Merge pull request #6 from L3DigitalNet/maintenance/community-health-2026-02-18

chrisdpurcell · web-flow · commit 4bfd642f586e · 2026-02-18T13:57:56.000-05:00
[Maintenance] Community health — SECURITY.md, CONTRIBUTING.md, CODE_OF_CONDUCT.md, PR template fix
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -16,7 +16,7 @@ Please delete options that are not relevant.
 
 ## Integration Quality Scale
 
-Which quality tier does this PR target or improve? See [docs/QUALITY_CHECKLIST.md](../docs/QUALITY_CHECKLIST.md) for detailed requirements.
+Which quality tier does this PR target or improve? See the [HA Integration Quality Scale](https://developers.home-assistant.io/docs/integration_quality_scale_index) for detailed requirements.
 
 - [ ] Bronze (Config flow, basic tests, manifest)
 - [ ] Silver (Error handling, availability, documentation)
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,54 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+**security@l3digital.net**.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/),
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,101 @@
+# Contributing to ha-light-controller
+
+Thank you for your interest in contributing! This document provides guidelines
+and information for contributors.
+
+## Getting Started
+
+1. Fork the repository
+2. Clone your fork: `git clone https://github.com/YOUR_USERNAME/ha-light-controller.git`
+3. Create a feature branch: `git checkout -b feature/your-feature-name`
+4. Make your changes
+5. Push to your fork: `git push origin feature/your-feature-name`
+6. Open a Pull Request against the `main` branch
+
+## Development Setup
+
+### Prerequisites
+
+- Python 3.13+
+- [UV](https://docs.astral.sh/uv/) package manager
+
+### Install UV
+
+```bash
+curl -LsSf https://astral.sh/uv/install.sh | sh
+```
+
+### Set up the project
+
+```bash
+git clone https://github.com/L3DigitalNet/ha-light-controller.git
+cd ha-light-controller
+make setup        # Creates venv and installs dependencies
+source .venv/bin/activate
+```
+
+### Run tests
+
+```bash
+make test         # Run all tests
+make test-cov     # Run tests with coverage report
+pytest tests/test_controller.py   # Run a specific test file
+```
+
+Tests mock the `homeassistant` module — no running Home Assistant instance is needed.
+
+### Quality checks
+
+```bash
+make lint         # Ruff linter
+make lint-fix     # Lint with auto-fix
+make format       # Ruff formatter
+make type-check   # mypy type checker
+make quality      # All checks at once
+make ci           # Full CI simulation
+```
+
+## Pull Request Guidelines
+
+- **One concern per PR.** Keep changes focused and reviewable.
+- **Write descriptive commit messages.** Explain *what* changed and *why*.
+- **Update CHANGELOG.md** for all non-trivial changes.
+- **Add tests** for new functionality.
+- **Ensure all checks pass** before requesting review: `make ci`
+
+## Home Assistant Constraints
+
+This is a Home Assistant integration. All contributions must follow HA's async requirements:
+
+- **Never use blocking I/O** — no `time.sleep()`, sync `requests`, or blocking file operations
+- **All I/O must be async** — use `await`, or `hass.async_add_executor_job()` for unavoidable sync calls
+- **Use HA APIs** — `hass.services.async_call`, `hass.states.get`, etc. Never bypass the state machine
+
+## Code Style
+
+This project uses [Ruff](https://docs.astral.sh/ruff/) for linting and formatting, and [mypy](https://mypy.readthedocs.io/) for type checking.
+
+- Run `make format` to auto-format code
+- Run `make lint` to check for issues (or `make lint-fix` to auto-fix)
+- Run `make type-check` to verify types — all new code must pass with 0 errors
+- Use modern Python type hints (`list[str]`, `X | None` — not `List`, `Optional`)
+- Prefer flat over nested — if nesting exceeds 3 levels, extract a helper
+
+## Reporting Issues
+
+- Use the [issue tracker](https://github.com/L3DigitalNet/ha-light-controller/issues) to report bugs
+- Check existing issues before creating a new one
+- Use the issue templates when available
+- Include steps to reproduce for bug reports
+
+## Security Issues
+
+Please do **not** open public issues for security vulnerabilities. See [SECURITY.md](SECURITY.md) for responsible disclosure instructions.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the same [MIT License](LICENSE) as the project.
+
+## Questions?
+
+Feel free to open a [GitHub Discussion](https://github.com/L3DigitalNet/ha-light-controller/discussions) or an issue if you have questions about contributing.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,43 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+### Contact
+
+- **Email:** security@l3digital.net
+- **Subject line:** [SECURITY] ha-light-controller — Brief description
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+### Response timeline
+
+- **Acknowledgment:** Within 3 business days
+- **Assessment:** Within 1 week of acknowledgment
+- **Fix timeline:** Depends on severity, but we aim to address critical issues within 30 days
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest release | ✅ |
+| Previous minor | ✅ |
+| Older versions | ❌ |
+
+## Disclosure Policy
+
+We follow coordinated disclosure. We ask that you:
+
+1. Give us reasonable time to address the issue before public disclosure
+2. Make a good faith effort to avoid privacy violations, data destruction, or service disruption
+3. Do not access or modify other users' data
+
+We will credit reporters who follow responsible disclosure practices.
