@hiai-gg/hiai-docs 0.0.1

package/.github/workflows/ci.yml

@@ -0,0 +1,283 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+    tags:
+      - 'v*'
+  pull_request:
+    branches: [main]
+
+# Cancel in-progress runs for the same branch / PR
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Minimum permissions; jobs that need more request them explicitly
+permissions:
+  contents: read
+
+jobs:
+  # ---------------------------------------------------------------------------
+  # 1. Lint — Biome 2.4.15 (configured in root biome.json)
+  # ---------------------------------------------------------------------------
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - run: bun install
+      - run: bun run lint
+
+  # ---------------------------------------------------------------------------
+  # 2. Typecheck — `bun run typecheck` (root)
+  # ---------------------------------------------------------------------------
+  typecheck:
+    name: Typecheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - run: bun install
+      - run: bun run typecheck
+
+  # ---------------------------------------------------------------------------
+  # 3. Test — Bun test runner with PostgreSQL + Redis services
+  # ---------------------------------------------------------------------------
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: pgvector/pgvector:pg18
+        env:
+          POSTGRES_DB: hiai_docs_test
+          POSTGRES_USER: aiuser
+          POSTGRES_PASSWORD: testpassword
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd "pg_isready -U aiuser -d hiai_docs_test"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      redis:
+        image: redis:8-alpine
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    env:
+      DATABASE_URL: postgresql://aiuser:testpassword@localhost:5432/hiai_docs_test
+      REDIS_URL: redis://localhost:6379
+      BETTER_AUTH_SECRET: test-secret-key-minimum-32-chars-long
+      BETTER_AUTH_URL: http://localhost:50700
+      NODE_ENV: test
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - run: bun install
+      - run: cd packages/db && bun run db:migrate
+      - run: bun run test
+
+  # ---------------------------------------------------------------------------
+  # 4. Docker build — validate compose, build both images, security scan
+  # ---------------------------------------------------------------------------
+  docker-build:
+    name: Docker Build & Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Materialise a synthetic .env so `docker compose config` resolves vars
+      - name: Prepare .env for compose validation
+        run: |
+          cp .env.example .env
+          # Replace example secrets with deterministic test values
+          sed -i 's/^BETTER_AUTH_SECRET=.*/BETTER_AUTH_SECRET=ci-validation-secret-32-chars-long-xxx/' .env
+          sed -i 's/^CSRF_SECRET=.*/CSRF_SECRET=ci-csrf-secret-32-chars-long-yyy/' .env
+          sed -i 's/^MINIO_SECRET_KEY=.*/MINIO_SECRET_KEY=ci-minio-secret-32-chars-long-zzz/' .env
+          sed -i 's/^WEBHOOK_SECRET=.*/WEBHOOK_SECRET=ci-webhook-secret-32-chars-long-aaa/' .env
+
+      # A) Validate docker-compose.yml — catches bad interpolations & schema errors
+      - name: Validate docker compose
+        run: docker compose config --quiet
+
+      # B) Set up buildx with GitHub Actions cache
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: image=moby/buildkit:latest
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      # C) Build the backend image (root context, dockerfile: backend/Dockerfile)
+      - name: Build backend image (api)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.backend
+          tags: hiai-docs/api:ci-${{ github.sha }}
+          labels: |
+            org.opencontainers.image.title=hiai-docs-api
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          load: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      # D) Build the frontend image (root context, dockerfile: frontend/Dockerfile)
+      - name: Build frontend image (web)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: frontend/Dockerfile
+          tags: hiai-docs/web:ci-${{ github.sha }}
+          labels: |
+            org.opencontainers.image.title=hiai-docs-web
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          load: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      # E) Smoke test — start the built image and curl its health endpoint
+      - name: Smoke test backend image
+        env:
+          BETTER_AUTH_SECRET: ci-smoke-secret-32-chars-long-bbb
+          CSRF_SECRET: ci-csrf-secret-32-chars-long-ccc
+          MINIO_SECRET_KEY: ci-minio-secret-32-chars-long-ddd
+          WEBHOOK_SECRET: ci-webhook-secret-32-chars-long-eee
+          DATABASE_URL: postgresql://x:y@127.0.0.1:5432/z
+          REDIS_URL: redis://127.0.0.1:6379
+          API_PORT: 50700
+          NODE_ENV: production
+        run: |
+          # Quick boot check — image must start, listen, and respond to /api/health
+          docker run --rm -d --name hiai-docs-api-smoke \
+            -e BETTER_AUTH_SECRET -e CSRF_SECRET -e MINIO_SECRET_KEY \
+            -e WEBHOOK_SECRET -e DATABASE_URL -e REDIS_URL \
+            -e API_PORT -e NODE_ENV \
+            -p 50700:50700 hiai-docs/api:ci-${{ github.sha }}
+          sleep 5
+          # Server is expected to fail DB connection in CI — we only verify the
+          # image boots and the Bun runtime starts. A 5xx on /api/health is OK
+          # as long as the port is open.
