct = await read("CODE_OF_CONDUCT.md")
+  const contributing = await read("CONTRIBUTING.md")
+  const security = await read("SECURITY.md")
+  const pullRequestTemplate = await read(".github/PULL_REQUEST_TEMPLATE.md")
+  const issueConfig = await read(".github/ISSUE_TEMPLATE/config.yml")
+  const bugReport = await read(".github/ISSUE_TEMPLATE/bug_report.yml")
+  const featureRequest = await read(".github/ISSUE_TEMPLATE/feature_request.yml")
+  const question = await read(".github/ISSUE_TEMPLATE/question.yml")
+
+  assert.match(codeOfConduct, /Contributor Covenant/)
+  assert.match(contributing, /agent-memory-sdk/)
+  assert.match(contributing, /pnpm pack:check/)
+  assert.match(security, /Reporting a Vulnerability/)
+  assert.match(pullRequestTemplate, /Package Safety/)
+  assert.match(issueConfig, /blank_issues_enabled: false/)
+  assert.match(bugReport, /Bug report/)
+  assert.match(featureRequest, /Feature request/)
+  assert.match(question, /Question/)
+})
+
 test("gitignore excludes local IDE project settings", async () => {
   const gitignore = await read(".gitignore")