linkedin-apply-assistant 0.1.1

package/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,72 @@
+name: Bug report
+description: Report a reproducible package issue with sanitized details.
+title: "[Bug]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a bug.
+
+        Do not post credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, or live job history.
+  - type: textarea
+    id: command
+    attributes:
+      label: Sanitized command
+      description: Paste the command after removing private paths and values.
+      placeholder: linkedin-apply-assistant config check
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Minimal reproduction steps
+      description: List the smallest steps that reproduce the issue.
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected result
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual result
+    validations:
+      required: true
+  - type: input
+    id: workflow
+    attributes:
+      label: Affected workflow
+      placeholder: config, search, assist, apply, dry-run, report
+    validations:
+      required: true
+  - type: input
+    id: os
+    attributes:
+      label: Operating system
+      placeholder: Windows 11, macOS, Ubuntu
+    validations:
+      required: true
+  - type: input
+    id: python
+    attributes:
+      label: Python version
+      placeholder: Python 3.11.9
+    validations:
+      required: true
+  - type: input
+    id: package
+    attributes:
+      label: Package version or source commit
+      placeholder: 0.1.0 or commit SHA
+    validations:
+      required: true
+  - type: checkboxes
+    id: private_data
+    attributes:
+      label: Private data removed
+      options:
+        - label: I removed credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, and live job history.
+          required: true

package/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability
+    url: https://github.com/MohammedGhazal09/linkedin-apply-assistant/security/policy
+    about: Report vulnerabilities privately when available.

package/.github/ISSUE_TEMPLATE/config_help.yml

@@ -0,0 +1,49 @@
+name: Config or setup help
+description: Ask for setup help with sanitized local details.
+title: "[Config]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Do not attach .env files, real config files, Q&A banks, browser profiles, cookies, screenshots, CVs, private documents, generated local reports, full private URLs, or live job history.
+  - type: textarea
+    id: question
+    attributes:
+      label: Sanitized setup question
+    validations:
+      required: true
+  - type: input
+    id: os
+    attributes:
+      label: Operating system
+      placeholder: Windows 11, macOS, Ubuntu
+    validations:
+      required: true
+  - type: input
+    id: install_path
+    attributes:
+      label: Install path used
+      placeholder: source checkout, editable install, pipx, npm launcher
+    validations:
+      required: true
+  - type: textarea
+    id: command
+    attributes:
+      label: Command run
+      placeholder: linkedin-apply-assistant config check
+    validations:
+      required: true
+  - type: textarea
+    id: redacted_config
+    attributes:
+      label: Redacted config shape or error text
+      description: Paste only sanitized keys, paths, and error text.
+    validations:
+      required: true
+  - type: checkboxes
+    id: private_data
+    attributes:
+      label: Private runtime data removed
+      options:
+        - label: I removed private runtime data, credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, and live job history.
+          required: true

package/.github/ISSUE_TEMPLATE/docs.yml

@@ -0,0 +1,40 @@
+name: Documentation issue
+description: Report confusing, missing, or stale documentation.
+title: "[Docs]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Do not attach private screenshots, generated local reports, CVs, private documents, full private URLs, credentials, cookies, browser profiles, or live job history.
+  - type: input
+    id: page
+    attributes:
+      label: Affected page or link
+      placeholder: README.md, docs/install-and-configuration.md, docs/troubleshooting.md
+    validations:
+      required: true
+  - type: textarea
+    id: stale_text
+    attributes:
+      label: Confusing, missing, or stale text
+    validations:
+      required: true
+  - type: textarea
+    id: correction
+    attributes:
+      label: Suggested correction
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Affected documentation area
+      options:
+        - Install
+        - Safety
+        - Legal
+        - Troubleshooting
+        - Command reference
+        - Other
+    validations:
+      required: true

package/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,45 @@
+name: Feature request
+description: Propose a package improvement with safety and privacy context.
+title: "[Feature]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Feature requests must preserve the no-submit boundary.
+
+        Do not request unattended or background submission, hidden submission, CAPTCHA or MFA bypass, fake answers, platform throttling bypass, or mass applications.
+
+        Do not post credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, or live job history.
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What user problem would this solve?
+    validations:
+      required: true
+  - type: textarea
+    id: proposed_behavior
+    attributes:
+      label: Proposed behavior
+    validations:
+      required: true
+  - type: input
+    id: workflow
+    attributes:
+      label: Affected workflow
+      placeholder: config, search, assist, apply, dry-run, report, docs
+    validations:
+      required: true
+  - type: textarea
+    id: safety_privacy
+    attributes:
+      label: Safety/privacy impact
+      description: Explain how the change preserves no-submit behavior and avoids private runtime data.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+    validations:
+      required: true

