gravitas-ui 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+
+All notable changes to Gravitas UI will be documented in this file.
+
+## 0.1.0 - 2026-04-11
+
+Initial public release.
+
+Highlights:
+
+- Angular standalone component library for Bootstrap-aligned enterprise UI
+- standalone form controls, buttons, cards, tables, tabs, modals, alerts, badges, avatars, loaders, empty states, dropdowns, tooltips, skeletons, and toasts
+- shared Gravitas token system for theme, density, spacing, radius, elevation, and semantic color surfaces
+- Storybook documentation covering introduction, quickstart, foundations, component usage, and AI-assisted migration guidance
+- packaged consumer styles under `styles/`
+- packaged AI migration spec under `ai/gravitas-component-migration.md`
+- MIT licensing and a published security policy
+- runtime dependency ranges updated to safe Angular 21.2.4+ consumer lines
+
+Notes:
+
+- remaining audit residue is limited to Compodoc-based documentation tooling and does not affect the published runtime package

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gravitas UI contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,202 @@
+# Gravitas UI
+
+Gravitas UI is an Angular standalone component library for Bootstrap-based
+enterprise applications.
+
+Current public package version target: `0.1.0`.
+
+It is designed for company applications that already use Bootstrap for baseline
+layout and measurements, while Gravitas provides the design-system layer:
+tokens, themes, density, and reusable components.
+
+## What Gravitas Is
+
+- Angular standalone components for application UI
+- Gravitas-owned visual language on top of Bootstrap-compatible foundations
+- Token-driven theming for company branding and consistency
+- Designed for dense dashboard and admin-style interfaces
+
+## Runtime Contract
+
+Gravitas expects a Bootstrap 5 application shell.
+
+Consumer applications should:
+
+1. Install Gravitas and its peer dependencies
+2. Load Bootstrap CSS once at the app shell level
+3. Load Gravitas CSS once at the app shell level
+4. Optionally set Gravitas theme and density attributes globally
+
+## Installation
+
+```bash
+yarn add gravitas-ui bootstrap
+```
+
+If the consuming application uses another package manager, install the same
+package set with that tool. The Gravitas repository itself is standardized on
+Yarn 4.
+
+Required peer dependencies:
+
+- `@angular/common` `21.2.4+`
+- `@angular/core` `21.2.4+`
+- `@angular/forms` `21.2.4+`
+- `bootstrap`
+
+## Global Styles
+
+Import Bootstrap and Gravitas once in your application's global styles or main
+entrypoint:
+
+```ts
+import 'bootstrap/dist/css/bootstrap.min.css';
+import 'gravitas-ui/styles/gravitas.css';
+```
+
+`gravitas.css` includes the Gravitas token and theme layers.
+
+Bootstrap remains part of the supported runtime environment. Gravitas is
+intentionally built for Bootstrap-based applications rather than as a Bootstrap
+replacement.
+
+## Theme And Density
+
+Gravitas supports global theme and density toggles through root attributes:
+
+```html
+<html data-gv-theme="light" data-gv-density="comfortable">
+```
+
+Supported theme values:
+
+- `light`
+- `dark`
+
+Supported density values:
+
+- `compact`
+- `comfortable`
+- `spacious`
+
+## Usage
+
+Import standalone components from the package:
+
+```ts
+import { Button, InputComponent, Tabs } from 'gravitas-ui';
+```
+
+Example:
+
+```ts
+import { Component } from '@angular/core';
+import { Button } from 'gravitas-ui';
+
+@Component({
+  standalone: true,
+  selector: 'app-save-action',
+  imports: [Button],
+  template: `<gv-button variant="primary">Save</gv-button>`,
+})
+export class SaveActionComponent {}
+```
+
+## Styling Model
+
+Gravitas follows a Bootstrap-aligned contract:
+
+- Bootstrap provides the baseline application environment
+- Gravitas tokens define color, spacing, density, radius, and elevation
+- Gravitas component styles define the actual UI identity and state behavior
+
+Consumers should prefer Gravitas components and Gravitas token overrides over
+direct restyling of component internals.
+
+## Token Customization
+
+Customize Gravitas through CSS variables instead of changing component APIs:
+
+```css
+:root {
+  --gv-accent: #0f6cbd;
+  --gv-accent-hover: #0b5aa0;
+}
+```
+
+For scoped branding:
+
+```css
+.billing-scope {
+  --gv-accent: #0ea5e9;
+  --gv-accent-hover: #0284c7;
+}
+```
+
+## Supported Integration Pattern
+
+Gravitas is intended to be integrated at the application shell level.
+
+Recommended:
+
+- Bootstrap CSS imported once globally
+- Gravitas CSS imported once globally
+- Theme and density controlled from the app shell
+- Feature components import only the standalone components they use
+
+Avoid:
+
+- importing Bootstrap repeatedly in feature code
+- overriding Gravitas internals ad hoc per app
+- mixing one-off Bootstrap markup variants where Gravitas components already
+  exist
+
+## Documentation
+
+Storybook is the source of truth for:
+
+- supported components
+- component states and examples
+- foundations and design tokens
+- recommended usage patterns
+
+For AI-assisted migrations, the package also includes:
+
+- `ai/gravitas-component-migration.md`
+
+That document is written as an execution spec for agents replacing existing app
+components with Gravitas equivalents.
+
+## Building
+
+```bash
+yarn build
+```
+
+The built package is output to `dist/gravitas-ui`.
+
+## Publishing
+
+Build the library first, then publish from the generated package directory:
+
+```bash
+yarn build
+cd dist/gravitas-ui
+npm publish
+```
+
+Package release notes are included in the bundled `CHANGELOG.md`.
+
+## Security
+
+Gravitas should only be published against Angular peer ranges outside known
+vulnerable lines. The package metadata in this repository now targets the
+patched Angular `21.2.4+` line.
+
+Security disclosures should follow the policy in `SECURITY.md` included in the
+published package.
+
+## License
+
+Gravitas UI is prepared for public distribution under the MIT license. See the
+bundled `LICENSE` file in the published package root.

package/SECURITY.md

@@ -0,0 +1,41 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are applied to the current publishable line of Gravitas UI.
+
+At the time of writing, the supported line is:
+
+- `0.0.x`
+
+Older unpublished or private preview builds should not be treated as supported
+for security maintenance.
+
+## Reporting A Vulnerability
+
+Do not open a public GitHub issue for a suspected security vulnerability.
+
+Report it privately through one of these channels:
+
+1. GitHub private vulnerability reporting for the repository, if enabled.
+2. Your company's internal security reporting channel.
+3. Direct contact with the package maintainers, if a dedicated security contact
+   has been published.
+
+Include the following:
+
+- affected package version
+- affected Angular version
+- a short description of the issue
+- reproduction steps or proof of concept
+- impact assessment if known
+
+## Response Expectations
+
+Maintainers should:
+
+1. acknowledge receipt
+2. validate impact
+3. prepare a fix or mitigation
+4. publish an updated package version when appropriate
+5. disclose the issue responsibly after a fix is available