chore(release): MIT license + CONTRIBUTING/SECURITY/CODE_OF_CONDUCT + README badges (S12)
This commit is contained in:
parent
bdba6f66c6
commit
254e3da1d8
6 changed files with 199 additions and 2 deletions
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
|
@ -15,8 +18,8 @@ All notable changes to this project will be documented in this file.
|
|||
(`uv run python -m portfolio_optimiser.simulation`) — plumbing proof, not live-model proof.
|
||||
- Framework-neutral shared core in `shared/`: OKF concept + example bundle, golden validator
|
||||
suite, and the expert-reviewer persona as an Agent Skill.
|
||||
- Test suite: 152 passing tests (4 skips are live-provider-only), every wired seam covered by a
|
||||
- Test suite: 237 passing tests (4 skips are live-provider-only), every wired seam covered by a
|
||||
load-bearing test that goes red when the seam is detached.
|
||||
|
||||
### Notes
|
||||
- License to be finalized at release prep.
|
||||
- Licensed under the MIT License (see `LICENSE`).
|
||||
|
|
|
|||
59
CODE_OF_CONDUCT.md
Normal file
59
CODE_OF_CONDUCT.md
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
# Contributor Covenant Code of Conduct
|
||||
|
||||
## Our Pledge
|
||||
|
||||
We as members, contributors, and leaders pledge to make participation in our
|
||||
community a harassment-free experience for everyone, regardless of age, body
|
||||
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
||||
identity and expression, level of experience, education, socio-economic status,
|
||||
nationality, personal appearance, race, religion, or sexual identity
|
||||
and orientation.
|
||||
|
||||
We pledge to act and interact in ways that contribute to an open, welcoming,
|
||||
diverse, inclusive, and healthy community.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to a positive environment:
|
||||
|
||||
* Demonstrating empathy and kindness
|
||||
* Being respectful of differing opinions and experiences
|
||||
* Giving and gracefully accepting constructive feedback
|
||||
* Accepting responsibility and apologizing for mistakes
|
||||
* Focusing on what is best for the community
|
||||
|
||||
Examples of unacceptable behavior:
|
||||
|
||||
* Trolling, insulting or derogatory comments
|
||||
* Public or private harassment
|
||||
* Publishing others' private information without permission
|
||||
* Other conduct which could reasonably be considered inappropriate
|
||||
|
||||
## Enforcement Responsibilities
|
||||
|
||||
Community leaders are responsible for clarifying and enforcing our standards of
|
||||
acceptable behavior and will take appropriate and fair corrective action in
|
||||
response to any behavior that they deem inappropriate, threatening, offensive,
|
||||
or harmful.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies within all community spaces, and also applies when
|
||||
an individual is officially representing the community in public spaces.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||
reported to the community leaders responsible for enforcement at
|
||||
hello@fromaitochitta.com.
|
||||
|
||||
All complaints will be reviewed and investigated promptly and fairly.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
||||
version 2.1, available at
|
||||
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
|
||||
|
||||
[homepage]: https://www.contributor-covenant.org
|
||||
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
|
||||
66
CONTRIBUTING.md
Normal file
66
CONTRIBUTING.md
Normal file
|
|
@ -0,0 +1,66 @@
|
|||
# Contributing to portfolio-optimiser
|
||||
|
||||
Thank you for your interest in contributing! This document provides guidelines and instructions
|
||||
for contributing.
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md).
|
||||
|
||||
## How to Contribute
|
||||
|
||||
### Reporting Issues
|
||||
|
||||
- Check existing issues before creating a new one
|
||||
- Provide clear reproduction steps
|
||||
- Include relevant environment details (OS, Python version, backend profile)
|
||||
|
||||
### Submitting Changes
|
||||
|
||||
1. Fork the repository
|
||||
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
|
||||
3. Make your changes following the conventions below
|
||||
4. Run the test, lint, and type checks (see Development Setup) and ensure they pass
|
||||
5. Commit your changes using [Conventional Commits](https://www.conventionalcommits.org/)
|
||||
(`type(scope): description`)
|
||||
6. Push to your branch and open a Pull Request
|
||||
|
||||
### Pull Request Guidelines
|
||||
|
||||
- Follow the existing code style (`ruff` enforced)
|
||||
- Type hints everywhere; `mypy`-clean where possible
|
||||
- Include tests for new functionality — this project uses **load-bearing tests**: a test that
|
||||
covers a seam must fail when that seam is detached, not merely pass while wired
|
||||
- The **deterministic validator is mandatory and blocking** — never make it an optional plugin
|
||||
- Keep PRs focused on a single change
|
||||
- Update documentation as needed
|
||||
|
||||
## Development Setup
|
||||
|
||||
Requires Python ≥ 3.10 and [`uv`](https://docs.astral.sh/uv/).
|
||||
|
||||
```bash
|
||||
# Clone your fork
|
||||
git clone https://git.fromaitochitta.com/open/portfolio-optimiser.git
|
||||
cd portfolio-optimiser
|
||||
|
||||
# Install dependencies
|
||||
uv sync
|
||||
|
||||
# Run tests
|
||||
uv run pytest
|
||||
|
||||
# Lint and format
|
||||
uv run ruff check .
|
||||
uv run ruff format .
|
||||
|
||||
# Type-check
|
||||
uv run mypy src
|
||||
```
|
||||
|
||||
Develop primarily on the **local backend profile** (free); reserve the Azure/Foundry profile for
|
||||
targeted, minimal verification.
|
||||
|
||||
## Questions?
|
||||
|
||||
Feel free to open an issue for any questions about contributing.
|
||||
21
LICENSE
Normal file
21
LICENSE
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2026 Kjell Tore Guttormsen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
|
@ -1,5 +1,9 @@
|
|||
# portfolio-optimiser
|
||||
|
||||
[](LICENSE)
|
||||
[](pyproject.toml)
|
||||
[](https://github.com/microsoft/agent-framework)
|
||||
|
||||
A generic, open framework — built on **Microsoft Agent Framework (MAF)** — that finds cost
|
||||
savings *inside* each project of a portfolio of independent projects. A swarm of agents
|
||||
generates candidate measures; a **mandatory deterministic validator** (solver + Monte Carlo)
|
||||
|
|
|
|||
44
SECURITY.md
Normal file
44
SECURITY.md
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
We take security seriously. If you discover a security vulnerability, please report it responsibly.
|
||||
|
||||
**Please do NOT report security vulnerabilities through public issues.**
|
||||
|
||||
### How to Report
|
||||
|
||||
Email: hello@fromaitochitta.com
|
||||
|
||||
Include:
|
||||
- Description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Any suggested fixes (optional)
|
||||
|
||||
### What to Expect
|
||||
|
||||
- Acknowledgment within 48 hours
|
||||
- Regular updates on progress
|
||||
- Credit in the fix announcement (if desired)
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| latest | :white_check_mark: |
|
||||
| < latest| :x: |
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
When using portfolio-optimiser:
|
||||
- Keep dependencies updated
|
||||
- Use environment variables for sensitive configuration — never commit secrets
|
||||
- Prefer the local-only backend profile; the framework makes no silent network egress
|
||||
- Follow the principle of least privilege for any data-source credentials
|
||||
|
||||
## Scope Note
|
||||
|
||||
portfolio-optimiser is a **technical framework**. Deploying organizations own their own data
|
||||
protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical
|
||||
prerequisites (local-only mode, provenance, no silent egress) but makes no compliance guarantees.
|
||||
Loading…
Add table
Add a link
Reference in a new issue