shotgate 0.1.0__tar.gz

shotgate-0.1.0/.containerignore

@@ -0,0 +1,23 @@
+# Keep the build context small and reproducible.
+.git
+.github
+.venv
+venv
+**/__pycache__
+**/*.pyc
+.pytest_cache
+.ruff_cache
+.mypy_cache
+htmlcov
+*.egg-info
+dist
+build
+docs
+infra
+report-quantum-devops.md
+*.xml
+*.json
+!examples/**/*.json
+.gitignore
+.containerignore
+.dockerignore

shotgate-0.1.0/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,44 @@
+name: Bug report
+description: Report incorrect behavior in shotgate
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: Thanks for filing a bug! Please include enough detail to reproduce it.
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: A clear description of the bug and what you expected instead.
+    validations:
+      required: true
+  - type: textarea
+    id: workflow
+    attributes:
+      label: Workflow YAML
+      description: The (minimal) workflow that reproduces the issue.
+      render: yaml
+  - type: textarea
+    id: command
+    attributes:
+      label: Command and output
+      description: How you ran shotgate (e.g. `make run WORKFLOW=...`) and the output.
+      render: shell
+  - type: input
+    id: version
+    attributes:
+      label: shotgate version / image tag
+    validations:
+      required: true
+  - type: dropdown
+    id: backend
+    attributes:
+      label: Backend
+      options: [local-aer, ibm, braket, other]
+    validations:
+      required: true
+  - type: input
+    id: environment
+    attributes:
+      label: Environment
+      description: Podman/QEMU versions, host OS.

shotgate-0.1.0/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,34 @@
+name: Feature request
+description: Suggest a new assertion oracle, backend, reporter, or capability
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What can't you do today? What quantum-DevOps gap does this close?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed solution
+      description: Sketch the YAML/CLI/API you'd want. Statistical rationale welcome.
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - Assertion oracle
+        - Backend (provider)
+        - Reporter / integration
+        - Infrastructure (Terraform / QEMU / Helm)
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered

shotgate-0.1.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+# Summary
+
+<!-- What does this PR change and why? Link any related issues. -->
+
+## Type of change
+
+- [ ] Bug fix
+- [ ] New feature (new assertion oracle / backend / reporter)
+- [ ] Documentation
+- [ ] Infrastructure (Containerfile, CI, Terraform, QEMU)
+
+## Checklist
+
+- [ ] `make check` passes (ruff + full test suite in containers)
+- [ ] New/changed behavior is covered by tests
+- [ ] Docs updated (`docs/`, `README.md`) where relevant
+- [ ] For a new assertion type: added to `ASSERTION_TYPES`, documented in
+      `docs/assertions.md`, and covered by a unit test
+- [ ] For a new backend: registered in `backends/registry.py` and import-guarded
+      so the validation core stays SDK-free
+
+## Notes for reviewers
+
+<!-- Anything that needs special attention, trade-offs, or follow-ups. -->

shotgate-0.1.0/.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+    groups:
+      python-deps:
+        patterns: ["*"]
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: weekly