+          curl -sS -o /dev/null -w "HTTP %{http_code}\n" http://127.0.0.1:50700/api/health || true
+          docker stop hiai-docs-api-smoke || true
+
+      # F) Security scan — Trivy (preferred; Docker Scout as fallback)
+      - name: Security scan with Trivy
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: hiai-docs/api:ci-${{ github.sha }}
+          format: "table"
+          exit-code: "0"   # warn-only on PRs; tighten to "1" on protected branches
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
+          output: "trivy-api.sarif"
+      - name: Upload Trivy SARIF (backend)
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-api.sarif
+          category: trivy-api
+
+      - name: Security scan frontend with Trivy
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: hiai-docs/web:ci-${{ github.sha }}
+          format: "table"
+          exit-code: "0"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
+          output: "trivy-web.sarif"
+      - name: Upload Trivy SARIF (frontend)
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-web.sarif
+          category: trivy-web
+
+      # G) Finalise cache (atomic swap)
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      # H) Tag & Push to Docker Hub (only on tag release)
+      - name: Log in to Docker Hub
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Tag and push API image
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          docker tag hiai-docs/api:ci-${{ github.sha }} vgalibov/hiai-docs:api-${{ github.ref_name }}
+          docker push vgalibov/hiai-docs:api-${{ github.ref_name }}
+
+      - name: Tag and push Web image
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          docker tag hiai-docs/web:ci-${{ github.sha }} vgalibov/hiai-docs:web-${{ github.ref_name }}
+          docker push vgalibov/hiai-docs:web-${{ github.ref_name }}
+
+  # ---------------------------------------------------------------------------
+  # 5. Publish NPM — publish package `@hiai-gg/hiai-docs` to NPM
+  # ---------------------------------------------------------------------------
+  publish-npm:
+    name: Publish NPM Package
+    needs: [lint, typecheck, test, docker-build]
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install
+
+      - name: Prepare public package.json
+        run: |
+          # Swap package.json with package.public.json for publishing
+          # We also extract the version from the git tag (removing 'v' prefix if present)
+          TAG_VERSION="${{ github.ref_name }}"
+          CLEAN_VERSION="${TAG_VERSION#v}"
+
+          # Replace name and version in package.public.json
+          bun -e "
+            const fs = require('fs');
+            const pkg = JSON.parse(fs.readFileSync('package.public.json', 'utf8'));
+            pkg.name = '@hiai-gg/hiai-docs';
+            pkg.version = '${CLEAN_VERSION}';
+            fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));
+          "
+
+      - name: Publish to NPM
+        run: bun publish --no-git-checks --access public
+        env:
+          NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}

package/AGENTS.md

@@ -0,0 +1,237 @@
+# hiai-docs
+
+> Standalone, open-source, AI-native knowledge base. Markdown-first, auto-embeddings, self-hostable.
+
+## 📍 Источник правды экосистемы (читать первым)
+
+hiai-docs — часть экосистемы HiAi (модуль документов + источник дизайн-токенов). Общая правда — в корне `projects/`:
+- [`../HIAI_CONVENTIONS.md`](../HIAI_CONVENTIONS.md) — правила, топология, дизайн-токены, plugin-контракт.
+- [`../HIAI_ECOSYSTEM_UNIFICATION_PLAN.md`](../HIAI_ECOSYSTEM_UNIFICATION_PLAN.md) — программа унификации (U0–U5).
+
+### Project Documents (Index)
+`README.md` · `AGENTS.md` (this one) · `todo.md` - core. `CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`, `SECURITY.md` - standard.
+
+## Identity & Purpose
+
+**hiai-docs** is a self-hosted knowledge base with built-in vector embeddings for RAG-ready semantic search. Alternative to Outline/Docmost with focus on simplicity, AI integration, and data ownership.
+
+**Open-source (MIT).** All paths, keys, dependencies via `.env`. Zero hardcoded secrets.
