create-mushi-mushi 0.5.0 → 0.5.1

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,51 @@
+<!--
+  AUTO-SYNCED from repo root by scripts/sync-community-files.mjs.
+  Do not edit here — edit the canonical file at the repository root and
+  re-run `node scripts/sync-community-files.mjs` (pre-commit hook does this
+  automatically).
+-->
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project team at **security@mushimushi.dev**.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/),
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.

package/CONTRIBUTING.md

@@ -0,0 +1,122 @@
+<!--
+  AUTO-SYNCED from repo root by scripts/sync-community-files.mjs.
+  Do not edit here — edit the canonical file at the repository root and
+  re-run `node scripts/sync-community-files.mjs` (pre-commit hook does this
+  automatically).
+-->
+
+# Contributing to Mushi Mushi
+
+Thanks for wanting to help. Here's everything you need to get started.
+
+## Prerequisites
+
+- **Node.js >= 22** (see `.node-version`)
+- **pnpm >= 10** — install with `corepack enable`
+
+## Setup
+
+```bash
+git clone https://github.com/kensaurus/mushi-mushi.git
+cd mushi-mushi
+pnpm install
+pnpm build
+```
+
+## Development
+
+```bash
+pnpm dev          # Start all dev servers (admin on :6464)
+pnpm test         # Run Vitest across all packages
+pnpm typecheck    # TypeScript checks
+pnpm lint         # ESLint
+pnpm format       # Prettier
+```
+
+### Working on a single package
+
+```bash
+cd packages/core
+pnpm dev          # Watch mode
+pnpm test         # Tests for this package only
+```
+
+## Project Structure
+
+```
+packages/
+  core/          Types, API client, offline queue (MIT)
+  web/           Browser SDK — widget, capture (MIT)
+  react/         React bindings (MIT)
+  vue/           Vue 3 plugin (MIT)
+  svelte/        Svelte SDK (MIT)
+  angular/       Angular SDK (MIT)
+  react-native/  React Native SDK (MIT)
+  cli/           CLI tool (MIT)
+  mcp/           MCP server for coding agents (MIT)
+  server/        Supabase Edge Functions (BSL)
+  agents/        Agentic fix pipeline (BSL)
+  verify/        Fix verification (BSL)
+apps/
+  admin/         Admin dashboard (React + Tailwind)
+  docs/          Documentation site (planned)
+tooling/
+  eslint-config/ Shared ESLint flat config
+  tsconfig/      Shared TypeScript configs
+```
+
+## Making Changes
+
+1. Create a feature branch from `master`
+2. Make your changes
+3. Add tests for new functionality
+4. Run `pnpm typecheck && pnpm lint && pnpm test` to verify
+5. Create a changeset if your change affects published packages:
+   ```bash
+   pnpm changeset
+   ```
+6. Open a pull request
+
+## Changesets
+
+We use [Changesets](https://github.com/changesets/changesets) for versioning. If your PR modifies a published package (`core`, `web`, `react`, `vue`, `svelte`, `angular`, `react-native`, `cli`, `mcp`), add a changeset:
+
+```bash
+pnpm changeset
+```
+
+Select the affected packages, the semver bump type, and write a summary. The changeset file gets committed with your PR.
+
+## Code Style
+
+- **TypeScript strict mode** — no `any` unless absolutely necessary
+- **Prettier** formats everything — run `pnpm format` before committing
+- **ESLint** catches bugs — `pnpm lint` must pass
+- **No default exports** in library packages — use named exports
+- **Dual ESM/CJS** builds via tsup for all SDK packages
+
+## Commit Messages
+
+Use conventional commits:
+
+```
+feat(core): add batch report submission
+fix(web): prevent widget from opening during screenshot
+docs(react): update provider usage example
+chore: bump dependencies
+```
+
+## Tests
+
+- **Framework:** Vitest
+- **Location:** Co-located with source (`src/foo.test.ts`)
+- **Coverage:** Required for `core`, `web`, `react` — encouraged for all packages
+
+## License
+
+- SDK packages are MIT — your contributions will be MIT-licensed
+- Server/agents/verify are BSL 1.1 — contributions to those packages fall under BSL
+
+## Questions?
+
+Open an issue or start a discussion. We're happy to help.

package/SECURITY.md

@@ -0,0 +1,50 @@
+<!--
+  AUTO-SYNCED from repo root by scripts/sync-community-files.mjs.
+  Do not edit here — edit the canonical file at the repository root and
+  re-run `node scripts/sync-community-files.mjs` (pre-commit hook does this
+  automatically).
+-->
+
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.x     | Yes       |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly.
+
+**Do NOT open a public GitHub issue.**
+
+Instead, email: **security@mushimushi.dev**
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Impact assessment
+- Suggested fix (if any)
+
+We will acknowledge receipt within 48 hours and aim to release a patch within 7 days for critical issues.
+
+## Scope
+
+- All `@mushi-mushi/*` npm packages
+- Supabase Edge Functions (server-side)
+- Admin console application
+- CLI tool
+
+## Out of Scope
+
+- Self-hosted deployments configured by the user
+- Third-party integrations (Jira, Linear, PagerDuty)
+- Vulnerabilities requiring physical access
+
+## Security Best Practices for Users
+
+- **Never commit your API keys** — use environment variables
+- **Rotate API keys** regularly via the admin console
+- **Enable SSO** for team projects (Enterprise tier)
+- **Review audit logs** periodically for suspicious activity

package/dist/index.js

@@ -3,7 +3,7 @@
 // src/index.ts
 import { runInit } from "@mushi-mushi/cli/init";
 import { FRAMEWORK_IDS, isFrameworkId } from "@mushi-mushi/cli/detect";
-var VERSION = true ? "0.5.0" : "0.0.0-dev";
+var VERSION = true ? "0.5.1" : "0.0.0-dev";
 var MIN_NODE_MAJOR = 18;
 var ISSUES_URL = "https://github.com/kensaurus/mushi-mushi/issues";
 var HELP = `create-mushi-mushi \u2014 add Mushi Mushi to your existing project

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "create-mushi-mushi",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "license": "MIT",
   "description": "Run `npm create mushi-mushi` to add the Mushi Mushi bug-reporting SDK to your existing project — the wizard auto-detects your framework (React, Vue, Svelte, Angular, React Native, Expo, Capacitor) and installs the right package.",
   "bin": {
     "create-mushi-mushi": "./dist/index.js"
   },
   "dependencies": {
-    "@mushi-mushi/cli": "^0.5.0"
+    "@mushi-mushi/cli": "^0.5.1"
   },
   "devDependencies": {
     "@types/node": "^22.15.3",
@@ -38,7 +38,10 @@
   "files": [
     "dist",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "CONTRIBUTING.md",
+    "CODE_OF_CONDUCT.md",
+    "SECURITY.md"
   ],
   "sideEffects": false,
   "keywords": [