package/.github/ISSUE_TEMPLATE/safety_compliance.yml

@@ -0,0 +1,48 @@
+name: Safety or compliance concern
+description: Report a public safety concern without exploit details.
+title: "[Safety]: "
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this form only for public safety or compliance concerns that can be described without exploit details.
+
+        If the concern involves a vulnerability or exploit details, stop here and follow SECURITY.md private reporting guidance instead.
+
+        Do not post exploit details, credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, or live job history.
+  - type: textarea
+    id: concern
+    attributes:
+      label: Public safety/compliance concern summary
+    validations:
+      required: true
+  - type: input
+    id: workflow
+    attributes:
+      label: Affected workflow or docs
+      placeholder: search, assist, apply, SAFETY.md, LEGAL.md
+    validations:
+      required: true
+  - type: textarea
+    id: safer_behavior
+    attributes:
+      label: Expected safer behavior
+    validations:
+      required: true
+  - type: dropdown
+    id: vulnerability
+    attributes:
+      label: Could this involve a vulnerability?
+      options:
+        - "No"
+        - "Unsure"
+        - "Yes - I will use SECURITY.md private reporting instead"
+    validations:
+      required: true
+  - type: checkboxes
+    id: disclosure
+    attributes:
+      label: Public disclosure check
+      options:
+        - label: I did not post exploit details or private data publicly.
+          required: true

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,43 @@
+# Summary
+
+Describe what changed.
+
+# Rationale
+
+Explain why the change is needed.
+
+# Linked Issue
+
+Link the issue or explain why no issue exists.
+
+# Safety And No-Submit Impact
+
+- Does this preserve no-submit behavior?
+- Does this avoid unattended/background sending?
+- Does this avoid hidden submission, CAPTCHA or MFA bypass, fake answers, and
+  platform throttling bypass?
+
+# Privacy-Sensitive File Check
+
+- Does this avoid private runtime data?
+- Does this avoid credentials, cookies, browser profiles, screenshots, CVs,
+  private documents, generated local reports, full private URLs, and live job
+  history?
+
+# Documentation Impact
+
+List docs changed or explain why docs were not needed.
+
+# Tests Or Commands Run
+
+List commands run and their results.
+
+# Release/Package Surface Impact
+
+- Are package manifest or npm files affected?
+- Are release-manifest entries affected?
+- Are docs/tests updated?
+
+# Residual Risk
+
+Name any remaining risk, skipped checks, or follow-up work.

package/CHANGELOG.md

@@ -0,0 +1,47 @@
+# Changelog
+
+All notable package-local changes are documented here.
+
+This file follows the spirit of Keep a Changelog and uses semantic version labels where available.
+
+## [Unreleased]
+
+## [0.1.1] - 2026-06-13
+
+### Added
+
+- Community health files and contribution templates for the standalone public
+  repository package surface.
+- Registry publication strategy covering GitHub source releases, PyPI,
+  TestPyPI, npm launcher, PowerShell installer, and deferred GitHub Packages
+  channels.
+- NPM global launcher release path for `linkedin-apply-assistant`.
+- PowerShell no-admin installer that downloads the public GitHub source archive,
+  creates a local virtual environment, writes command shims, and can optionally
+  install Playwright Chromium.
+
+### Changed
+
+- NPM package contents now include `pyproject.toml`, `src/`, and `install.ps1`
+  so the global launcher can point users at the bundled Python package.
+
+## [0.1.0] - 2026-06-12
+
+### Added
+
+- Initial GitHub source release for the standalone `linkedin-apply-assistant` package.
+- Fresh-reader package README and user-journey docs.
+- Package-local legal, security, contribution, migration, release checklist, license, and third-party notice docs.
+- Synthetic report examples and release-readiness verification coverage.
+- Source, Python, and npm launcher install path readiness for local validation without registry publication.
+- Distribution metadata, Python build, npm pack, and release-manifest smoke coverage for version `0.1.0`.
+- Terminal help, read-only config diagnostics, command reference docs, and release-readiness coverage for Phase 21 terminal UX.
+- Public GitHub metadata and release-readiness documentation for PUB-07.
+- Initial standalone package boundary for local LinkedIn job workflows.
+- Console command `linkedin-apply-assistant` with `search`, `assist`, `apply`, `dry-run`, and `report`.
+- Sanitized config, Q&A bank, and dry-run input examples.
+- Package-local quality gate with pytest, Ruff, compile checks, and dependency audit.
+- No-submit safety posture and visible-browser workflow boundaries.
+- User-controlled source install and download path through the canonical GitHub repository.
+- Release hygiene covering manifest verification, local build/pack smoke tests, and gitleaks evidence.
+- GitHub source release scope only; no npm, PyPI, or TestPyPI registry package is part of this release.