shotgate-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,134 @@
+name: ci
+
+# Container-native CI: every job runs tools inside Podman containers, mirroring
+# exactly what a developer gets locally with `make`. No language toolchains are
+# installed onto the runner directly.
+#
+# NOTE: This is shotgate's OWN repository CI, so it builds the image from source to
+# test the code under change. CONSUMERS should instead *pull* the published image
+# (`podman run ghcr.io/coldqubit/shotgate:latest run workflow.yaml`), as shown in
+# README.md and the GitLab/Jenkins references in docs/pipeline.md.
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint-and-core-tests:
+    name: lint + core tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: ruff + mypy + core unit tests (containerized)
+        run: |
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/library/python:3.12-slim bash -euc "
+              pip install -q -e '.[dev]'
+              ruff check src tests
+              mypy
+              pytest -q -m 'not integration' --junitxml=core-junit.xml
+            "
+
+      - name: Upload core test report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: core-junit
+          path: core-junit.xml
+
+  image-and-integration:
+    name: build image + integration + example gates
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build shotgate runtime image
+        run: podman build -t shotgate:ci .
+
+      - name: Build test image and run full suite (unit + integration)
+        run: |
+          podman build --target test -t shotgate:ci-test .
+          podman run --rm -v "$PWD:/work:Z" shotgate:ci-test \
+            pytest -q --junitxml=/work/integration-junit.xml
+
+      - name: Run example workflows as quality gates
+        run: |
+          set -euo pipefail
+          # Map the runner user through the container userns so reports are writable.
+          USERMAP="--userns=keep-id --user $(id -u):$(id -g)"
+          for wf in bell-state ghz-state grover-2q; do
+            echo "::group::shotgate run examples/${wf}"
+            podman run --rm $USERMAP -v "$PWD:/work:Z" -w /work shotgate:ci \
+              run "examples/${wf}/workflow.yaml" \
+              --junit "report-${wf}.xml" --markdown "summary-${wf}.md"
+            cat "summary-${wf}.md" >> "$GITHUB_STEP_SUMMARY"
+            echo "::endgroup::"
+          done
+
+      - name: Upload reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: shotgate-reports
+          path: |
+            report-*.xml
+            integration-junit.xml
+
+  pip-consumer-path:
+    name: pip path (CLI + pytest plugin)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: pip install and exercise the CLI and pytest plugin (containerized)
+        run: |
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/library/python:3.12-slim bash -euc "
+              pip install -q '.[aer,dev]'
+              # The pytest11 entry point must expose --shotgate after a pip install.
+              pytest --help 2>/dev/null | grep -q -- '--shotgate'
+              # CLI consumer path: gate a Bell workflow and emit a JUnit report.
+              shotgate run examples/bell-state/workflow.yaml --junit cli-junit.xml
+              # Plugin consumer path: in an isolated directory (free of this repo's
+              # pytest testpaths), each assertion of the workflow becomes one pytest
+              # item. pytest exits non-zero if nothing is collected or a gate fails.
+              cp -r examples/bell-state /tmp/gate
+              cd /tmp/gate
+              pytest -q --shotgate workflow.yaml --junitxml=/work/plugin-junit.xml
+            "
+
+      - name: Upload pip-path reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: pip-path-junit
+          path: |
+            cli-junit.xml
+            plugin-junit.xml
+
+  terraform:
+    name: terraform fmt + validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Format check
+        run: |
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/hashicorp/terraform:latest -chdir=infra/terraform fmt -check -recursive
+
+      - name: Init + validate example
+        run: |
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/hashicorp/terraform:latest -chdir=infra/terraform/examples/basic init -backend=false -input=false
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/hashicorp/terraform:latest -chdir=infra/terraform/examples/basic validate

shotgate-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,129 @@
+name: release
+
+# Triggered by a semver tag (e.g. v0.1.0). Builds the Python distribution and the
+# container image, publishes the image to GHCR, and attaches the dist to the
+# GitHub Release. Everything is built inside containers.
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  build-dist:
+    name: build python distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build sdist + wheel (containerized)
+        run: |
+          podman run --rm -v "$PWD:/work:Z" -w /work \
+            docker.io/library/python:3.12-slim bash -euc "
+              pip install -q build
+              python -m build
+            "
+
+      - name: Upload distribution artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/*
+
+  publish-image:
+    name: publish container image to GHCR
+    runs-on: ubuntu-latest
+    needs: build-dist
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Compute image refs
+        id: meta
+        run: |
+          # ghcr.io/coldqubit/shotgate when hosted at github.com/coldqubit/shotgate
+          IMG="ghcr.io/${GITHUB_REPOSITORY,,}"
+          VERSION="${GITHUB_REF_NAME#v}"      # strip leading 'v' from the tag
+          SHA="${GITHUB_SHA::12}"             # short git sha
+          {
+            echo "image=${IMG}"
+            echo "version=${VERSION}"
+            echo "sha=${SHA}"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Log in to GHCR
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | \
+            podman login ghcr.io -u "${{ github.actor }}" --password-stdin
+
+      - name: Build and push runtime image (aer)
+        env:
+          IMG: ${{ steps.meta.outputs.image }}
+          VERSION: ${{ steps.meta.outputs.version }}
+          SHA: ${{ steps.meta.outputs.sha }}
+        run: |
+          # Tags: semver version, git sha, and latest.
+          podman build \
+            -t "${IMG}:${VERSION}" \
+            -t "${IMG}:${SHA}" \
+            -t "${IMG}:latest" .
+          podman push "${IMG}:${VERSION}"
+          podman push "${IMG}:${SHA}"
+          podman push "${IMG}:latest"
+
+      - name: Build and push IBM variant (aer + qiskit-ibm-runtime)
+        env:
+          IMG: ${{ steps.meta.outputs.image }}
+          VERSION: ${{ steps.meta.outputs.version }}
+        run: |
+          # Cloud/QPU-capable image so the ibm backend is runnable from a pull.
+          podman build --build-arg SHOTGATE_EXTRAS="aer,ibm" \
+            -t "${IMG}:${VERSION}-ibm" \
+            -t "${IMG}:latest-ibm" .
+          podman push "${IMG}:${VERSION}-ibm"
+          podman push "${IMG}:latest-ibm"
+
+  publish-pypi:
+    name: publish to PyPI (trusted publishing)
+    runs-on: ubuntu-latest
+    needs: build-dist
+    # OIDC, no API token. GitHub mints a signed identity token that PyPI verifies
+    # against a configured trusted publisher. One-time setup on PyPI before the
+    # first tag: pypi.org -> the `shotgate` project (or a "pending publisher" if it
+    # does not exist yet) -> add a GitHub publisher with
+    #   owner: coldqubit  repo: shotgate  workflow: release.yml  environment: pypi
+    environment:
+      name: pypi
+      url: https://pypi.org/p/shotgate
+    permissions:
+      id-token: write
+    steps:
+      - name: Download distribution artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist
+
+  github-release:
+    name: create github release
+    runs-on: ubuntu-latest
+    needs: [build-dist, publish-image, publish-pypi]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+      - name: Create release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*
+          generate_release_notes: true

