Add contributing guidelines and security policy documentation.

[terabytesoftw]

Pull Request

Q	A
Is bugfix?	❌
New feature?	✔️
Breaks BC?	❌

[coderabbitai]

Warning

Rate limit exceeded

@terabytesoftw has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 42 minutes and 51 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b26fbe73-b518-4fb2-99fb-bcb79ff9806e

📥 Commits

Reviewing files that changed from the base of the PR and between 886513f and b5500a3.

📒 Files selected for processing (2)

• CONTRIBUTING.md
• SECURITY.md

📝 Walkthrough

Walkthrough

Three repository governance documents are added or updated: CONTRIBUTING.md establishes development standards, environment requirements, coding conventions, testing expectations, and PR processes; SECURITY.md introduces vulnerability reporting procedures and timelines; PULL_REQUEST_TEMPLATE.md replaces its QA table with PR type checkboxes.

Changes

Repository Governance & Documentation

Layer / File(s)	Summary
Development Standards CONTRIBUTING.md	Comprehensive contribution guide covering PHP 8.3+ environment, Composer 2.x, PER 3.0 and PSR-12 coding standards, PHPUnit 12+ testing with 100% coverage target, and PR branching and commit conventions.
Security Policy SECURITY.md	New security policy section establishing private vulnerability reporting via GitHub Security Advisories, 48-hour acknowledgment and 7-day assessment SLAs, and applicability to all ui-awesome organization repositories.
PR Submission Mechanism PULL_REQUEST_TEMPLATE.md	PR template refactored with checklist categories for PR type (Breaking change, Bugfix, CI/build, Documentation, Feature, Refactoring) replacing the original QA table, while retaining the Related Issues section.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• ui-awesome/.github#4: Modifies PULL_REQUEST_TEMPLATE.md with similar PR type categorization updates.

Poem

🐰 Three scrolls unfurl with care and grace,
Contributing paths, a secure place,
Templates gleam with checkboxes bright,
Governance woven, policies tight,
Forge thrives as hearts align just right! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: adding contributing guidelines (CONTRIBUTING.md), security policy (SECURITY.md), and updating the PR template.
Description check	✅ Passed	The description uses a structured format to indicate this is a new feature that does not break backward compatibility, which aligns with the documentation additions in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature_3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CONTRIBUTING.md`:
- Line 1: Update the CONTRIBUTING.md title and placeholders to match this
repository: replace the header "Contributing to PHP Forge" with "Contributing to
ui-awesome" (or the repo's canonical name) and replace the generic "<package>"
placeholders in the install/setup sections with the actual package names or a
short note explaining how to find/replace them (e.g., project package names or
npm/yarn commands); verify any setup commands and examples (install/build/test)
reference the correct package and repo context so contributors aren’t
misdirected.

In `@SECURITY.md`:
- Line 9: Update the placeholder URL string
"https://github.com/ui-awesome/<package>" in SECURITY.md so it is actionable:
either replace it with a concrete example repository URL (e.g., a real repo
under ui-awesome) or change the text to explicitly instruct readers to "replace
<package> with the repository name" (for example:
"https://github.com/ui-awesome/<package> — replace <package> with the repository
name"). Ensure the new wording appears in place of the existing placeholder
string so reporters have a clear, runnable target.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 53048e57-1b0a-4d0c-ac57-9228cd0b9bc8

📥 Commits

Reviewing files that changed from the base of the PR and between 21e3fb0 and 886513f.

📒 Files selected for processing (3)

• CONTRIBUTING.md
• PULL_REQUEST_TEMPLATE.md
• SECURITY.md

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: linter / Super Linter

🧰 Additional context used

🪛 LanguageTool

PULL_REQUEST_TEMPLATE.md

[style] ~4-~4: Consider using a different verb for a more formal wording.
Context: ... - [ ] Bugfix (non-breaking change that fixes an issue) - [ ] CI/build configuration ...

(FIX_RESOLVE)

[terabytesoftw]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1024febc3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[terabytesoftw]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 👍

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".