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,47 @@
+# Code of Conduct
+
+This code of conduct is based on Contributor Covenant 2.1 and adapted for the
+LinkedIn-apply-assistant standalone package.
+
+## Our Pledge
+
+We aim to keep project spaces open, respectful, and focused on useful work.
+Contributors are expected to participate without harassment, intimidation,
+personal attacks, or discriminatory language.
+
+## Expected Behavior
+
+- Be respectful when reporting bugs, reviewing pull requests, and discussing
+  safety tradeoffs.
+- Keep criticism technical and specific.
+- Respect user privacy, local runtime data, and platform-responsibility
+  boundaries.
+- Help maintain the package no-submit posture and user-controlled browser
+  workflow.
+
+## Unacceptable Behavior
+
+Unacceptable behavior includes harassment, threats, doxxing, sexualized
+language or imagery, sustained disruption, deliberate disclosure of private
+data, and attempts to pressure maintainers into unsafe submission, evasion, or
+platform-abuse behavior.
+
+## Reporting
+
+Conduct reports should use a maintainer-private channel placeholder until a
+dedicated private contact is configured. Do not open public issues for conduct
+reports that name people, include private context, or require confidential
+handling.
+
+Reports will be reviewed as privately as practical. Maintainers may remove
+content, warn participants, restrict participation, or take other proportionate
+action to protect the project.
+
+Do not post credentials, cookies, browser profiles, screenshots, CVs, private
+documents, generated local reports, full private URLs, or live job history in
+public issues, pull requests, or discussions.
+
+## Attribution
+
+Adapted from Contributor Covenant version 2.1:
+<https://www.contributor-covenant.org/version/2/1/code_of_conduct/>.

package/CONTRIBUTING.md

@@ -0,0 +1,64 @@
+# Contributing
+
+Contributions should stay scoped to the standalone package under `standalone/linkedin-apply-assistant/`.
+
+## Local Setup
+
+```powershell
+python -m pip install -e ".[dev]"
+python scripts\quality.py
+```
+
+The current repository root smoke command is:
+
+```powershell
+node test-all.mjs --quick
+```
+
+## Contribution Rules
+
+- Keep examples synthetic.
+- Do not commit credentials, cookies, browser profiles, screenshots, CVs, private documents, generated local reports, full private URLs, or live job history.
+- Preserve the no-submit default.
+- Do not add broad approvals, background sending, hidden submission, or unattended apply behavior.
+- Do not make claims that the package is legal advice, platform compliant, audit certified, or guaranteed to succeed.
+- Keep public docs English-only until localization is explicitly planned.
+
+## Community and Reporting
+
+- Support and setup help start in [SUPPORT.md](SUPPORT.md).
+- Governance decisions follow [GOVERNANCE.md](GOVERNANCE.md).
+- Conduct expectations and private conduct reporting are in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md).
+- Vulnerability reporting stays in [SECURITY.md](SECURITY.md); do not post exploit details publicly.
+- Public reports should use [.github/ISSUE_TEMPLATE/](.github/ISSUE_TEMPLATE/).
+- Pull requests should follow [.github/PULL_REQUEST_TEMPLATE.md](.github/PULL_REQUEST_TEMPLATE.md).
+
+Issue and pull request templates are the expected public contribution path. Keep
+private runtime data out of issues and pull requests.
+
+## Tests and Quality
+
+Run the package quality gate before proposing changes:
+
+```powershell
+python scripts\quality.py
+```
+
+Focused package tests:
+
+```powershell
+python -m pytest tests -q
+```
+
+Live LinkedIn or Scrapling tests are opt-in only and must stay out of default CI. Use `CAREER_OPS_RUN_LIVE_TESTS=1` only when you intentionally run live tests in a controlled local environment.
+
+## Pull Requests
+
+Include:
+
+- what changed
+- why it is safe for the no-submit boundary
+- commands run
+- any residual release risk
+
+If you add docs or examples, update docs smoke, privacy scan, or release-readiness tests as needed.