shotgate-0.1.0/.gitignore

@@ -0,0 +1,48 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.eggs/
+dist/
+build/
+.venv/
+venv/
+
+# Test / coverage / type / lint caches
+.pytest_cache/
+.coverage
+coverage.xml
+htmlcov/
+.mypy_cache/
+.ruff_cache/
+
+# shotgate reports
+report.xml
+report.json
+summary.md
+*.shotgate.json
+
+# Terraform
+infra/terraform/**/.terraform/
+infra/terraform/**/*.tfstate
+infra/terraform/**/*.tfstate.*
+infra/terraform/**/.terraform.lock.hcl
+crash.log
+
+# QEMU/KVM artifacts (downloaded images, overlays, seeds)
+infra/qemu/.cache/
+*.qcow2
+seed.iso
+
+# Editor / OS
+.idea/
+.vscode/
+.DS_Store
+
+# Stray caches (e.g. XDG cache when running python in a container with cwd HOME)
+.cache/
+
+# Local AI-assistant context (not part of the project)
+CLAUDE.md
+CLAUDE.local.md
+.claude/

shotgate-0.1.0/.gitlab-ci.yml

@@ -0,0 +1,57 @@
+# Reference GitLab CI for gating a pipeline on a shotgate quantum workflow.
+#
+# Copy this into your own repo. It PULLS the published image (no build step) and runs
+# the gate as a container job, emitting a JUnit report so the stage turns red when a
+# statistical assertion fails. Exit-code contract: 0 = pass, 1 = a gate failed,
+# 2 = bad config. The contract matches the GitHub Actions and Jenkins references.
+
+stages:
+  - quantum
+
+variables:
+  SHOTGATE_IMAGE: "ghcr.io/coldqubit/shotgate:latest"
+  WORKFLOW: "examples/bell-state/workflow.yaml"
+
+quantum-gate:
+  stage: quantum
+  image: "$SHOTGATE_IMAGE"
+  script:
+    # The image entrypoint is `shotgate`; GitLab overrides it, so call it explicitly.
+    - shotgate run "$WORKFLOW" --junit report.xml --json report.json
+  artifacts:
+    when: always
+    paths:
+      - report.json
+    reports:
+      junit: report.xml
+
+# Cloud/QPU variant: switch to the :latest-ibm image and provide a token via a
+# masked CI/CD variable (Settings -> CI/CD -> Variables: SHOTGATE_IBM_TOKEN).
+#
+# quantum-gate-qpu:
+#   stage: quantum
+#   image: "ghcr.io/coldqubit/shotgate:latest-ibm"
+#   script:
+#     - shotgate run examples/bell-state-hardware/workflow.yaml --backend ibm --junit report.xml
+#   artifacts:
+#     when: always
+#     reports:
+#       junit: report.xml
+#   rules:
+#     - if: '$SHOTGATE_IBM_TOKEN'
+
+# Pip alternative (no image pull): install the package and gate with the CLI or the
+# pytest plugin instead of pulling the container image.
+#
+# quantum-gate-pip:
+#   stage: quantum
+#   image: "python:3.12-slim"
+#   script:
+#     - pip install "shotgate[aer]"
+#     - shotgate run "$WORKFLOW" --junit report.xml          # CLI path
+#     # or one pytest item per assertion (the pytest plugin):
+#     - pytest --shotgate "$WORKFLOW" --junitxml=report.xml
+#   artifacts:
+#     when: always
+#     reports:
+#       junit: report.xml

