diff --git a/CHANGELOG.md b/CHANGELOG.md index 94aa501..4d8386e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ All notable changes to this project will be documented in this file. +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + ## [Unreleased] ### Added @@ -15,8 +18,8 @@ All notable changes to this project will be documented in this file. (`uv run python -m portfolio_optimiser.simulation`) — plumbing proof, not live-model proof. - Framework-neutral shared core in `shared/`: OKF concept + example bundle, golden validator suite, and the expert-reviewer persona as an Agent Skill. -- Test suite: 152 passing tests (4 skips are live-provider-only), every wired seam covered by a +- Test suite: 237 passing tests (4 skips are live-provider-only), every wired seam covered by a load-bearing test that goes red when the seam is detached. ### Notes -- License to be finalized at release prep. +- Licensed under the MIT License (see `LICENSE`). diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..8116f31 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,59 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment: + +* Demonstrating empathy and kindness +* Being respectful of differing opinions and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing for mistakes +* Focusing on what is best for the community + +Examples of unacceptable behavior: + +* Trolling, insulting or derogatory comments +* Public or private harassment +* Publishing others' private information without permission +* Other conduct which could reasonably be considered inappropriate + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +hello@fromaitochitta.com. + +All complaints will be reviewed and investigated promptly and fairly. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a88616b --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,66 @@ +# Contributing to portfolio-optimiser + +Thank you for your interest in contributing! This document provides guidelines and instructions +for contributing. + +## Code of Conduct + +Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md). + +## How to Contribute + +### Reporting Issues + +- Check existing issues before creating a new one +- Provide clear reproduction steps +- Include relevant environment details (OS, Python version, backend profile) + +### Submitting Changes + +1. Fork the repository +2. Create a feature branch (`git checkout -b feature/amazing-feature`) +3. Make your changes following the conventions below +4. Run the test, lint, and type checks (see Development Setup) and ensure they pass +5. Commit your changes using [Conventional Commits](https://www.conventionalcommits.org/) + (`type(scope): description`) +6. Push to your branch and open a Pull Request + +### Pull Request Guidelines + +- Follow the existing code style (`ruff` enforced) +- Type hints everywhere; `mypy`-clean where possible +- Include tests for new functionality — this project uses **load-bearing tests**: a test that + covers a seam must fail when that seam is detached, not merely pass while wired +- The **deterministic validator is mandatory and blocking** — never make it an optional plugin +- Keep PRs focused on a single change +- Update documentation as needed + +## Development Setup + +Requires Python ≥ 3.10 and [`uv`](https://docs.astral.sh/uv/). + +```bash +# Clone your fork +git clone https://git.fromaitochitta.com/open/portfolio-optimiser.git +cd portfolio-optimiser + +# Install dependencies +uv sync + +# Run tests +uv run pytest + +# Lint and format +uv run ruff check . +uv run ruff format . + +# Type-check +uv run mypy src +``` + +Develop primarily on the **local backend profile** (free); reserve the Azure/Foundry profile for +targeted, minimal verification. + +## Questions? + +Feel free to open an issue for any questions about contributing. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1105208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 Kjell Tore Guttormsen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 689d815..92453d9 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # portfolio-optimiser +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) +[![Python](https://img.shields.io/badge/python-%E2%89%A53.10-blue.svg)](pyproject.toml) +[![Built on Microsoft Agent Framework](https://img.shields.io/badge/built%20on-Microsoft%20Agent%20Framework-0078D4.svg)](https://github.com/microsoft/agent-framework) + A generic, open framework — built on **Microsoft Agent Framework (MAF)** — that finds cost savings *inside* each project of a portfolio of independent projects. A swarm of agents generates candidate measures; a **mandatory deterministic validator** (solver + Monte Carlo) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2e0f68e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,44 @@ +# Security Policy + +## Reporting a Vulnerability + +We take security seriously. If you discover a security vulnerability, please report it responsibly. + +**Please do NOT report security vulnerabilities through public issues.** + +### How to Report + +Email: hello@fromaitochitta.com + +Include: +- Description of the vulnerability +- Steps to reproduce +- Potential impact +- Any suggested fixes (optional) + +### What to Expect + +- Acknowledgment within 48 hours +- Regular updates on progress +- Credit in the fix announcement (if desired) + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| latest | :white_check_mark: | +| < latest| :x: | + +## Security Best Practices + +When using portfolio-optimiser: +- Keep dependencies updated +- Use environment variables for sensitive configuration — never commit secrets +- Prefer the local-only backend profile; the framework makes no silent network egress +- Follow the principle of least privilege for any data-source credentials + +## Scope Note + +portfolio-optimiser is a **technical framework**. Deploying organizations own their own data +protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical +prerequisites (local-only mode, provenance, no silent egress) but makes no compliance guarantees.