+
+## Runtime Contract
+
+| Property | Value |
+|----------|-------|
+| **Runtime** | Bun 1.3.14+ |
+| **Backend** | Elysia 1.4.28+ (ESM-only) |
+| **Frontend** | SvelteKit 2.60+ + Svelte 5.55+ |
+| **UI** | shadcn-svelte 1.2.7+ (new-york style) + Tailwind CSS v4 |
+| **Editor** | svelte-tiptap + TipTap v3 (WYSIWYG + raw MD toggle) |
+| **ORM** | Drizzle ORM 0.45.2+ |
+| **Database** | PostgreSQL 18.4 + pgvector |
+| **Cache** | Redis 8.6+ |
+| **Auth** | Better Auth |
+| **Storage** | MinIO (S3-compatible) |
+| **Embeddings** | Ollama (configurable, API fallback) |
+| **Logging** | Pino |
+| **Validation** | Zod |
+| **API Port** | 50700 |
+| **Frontend Port** | 50701 |
+| **Module System** | ESM-only, TypeScript strict |
+
+## Canonical Commands
+
+| Task | Command | Working Dir |
+|------|---------|-------------|
+| **Install** | `bun install` | Root |
+| **Dev (all)** | `bun run dev:all` | Root |
+| **Dev (api)** | `bun run dev` | `backend/` |
+| **Dev (web)** | `bun run dev` | `frontend/` |
+| **Lint** | `bun run lint` | Root |
+| **Typecheck** | `bun run typecheck` | Root |
+| **Test** | `bun test` | `backend/` or `frontend/` |
+| **DB Push** | `bun run db:push` | `packages/db/` |
+| **DB Generate** | `bun run db:generate` | `packages/db/` |
+| **DB Migrate** | `bun run db:migrate` | `packages/db/` |
+| **Docker Up** | `docker compose up -d` | Root |
+| **Docker Down** | `docker compose down` | Root |
+| **Backup** | `scripts/prework_backup.sh hiai-docs` | Root |
+
+## Health Checks
+
+```bash
+# API health
+curl -fsS http://localhost:50700/api/health
+
+# Database
+psql -h localhost -p 5433 -U aiuser -d hiai_docs -c "SELECT NOW();"
+
+# Redis
+redis-cli -p 6380 ping
+
+# Ollama
+curl -fsS http://localhost:11434/api/tags
+
+# MinIO
+curl -fsS http://localhost:9000/minio/health/live
+```
+
+## Architecture
+
+### Data Isolation
+
+- **Current:** User-scoped (`owner_id` on every table)
+- **Future:** `tenant_id` nullable column reserved for multi-tenancy
+- Every query MUST include `WHERE owner_id = $1`
+- No cross-user data access except via share_links
+
+### Module Boundaries
+
+```
+backend/src/
+├── api/              # HTTP layer (routes, middleware)
+│   ├── routes/       # Route handlers
+│   └── middleware/    # Auth, rate-limit, logging
+├── embedding/        # Embedding pipeline (isolated from API)
+├── lib/              # Shared utilities (db, config, logger)
+└── index.ts          # Entry point
+```
+
+- `api/` MUST NOT export internal functions — only route registrations
+- `embedding/` MUST NOT import from `api/` — use event bus or queue
+- `lib/` MUST NOT import from `api/` or `embedding/`
+
+### Embedding Pipeline
+
+```
+document.save() → chunk(500 tokens, 50 overlap) → embed(provider) → store(pgvector)
+                                                    ↓ on failure
+                                              fallback(provider) → dummy vector
+```
+
+Configured via `.env`:
+```
+EMBEDDING_PROVIDER=ollama|openrouter|voyage
+EMBEDDING_FALLBACK_PROVIDER=openrouter
+```
+
+### Search
+
+Hybrid search: `0.4 * full_text + 0.6 * semantic_cosine` (configurable weights)
+
+## Coding Guidelines
+
+### Hard Rules
+
+- **Bun-native:** No npm/yarn, no Node-only packages, no CommonJS
+- **ESM-only:** All imports use ESM syntax
+- **TypeScript strict:** No `any`, proper Zod validation on all inputs
+- **English only:** Code, comments, docs, README, AGENTS.md — zero Russian
+- **No Playwright:** Use agent-browser for E2E testing
+- **No root file sprawl:** Every file belongs in a canonical directory
+- **Environment-driven:** All config in `.env`, zero hardcoded paths/keys
+- **No autonomous git pushes:** Push requires explicit user authorization
+
+### TypeScript Config
+
+```jsonc
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "noUncheckedIndexedAccess": true
+  }
+}
+```
+
+### Dev Quirks & Known Workarounds
+
+These are non-obvious project decisions pinned in `package.json` / Dockerfiles. Do not "clean up" without first understanding the constraint.
