Initial commit

Author: AndreaGriffiths11

.DS_Store

@@ -0,0 +1,5 @@
+.gitignore export-ignore
+.npmignore export-ignore
+.vscodeignore export-ignore
+.gitattributes export-ignore
+.DS_Store export-ignore

.gitattributes

@@ -0,0 +1,37 @@
+# Prevent nested git repositories
+.git
+
+# Node.js
+node_modules/
+npm-debug.log
+yarn-error.log
+package-lock.json
+yarn.lock
+
+# Build & Distribution
+dist/
+build/
+*.tsbuildinfo
+
+# Environment Variables
+.env
+.env.local
+.env.*.local
+
+# IDE & Editor
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+Thumbs.db
+
+# OS
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Logs
+logs/
+*.log

.gitignore

@@ -0,0 +1,4 @@
+.git
+.gitignore
+.vscode
+.DS_Store

.npmignore

@@ -0,0 +1,4 @@
+.git
+.gitignore
+.vscode
+**/.DS_Store

.vscodeignore

@@ -0,0 +1,20 @@
+Creative Commons Attribution 4.0 International
+
+This work is licensed under the Creative Commons Attribution 4.0 International License.
+To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/
+or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
+
+You are free to:
+- Share — copy and redistribute the material in any medium or format
+- Adapt — remix, transform, and build upon the material for any purpose, even commercially
+
+Under the following terms:
+- Attribution — You must give appropriate credit, provide a link to the license, 
+  and indicate if changes were made. You may do so in any reasonable manner, 
+  but not in any way that suggests the licensor endorses you or your use.
+
+No additional restrictions — You may not apply legal terms or technological measures 
+that legally restrict others from doing anything the license permits.
+
+For the full legal text of this license, see:
+http://creativecommons.org/licenses/by/4.0/legalcode

LICENSE

@@ -0,0 +1,97 @@
+# Open Source Best Practices
+
+**Use this if:** You're launching a project publicly, hardening an existing public repo, or preparing a private project for open source. Works standalone or with AI agents (GitHub Copilot, Claude, etc.) that recognize skill formats.
+
+I built this skill because I've seen too many projects launch publicly without thinking through what comes next. Whether you're open-sourcing something for the first time or hardening an existing repo, this framework keeps you from discovering critical gaps after your first contributors show up.
+
+This isn't theoretical. It's built on what actually breaks projects: missing security cleanup, unclear governance, burned-out maintainers, and documentation that assumes too much knowledge. We fix those things first.
+
+## What's Inside
+
+You get 8 phases that build on each other, starting with security and ending with sustainability. Each phase has concrete checklists and reference guides you can actually use, not generic best practices that sound nice but don't help.
+
+**The phases:**
+
+Phase 1 is security—clean your git history and remove secrets before anything else. Use [Git History Cleaner](https://andreagriffiths11.github.io/git-history-cleaner/) to scan for and remove API keys, credentials, .env files, and sensitive data. If you skip this, nothing else matters.
+
+Phase 2 covers legal and ownership. Choose your license, verify you own the code, and define what the project is actually for.
+
+Phase 3 is community foundations. Code of conduct and governance. You're setting expectations for how decisions get made.
+
+Phase 4 is documentation and onboarding. README, CONTRIBUTING, issue templates. Help people help themselves.
+
+Phase 5 is setup and infrastructure. CI/CD, verified setup instructions. Make it easy to contribute.
+
+Phase 6 defines maintainer expectations. Roles, SLAs, how to say no. This prevents burnout.
+
+Phase 7 is security and vulnerability reporting. A process for handling incidents responsibly.
+
+Phase 8 is funding and sustainability. GitHub Sponsors, transparency. Optional, but worth thinking about early.
+
+## How to Use This
+
+**Start here:** Read the full framework in [SKILL.md](SKILL.md). It has all 8 phases with checklists and explains why each one matters.
+
+If you're launching a new project, start with Phase 1 and work through in order. If you already have a public repo, work through them anyway—you can retrofit this framework even if you're already public.
+
+Each phase has a detailed reference guide. Want to pick a license? There's a decision tree. Need to set up GitHub Sponsors? There's a template. Writing a security policy? Copy what's here and adapt it.
+
+You don't have to do all of it at once.
+
+### With AI Agents
+
+If you're using GitHub Copilot, Claude, or another AI agent that recognizes skills, you can ask:
+- "Use the open-source-best-practices skill to help me clean my git history"
+- "Guide me through Phase 2 (Legal & Ownership) for my project"
+- "What files do I need before going public?"
+
+See [github-copilot/AGENTS.md](github-copilot/AGENTS.md) for the agent workflow and how it guides you through each phase. 
+
+## Essential Tool: Git History Cleaner
+
+Before you start the phases, you need [Git History Cleaner](https://andreagriffiths11.github.io/git-history-cleaner/). This tool scans your entire git history for secrets, credentials, API keys, .env files, large binaries, and sensitive data—things you didn't realize were committed years ago.
+
+It safely removes them and rewrites your history so the data is truly gone, not just hidden. This is non-negotiable before going public. Use it first, in Phase 1.
+
+## Key Idea
+
+Your project is healthy when new people can set up locally in 30 minutes, contributors know how to submit PRs without asking, you respond to issues within your stated SLA, your roadmap is visible, security issues have a private reporting process, and you can actually sustain maintenance.
+
+Everything else flows from that.
+
+## Reference Guides Included
+
+- **file-checklist.md** — what files you actually need
+- **license-selection.md** — how to pick one that fits
+- **security-practices.md** — git history cleaning and secret removal
+- **governance.md** — how decisions actually get made
+- **maintainer-expectations.md** — roles, SLAs, and protecting yourself
+- **sponsors-setup.md** — GitHub Sponsors tiers and strategy
+- **template-examples.md** — copy-paste text you can use
+
+## Common Questions
+
+**Do I have to do all 8 phases?** Phases 1-7 before you go public. Phase 8 is optional but recommended.
+
+**Can I skip ahead?** No. Always start with Phase 1. The rest build on it.
+
+**What if I'm already public?** Do it anyway. You can add governance and documentation to an existing repo.
+
+**How long does this take?** Depends on complexity. A week for simple projects, a month for complex ones.
+
+---
+
+## License
+
+This skill is licensed under the **Creative Commons Attribution 4.0 International (CC-BY-4.0) License**. You're free to share and adapt this material for any purpose, including commercially, as long as you provide appropriate attribution. See the [LICENSE](LICENSE) file for details.
+
+## Next Steps
+
+Ready to move forward? 
+
+1. Read [SKILL.md](SKILL.md) for the complete framework
+2. Start with Phase 1: Git history cleanup using [Git History Cleaner](https://andreagriffiths11.github.io/git-history-cleaner/)
+3. Work through each phase in order
+
+Questions or ideas? Open an issue on [GitHub](https://github.com/AndreaGriffiths11/open-source-best-practices) or find me on [X](https://x.com/acolombiadev).
+