package/GOVERNANCE.md

@@ -0,0 +1,41 @@
+# Governance
+
+LinkedIn-apply-assistant uses a maintainer-led / BDFL governance model for the
+standalone package.
+
+## Scope
+
+This governance model covers:
+
+- package source code
+- public documentation
+- automated tests
+- release checklist and release manifest
+- community health files and contribution templates
+
+Repository settings, branch protection, Discussions, labels, topics, release
+automation, provenance, and registry publication are later approved phases and
+are not changed by this file.
+
+## Contributor Ladder
+
+- Participant: opens issues, asks support questions, or proposes improvements.
+- Contributor: sends focused pull requests that preserve safety and privacy
+  boundaries.
+- Triager: helps reproduce issues, route support requests, and identify missing
+  evidence.
+- Reviewer: reviews pull requests for correctness, tests, documentation, and
+  no-submit safety impact.
+- Maintainer: owns release readiness, final merge decisions, and governance
+  updates.
+
+## Decision Process
+
+Normal project work flows through public issues and pull requests. The
+maintainer makes the final call when tradeoffs remain unresolved or a change
+affects release scope, safety boundaries, or public package identity.
+
+Security vulnerabilities and conduct reports are handled privately where
+appropriate. Public discussion should avoid credentials, cookies, browser
+profiles, screenshots, CVs, private documents, generated local reports, full
+private URLs, live job history, and exploit details.

package/LEGAL.md

@@ -0,0 +1,38 @@
+# Legal and Acceptable Use
+
+LinkedIn-apply-assistant is an experimental local automation package for individual job-search assistance. It is not a hosted service, legal advisor, compliance product, or platform compliance certification.
+
+## User Responsibility
+
+You are responsible for:
+
+- following platform terms and employer application rules
+- reviewing every form and generated answer before relying on it
+- stopping when a platform checkpoint, rate limit, MFA prompt, CAPTCHA, or other risk signal appears
+- keeping local browser profiles, reports, and documents private
+- using truthful answers and application materials
+
+## Prohibited Uses
+
+Do not use this package for:
+
+- mass applications or spam-like recruiting workflows
+- unattended apply sessions
+- CAPTCHA or MFA bypass
+- fake answers or guessed application responses
+- unrelated personal-data scraping
+- hidden or evasive automation
+- continued automation after platform throttling, checkpoints, or similar risk signals
+
+## No Legal Advice
+
+This document is not legal advice. It does not interpret platform terms, employment law, privacy law, or local rules for your situation.
+
+## No Compliance Certification
+
+This package is not a compliance certification for GDPR, CCPA, SOC 2, LinkedIn terms, employer rules, or any other legal, platform, or audit framework.
+
+## Submission Boundary
+
+The public package is no-submit by default. Current `apply` behavior is prepare-only and audit-focused. Any future submit-capable behavior must require explicit per-submission confirmation immediately before a specific application is sent.
+

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 LinkedIn-apply-assistant contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

package/MIGRATION.md

@@ -0,0 +1,50 @@
+# Migration and Provenance
+
+LinkedIn-apply-assistant is a standalone extraction of local LinkedIn job-search and application-assistance code. It keeps the package surfaces needed for search-only, visible-browser assistive filling, prepare-only apply audits, dry runs, and local report review.
+
+## What Moved
+
+The standalone package contains:
+
+- Python package metadata and console entry point
+- importable automation modules
+- package-local config and Q&A examples
+- synthetic input and report examples
+- package-local tests and quality gate
+- public docs, safety, legal, contribution, security, changelog, license, and notice files
+
+## What Stayed Behind
+
+The standalone package intentionally excludes the broader Career-Ops ecosystem:
+
+- evaluation modes and scoring prompts
+- application tracker workflows
+- portal scanning and batch processing scripts
+- dashboard and updater logic
+- CV generation
+- generated reports and runtime output
+- root agent workflow artifacts
+- private user-layer data
+
+Do not copy those root surfaces into the standalone package as required public setup.
+
+## Runtime and Private Data Boundary
+
+Keep these local and ignored:
+
+- real config files
+- real Q&A banks
+- local workspace data
+- visible-browser profiles
+- generated outputs
+- local reports
+- private documents
+
+Use the example files only as shape references. Do not publish browser state, credentials, private documents, full private URLs, screenshots, generated local reports, or live job history.
+
+## Maintainer Notes
+
+Career-Ops may appear in this package only for neutral attribution, provenance, migration, or notice context. Product identity belongs to LinkedIn-apply-assistant.
+
+Scrapling is documented as a normal dependency and notice item. Do not describe it as a stealth, bypass, anti-detection, or product identity claim.
+