shotgate-0.1.0/CHANGELOG.md

@@ -0,0 +1,103 @@
+# Changelog
+
+All notable changes to this project are documented here. The format is based on
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+*Nothing yet.*
+
+## [0.1.0] - 2026-06-10
+
+> First public, tagged release. The codebase began on 2026-06-01 under the name `qforge`
+> and was renamed to `shotgate`; it had no prior git tag, PyPI release, or published
+> container image, so this is the project's first release of record. The capability
+> baseline (workflows, oracles, backends, CLI, reporters, IaC, isolation) is listed under
+> **Core capabilities** below; the entries above it are what changed on the way to release.
+
+### Changed
+
+- **Relicensed from AGPL-3.0-or-later to Apache-2.0.** The `LICENSE` file now carries the
+  verbatim Apache License 2.0 text, every `src/shotgate/**/*.py` SPDX header reads
+  `Apache-2.0`, and `pyproject.toml` declares `license = "Apache-2.0"` with the
+  `License :: OSI Approved :: Apache Software License` classifier. Apache-2.0 is permissive:
+  use, modification, and redistribution are allowed for any purpose, including commercial and
+  closed-source, provided the license and attribution notices are retained. The previous
+  network-copyleft (source-disclosure for hosted modified versions) no longer applies.
+- **Renamed the project from `qforge` to `shotgate`.** The name `qforge` was already
+  taken (PyPI/crates) and raised a VS Code marketplace trademark concern. The package
+  (`src/shotgate`), CLI program, container image, environment variables
+  (`SHOTGATE_IBM_TOKEN`), and the workflow API version (`shotgate.dev/v1alpha1`) all
+  moved to the new name. The canonical home is `github.com/coldqubit/shotgate` and the
+  published image is `ghcr.io/coldqubit/shotgate`.
+- **Pull-first usage.** Documentation now leads with `podman run
+  ghcr.io/coldqubit/shotgate …`; building from source is the contributor fallback.
+- **Honest extras.** `braket` and `mitigation` are marked *planned* and removed from the
+  installable `all` extra, since no Braket backend or Mitiq integration ships yet.
+  `--backend braket` now fails fast at schema validation with a clear message.
+- **Project identity and governance made consistent.** Committed files refer to the
+  project home as `coldqubit` and to the maintainer *role* rather than to a personal
+  account: the README maintainer note was rewritten, [`CODEOWNERS`](CODEOWNERS) now
+  points at the `@coldqubit/maintainers` team, and the contribution terms were aligned.
+  The `CONTRIBUTING.md` inbound-license statement, which incorrectly named the MIT
+  License, now correctly states Apache-2.0 and is expressed as a Developer Certificate of
+  Origin (DCO) sign-off.
+
+### Added
+
+- **Published container image** to GHCR on tag, tagged with the semver version, the
+  git SHA, and `latest` (release pipeline).
+- **Reference CI for GitLab and Jenkins** (`.gitlab-ci.yml`, `Jenkinsfile`) that pull the
+  published image and emit JUnit, alongside the existing GitHub Actions example.
+- **Hardened IBM/QPU backend**: robust counts extraction from named classical registers
+  (with a clear error on unexpected result shapes), corrected Runtime channel default,
+  a token-gated smoke test, and an `[ibm]`-baked image variant (build arg
+  `SHOTGATE_EXTRAS="aer,ibm"`, published as the `:…-ibm` image tag).
+- **Noise-tolerant example** (`examples/bell-state-hardware/`) with relaxed thresholds
+  for real-device runs, plus a documented simulator-vs-QPU threshold split.
+- **`docs/hardware-validation.md`**: a step-by-step plan and acceptance matrix for
+  validating the statistical gates on real IBM quantum hardware (v0.2 milestone).
+- **`GOVERNANCE.md` and `MAINTAINERS.md`**: how decisions are made (lazy consensus,
+  Architecture Decision Records for substantial changes, single maintainer today and
+  structured to grow) and who maintains the project, including the concrete path for a
+  co-maintainer to join.
+- **Automated PyPI publishing** via trusted publishing (OIDC, no stored token): the tagged
+  release pipeline builds the sdist + wheel and publishes them to PyPI alongside the GHCR
+  image and the GitHub Release, so `pip install shotgate[aer]` resolves from a tag.
+- **README terminal visual** (`docs/assets/bell-state-demo.svg`): a branded render of the
+  `examples/bell-state` gate output (five passing oracles), plus a live CI status badge.
+
+> The `ibm` backend remains **implemented but not yet validated on real hardware**.
+
+### Core capabilities
+
+> The feature baseline, first built under the name `qforge` (workflow API `qforge.dev/v1alpha1`,
+> since renamed to `shotgate.dev/v1alpha1`).
+
+- **Declarative workflows** (`qforge.dev/v1alpha1`): strict, Kubernetes-style YAML
+  schema for "quantum workflow as code" with workflow-level backend defaults.
+- **Statistical assertion oracles**: `distribution_tvd`, `hellinger_fidelity`,
+  `chi_square` (Pearson goodness-of-fit), `state_probability`, `allowed_states`.
+- **Pure-Python statistics core**: total variation distance, Hellinger fidelity, and a
+  from-scratch chi-square survival function via the regularised incomplete gamma
+  function (no SciPy/numpy dependency).
+- **Pluggable backends**: `Backend` ABC + lazy registry; `local-aer` (Qiskit Aer) and
+  an `ibm` (Qiskit Runtime) backend. SDKs imported lazily so the core stays light.
+- **CLI**: `shotgate run` (CI quality gate, exit 0/1/2), `validate`, `backends`.
+- **Reporters**: JUnit XML, JSON, Markdown summary, and Rich console output.
+- **Telemetry**: per-job circuit width/depth/size/op-counts and wall-clock runtime.
+- **Container-native tooling**: multi-stage `Containerfile` (non-root runtime + test
+  stage) and a Podman/QEMU `Makefile`.
+- **KVM/QEMU isolation tier**: `infra/qemu` boots an ephemeral Fedora micro-VM
+  (cloud-init, copy-on-write overlay) that runs shotgate in Podman inside the VM.
+- **Terraform IaC module**: express a quantum quality gate as a `terraform_data`
+  resource driven by the shotgate container.
+- **CI/CD**: Podman-based GitHub Actions for lint, core + integration tests, example
+  gates, Terraform validation, and a tagged release pipeline (dist + GHCR image).
+- **Docs**: solution architecture, pipeline schema, workflow spec, assertion catalog
+  (with the math), getting-started guide, and ADRs.
+- **Examples**: Bell state, 3-qubit GHZ, and 2-qubit Grover workflows.
+
+[Unreleased]: https://github.com/coldqubit/shotgate/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/coldqubit/shotgate/releases/tag/v0.1.0