+
+- **`@sinclair/typebox@^0.34.0` (root devDependency)** — Forces a single Typebox version across the workspace to resolve a peer-dep conflict with Elysia 1.4.28. Required for `bun install` to succeed; do not remove.
+- **`bun test --path-ignore-patterns='*node_modules*'`** — Bun 1.3's smart test discovery walks into hoisted `node_modules` and tries to run upstream library tests, which fail on missing fixtures. The path-ignore flag scopes test discovery to our own `src/` and `tests/` directories. Keep this flag on every `test` script.
+- **Paraglide v2 SvelteKit integration** — i18n is driven by `@inlang/paraglide-js@2.x` directly. The deprecated `@inlang/paraglide-sveltekit` adapter is NOT used. Setup:
+  - `frontend/vite.config.ts` registers `paraglideVitePlugin({ project, outdir, strategy })`.
+  - `frontend/src/hooks.ts` exports a `reroute` hook calling `deLocalizeUrl(request.url).pathname`.
+  - `frontend/src/hooks.server.ts` exports `handle` wrapping `paraglideMiddleware()` from the generated `$lib/paraglide/server.js`.
+  - Components use `import * as m from "$lib/paraglide/messages.js"` and `import { getLocale } from "$lib/paraglide/runtime"`.
+  - The `frontend/Dockerfile` does NOT need any `sed` patch — `@inlang/sdk@2.x` no longer triggers Bun's `NameTooLong` error.
+
+### Svelte Rules
+
+- Svelte 5 runes enforced globally (`runes: true`)
+- `$props()` for component props, `{@render children?.()}` for slots
+- `$derived.by()` for multi-line derived values
+- `$effect()` returns void — cleanup inside body
+- `import type` only for type-only imports (not for bind:this targets)
+- `import { page } from '$app/state'` (not `$app/stores`)
+- `./$types` generated at build time — ignore IDE errors
+
+### API Rules
+
+- Every route validated with Zod schemas
+- Rate limiting on all public endpoints (Redis-based)
+- Pino logger with structured logging
+- Better Auth session check on all protected routes
+- `set.status` for HTTP status codes (Elysia pattern)
+
+## Development
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on code style, testing, and PR workflow.
+
+## Docker Services
+
+| Container | Image | Port | Purpose |
+|-----------|-------|------|---------|
+| postgres | pgvector/pgvector:pg18 | 5433:5432 | Database |
+| redis | redis:8-alpine | 6380:6379 | Cache/queue |
+| ollama | ollama/ollama | 11434:11434 | Embeddings |
+| minio | minio/minio | 9000:9000, 9001:9001 | File storage |
+| api | custom | 50700:50700 | Elysia backend |
+| web | custom | 50701:50701 | SvelteKit frontend |
+| caddy | caddy:2-alpine | 80:80, 443:443 | Reverse proxy |
+
+## Multi-Agent Development
+
+### Wave Structure
+
+Phases are designed for parallel agent execution:
+- **Foundation wave:** Schema + Docker + config (sequential, shared state)
+- **Backend wave:** API routes (parallel by domain: docs, folders, search, share, tags)
+- **Frontend wave:** Pages + components (parallel by page)
+- **Integration wave:** API + frontend wiring (sequential)
+- **Polish wave:** Tests + docs + deploy (parallel)
+
+### File Ownership Matrix
+
+Each agent claims exclusive file ownership to prevent conflicts:
+- Backend routes: one agent per route domain
+- Frontend pages: one agent per page
+- Shared utilities: foundation agent only
+- Schema: foundation agent only
+
+### Post-Agent Cleanup
+
+After parallel agent waves:
+1. Run `bun run typecheck` — fix all TS errors
+2. Run `bun test` — fix failing tests
+3. Run `bun run lint` — fix lint issues
+4. Verify no duplicate imports/exports
+5. Verify no orphaned files
+
+## CLOSURE_PROTOCOL
+
+### Mandatory Task Finalization
+
+End every response with a structured `<CLOSURE>` block:
+
+```xml
+<CLOSURE>
+{
+  "reasoning": "Concise summary of what was achieved.",
+  "evidence": ["File paths", "Test results", "LSP diagnostics"],
+  "readiness": "done" | "accept" | "reject"
+}
+</CLOSURE>
+```

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,134 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at:
+
+**hiai@webs.cool**
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences of any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][mozilla coc].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][faq]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[mozilla coc]: https://github.com/mozilla/diversity
+[faq]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations