chore(release): MIT license + CONTRIBUTING/SECURITY/CODE_OF_CONDUCT + README badges (S12)

This commit is contained in:
Kjell Tore Guttormsen 2026-07-05 10:32:24 +02:00
commit 42f320bed1
6 changed files with 210 additions and 0 deletions

View file

@ -1,3 +1,19 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- Sibling implementation of the portfolio-optimiser method on the Claude Agent SDK (D7),
built from the shared frozen spec + golden suite alone.
- Deterministic backbone (mandatory blocking validator), the agentic + learning loop
(S5S10), and the deterministic ingest layer (CSV + SQL source types), each wired seam by
seam and proven by load-bearing tests.
- Test suite: 265 passing tests, all running offline without an API key.
### Notes
- Licensed under the MIT License (see `LICENSE`).

59
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,59 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment:
* Demonstrating empathy and kindness
* Being respectful of differing opinions and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing for mistakes
* Focusing on what is best for the community
Examples of unacceptable behavior:
* Trolling, insulting or derogatory comments
* Public or private harassment
* Publishing others' private information without permission
* Other conduct which could reasonably be considered inappropriate
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
hello@fromaitochitta.com.
All complaints will be reviewed and investigated promptly and fairly.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.1, available at
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
[homepage]: https://www.contributor-covenant.org
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html

66
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,66 @@
# Contributing to portfolio-optimiser-claude
Thank you for your interest in contributing! This document provides guidelines and instructions
for contributing.
## Code of Conduct
Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md).
## How to Contribute
### Reporting Issues
- Check existing issues before creating a new one
- Provide clear reproduction steps
- Include relevant environment details (OS, Python version)
### Submitting Changes
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes following the conventions below
4. Run the test, lint, and type checks (see Development Setup) and ensure they pass
5. Commit your changes using [Conventional Commits](https://www.conventionalcommits.org/)
(`type(scope): description`)
6. Push to your branch and open a Pull Request
### Pull Request Guidelines
- Follow the existing code style (`ruff` enforced)
- Type hints everywhere; `mypy`-clean where possible
- Include tests for new functionality — this project uses **load-bearing tests**: a test that
covers a seam must fail when that seam is detached, not merely pass while wired
- The **deterministic validator is mandatory and blocking** — never make it an optional plugin
- Keep PRs focused on a single change
- Update documentation as needed
## Development Setup
Requires Python ≥ 3.10 and [`uv`](https://docs.astral.sh/uv/).
```bash
# Clone your fork
git clone https://git.fromaitochitta.com/open/portfolio-optimiser-claude.git
cd portfolio-optimiser-claude
# Install dependencies
uv sync
# Run tests (offline, no API key required)
uv run pytest
# Lint and format
uv run ruff check .
uv run ruff format --check .
# Type-check (strict)
uv run mypy src
```
Tests run offline without an API key; live runs use the Claude API — keep `ANTHROPIC_API_KEY` in
your environment, never commit it.
## Questions?
Feel free to open an issue for any questions about contributing.

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 Kjell Tore Guttormsen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -1,5 +1,9 @@
# portfolio-optimiser-claude
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Python](https://img.shields.io/badge/python-%E2%89%A53.10-blue.svg)](pyproject.toml)
[![Built on Claude Agent SDK](https://img.shields.io/badge/built%20on-Claude%20Agent%20SDK-D97757.svg)](https://github.com/anthropics/claude-agent-sdk-python)
Sibling implementation of the portfolio-optimiser method on the **Claude Agent SDK**
(decision D7). An open, generic Python framework that finds cost savings *inside* each
project in a portfolio of independent projects: agents generate candidate measures, a

44
SECURITY.md Normal file
View file

@ -0,0 +1,44 @@
# Security Policy
## Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability, please report it responsibly.
**Please do NOT report security vulnerabilities through public issues.**
### How to Report
Email: hello@fromaitochitta.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
### What to Expect
- Acknowledgment within 48 hours
- Regular updates on progress
- Credit in the fix announcement (if desired)
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| latest | :white_check_mark: |
| < latest| :x: |
## Security Best Practices
When using portfolio-optimiser-claude:
- Keep dependencies updated
- Keep your Claude API key in environment variables — never commit secrets
- Follow the principle of least privilege for any data-source credentials
## Scope Note
portfolio-optimiser-claude is a **technical framework**. Deploying organizations own their own
data protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical
prerequisites (provenance stamping, a mandatory deterministic validator, an offline-by-default
test suite) but makes no compliance guarantees.