shotgate-0.1.0/CODEOWNERS

@@ -0,0 +1,9 @@
+# Code owners for shotgate. The project is developed under the coldqubit project home
+# and is maintained today by one person; MAINTAINERS.md is the source of truth for the
+# current roster, and GOVERNANCE.md for how that roster changes.
+#
+# Ownership points at the @coldqubit/maintainers team rather than any personal account,
+# so review requests track the maintainer role, not an individual. Create that team in
+# the coldqubit organization on GitHub (members = the people in MAINTAINERS.md) for
+# these entries to resolve.
+*   @coldqubit/maintainers

shotgate-0.1.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,37 @@
+# Code of Conduct
+
+## Our pledge
+
+We as members, contributors, and leaders pledge to make participation in the shotgate
+community a harassment-free experience for everyone, regardless of age, body size,
+visible or invisible disability, ethnicity, sex characteristics, gender identity and
+expression, level of experience, education, socio-economic status, nationality,
+personal appearance, race, religion, or sexual identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse,
+inclusive, and healthy community.
+
+## Our standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Focusing on what is best for the overall community
+
+Unacceptable behavior includes harassment, trolling, insulting or derogatory comments,
+public or private harassment, publishing others' private information without consent,
+and other conduct which could reasonably be considered inappropriate.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to
+the maintainers listed in `CODEOWNERS`. All complaints will be reviewed and
+investigated promptly and fairly. Maintainers will respect the privacy and security of
+the reporter.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1.