chore(release): MIT license + CONTRIBUTING/SECURITY/CODE_OF_CONDUCT + README badges (S12)

This commit is contained in:
Kjell Tore Guttormsen 2026-07-05 08:10:09 +02:00
commit 254e3da1d8
6 changed files with 199 additions and 2 deletions

View file

@ -2,6 +2,9 @@
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
@ -15,8 +18,8 @@ All notable changes to this project will be documented in this file.
(`uv run python -m portfolio_optimiser.simulation`) — plumbing proof, not live-model proof.
- Framework-neutral shared core in `shared/`: OKF concept + example bundle, golden validator
suite, and the expert-reviewer persona as an Agent Skill.
- Test suite: 152 passing tests (4 skips are live-provider-only), every wired seam covered by a
- Test suite: 237 passing tests (4 skips are live-provider-only), every wired seam covered by a
load-bearing test that goes red when the seam is detached.
### Notes
- License to be finalized at release prep.
- Licensed under the MIT License (see `LICENSE`).

59
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,59 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment:
* Demonstrating empathy and kindness
* Being respectful of differing opinions and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing for mistakes
* Focusing on what is best for the community
Examples of unacceptable behavior:
* Trolling, insulting or derogatory comments
* Public or private harassment
* Publishing others' private information without permission
* Other conduct which could reasonably be considered inappropriate
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
hello@fromaitochitta.com.
All complaints will be reviewed and investigated promptly and fairly.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.1, available at
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
[homepage]: https://www.contributor-covenant.org
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html

66
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,66 @@
# Contributing to portfolio-optimiser
Thank you for your interest in contributing! This document provides guidelines and instructions
for contributing.
## Code of Conduct
Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md).
## How to Contribute
### Reporting Issues
- Check existing issues before creating a new one
- Provide clear reproduction steps
- Include relevant environment details (OS, Python version, backend profile)
### Submitting Changes
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes following the conventions below
4. Run the test, lint, and type checks (see Development Setup) and ensure they pass
5. Commit your changes using [Conventional Commits](https://www.conventionalcommits.org/)
(`type(scope): description`)
6. Push to your branch and open a Pull Request
### Pull Request Guidelines
- Follow the existing code style (`ruff` enforced)
- Type hints everywhere; `mypy`-clean where possible
- Include tests for new functionality — this project uses **load-bearing tests**: a test that
covers a seam must fail when that seam is detached, not merely pass while wired
- The **deterministic validator is mandatory and blocking** — never make it an optional plugin
- Keep PRs focused on a single change
- Update documentation as needed
## Development Setup
Requires Python ≥ 3.10 and [`uv`](https://docs.astral.sh/uv/).
```bash
# Clone your fork
git clone https://git.fromaitochitta.com/open/portfolio-optimiser.git
cd portfolio-optimiser
# Install dependencies
uv sync
# Run tests
uv run pytest
# Lint and format
uv run ruff check .
uv run ruff format .
# Type-check
uv run mypy src
```
Develop primarily on the **local backend profile** (free); reserve the Azure/Foundry profile for
targeted, minimal verification.
## Questions?
Feel free to open an issue for any questions about contributing.

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 Kjell Tore Guttormsen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -1,5 +1,9 @@
# portfolio-optimiser
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Python](https://img.shields.io/badge/python-%E2%89%A53.10-blue.svg)](pyproject.toml)
[![Built on Microsoft Agent Framework](https://img.shields.io/badge/built%20on-Microsoft%20Agent%20Framework-0078D4.svg)](https://github.com/microsoft/agent-framework)
A generic, open framework — built on **Microsoft Agent Framework (MAF)** — that finds cost
savings *inside* each project of a portfolio of independent projects. A swarm of agents
generates candidate measures; a **mandatory deterministic validator** (solver + Monte Carlo)

44
SECURITY.md Normal file
View file

@ -0,0 +1,44 @@
# Security Policy
## Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability, please report it responsibly.
**Please do NOT report security vulnerabilities through public issues.**
### How to Report
Email: hello@fromaitochitta.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
### What to Expect
- Acknowledgment within 48 hours
- Regular updates on progress
- Credit in the fix announcement (if desired)
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| latest | :white_check_mark: |
| < latest| :x: |
## Security Best Practices
When using portfolio-optimiser:
- Keep dependencies updated
- Use environment variables for sensitive configuration — never commit secrets
- Prefer the local-only backend profile; the framework makes no silent network egress
- Follow the principle of least privilege for any data-source credentials
## Scope Note
portfolio-optimiser is a **technical framework**. Deploying organizations own their own data
protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical
prerequisites (local-only mode, provenance, no silent egress) but makes no compliance guarantees.