synaptixs-spine 1.23.0__tar.gz

synaptixs_spine-1.23.0/.env.example

@@ -0,0 +1,122 @@
+# Agent Orchestrator — environment template.
+#
+#   cp .env.example .env      # then fill in the values you need
+#   orchestrator doctor       # verify readiness
+#
+# `.env` is gitignored; pydantic-settings + the CLI auto-load it. A real
+# exported shell variable always wins over a value in this file.
+#
+# You do NOT need every variable — fill in the block(s) for what you're doing:
+#   • Mode A (local CLI: `ingest`, `sdlc feature`) needs only an LLM provider
+#     plus the source you read from (Confluence / Jira / Notion / file).
+#   • Mode B (autonomous `sdlc run` + web console) additionally needs the
+#     Orchestrator API + database + Temporal blocks.
+# Sections below are tagged [REQUIRED] / [MODE B] / [OPTIONAL] accordingly.
+
+
+# ============================================================================
+# 1. LLM provider                                                  [REQUIRED]
+# ============================================================================
+# At least ONE of these. Set the key for the model family you use.
+ANTHROPIC_API_KEY=sk-ant-...
+# OPENAI_API_KEY=sk-...
+# Ollama (local or cloud) needs no API key — set the endpoint and use an
+# ollama/* model below. Local: http://localhost:11434
+# OLLAMA_API_BASE=http://localhost:11434
+
+# Model selection — one model drives everything unless overridden. Set this
+# explicitly: a slow default can time out on large generations.
+# ORCHESTRATOR_INTAKE_MODEL=gpt-4o
+# SDLC_CODEGEN_MODEL=gpt-4o            # codegen; inherits INTAKE_MODEL if unset
+# SDLC_REVIEW_MODEL=gpt-4o            # PR review; inherits INTAKE_MODEL if unset
+
+
+# ============================================================================
+# 2. Requirements source — fill in the one(s) you read from
+# ============================================================================
+# `file://` sources (e.g. file://./spec.md) need NO credentials.
+
+# --- Confluence (read) -----------------------------------------------------
+CONFLUENCE_BASE_URL=https://yourorg.atlassian.net/wiki
+CONFLUENCE_EMAIL=you@yourorg.com
+CONFLUENCE_API_TOKEN=replace-with-atlassian-api-token
+
+# --- Jira (only needed to CREATE issues; dry-run/preview needs none) -------
+JIRA_BASE_URL=https://yourorg.atlassian.net
+JIRA_EMAIL=you@yourorg.com
+JIRA_API_TOKEN=replace-with-atlassian-api-token
+JIRA_PROJECT_KEY=ENG
+JIRA_DRY_RUN=true                      # false to write real issues
+
+# --- Notion (optional source) ----------------------------------------------
+# NOTION_API_TOKEN=secret_...
+
+
+# ============================================================================
+# 3. Target repo + GitHub auth — for `sdlc feature`/`run` that push & open PRs
+# ============================================================================
+# SDLC_REPO_URL=https://github.com/yourorg/yourrepo.git
+# Simplest auth — a PAT or pre-minted token (either name works):
+# GITHUB_TOKEN=ghp_...
+# GH_TOKEN=ghp_...
+# Or a GitHub App (also powers the PR reviewer webhook):
+# GITHUB_APP_ENABLED=true
+# GITHUB_APP_ID=123456
+# GITHUB_APP_WEBHOOK_SECRET=replace-with-the-app-webhook-secret
+# GITHUB_APP_PRIVATE_KEY_PATH=./github-app.pem    # or inline GITHUB_APP_PRIVATE_KEY
+# GITHUB_APP_API_BASE_URL=https://api.github.com  # override for GitHub Enterprise
+# SDLC_GITHUB_INSTALLATION_ID=12345678            # pin a specific App installation
+
+
+# ============================================================================
+# 4. Mode B — autonomous pipeline (REST API + console)               [MODE B]
+# ============================================================================
+# The CLI uses these to reach a running orchestrator server (e.g. approvals).
+# ORCHESTRATOR_API_URL=http://localhost:8000
+# ORCHESTRATOR_API_KEY=dev-key          # must match the key the server starts with
+# Postgres (defaults to the docker-compose dev DB):
+# ORCHESTRATOR_DATABASE_URL=postgresql+psycopg://orchestrator:orchestrator@localhost:5433/orchestrator
+# Temporal (defaults target the local docker stack):
+# TEMPORAL_HOST=localhost:7233
+# TEMPORAL_NAMESPACE=default
+# TEMPORAL_TASK_QUEUE=orchestrator-tasks
+# SDLC_TASK_QUEUE=sdlc-tasks
+# SDLC_WORKSPACE_ROOT=/tmp/sdlc-workspaces
+
+
+# ============================================================================
+# 5. Optional — notifications, budget                              [OPTIONAL]
+# ============================================================================
+# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...   # approval-gate alerts
+# SDLC_RUN_BUDGET_USD=25                # per-run LLM spend cap; 0 disables
+
+
+# ============================================================================
+# 6. MCP — consume external servers (Atlassian, DBs, …)            [OPTIONAL]
+# ============================================================================
+# Point at an mcpServers JSON file; transport is inferred (command=stdio, url=http).
+# ORCHESTRATOR_MCP_CONFIG=./mcp.json
+# Override Confluence-via-MCP tool names if your server differs:
+# MCP_CONFLUENCE_SERVER=confluence
+# MCP_CONFLUENCE_PAGE_TOOL=confluence_get_page
+# MCP_CONFLUENCE_CHILDREN_TOOL=confluence_get_page_children
+
+
+# ============================================================================
+# 7. Remote MCP plugin server (Phase C: `orchestrator-mcp --http`) [OPTIONAL]
+# ============================================================================
+# Only when serving the orchestrator AS an MCP server over the network (hosted
+# Codex app / claude.ai). The local stdio plugin (`orchestrator-mcp`) needs none.
+# ORCHESTRATOR_MCP_HOST=0.0.0.0
+# ORCHESTRATOR_MCP_PORT=8080
+# ORCHESTRATOR_MCP_PATH=/mcp
+# ORCHESTRATOR_MCP_RESOURCE_URL=https://mcp.yourorg.com   # this server's public URL
+# Auth — pick ONE:
+#  (a) static shared secret (single-tenant self-host behind TLS):
+# ORCHESTRATOR_MCP_TOKEN=replace-with-a-long-random-secret
+#  (b) OAuth 2.0 introspection against your IdP (RFC 7662):
+# ORCHESTRATOR_MCP_ISSUER_URL=https://idp.yourorg.com
+# ORCHESTRATOR_MCP_INTROSPECTION_URL=https://idp.yourorg.com/oauth2/introspect
+# ORCHESTRATOR_MCP_INTROSPECTION_CLIENT_ID=orchestrator-rs
+# ORCHESTRATOR_MCP_INTROSPECTION_CLIENT_SECRET=replace-me
+# ORCHESTRATOR_MCP_REQUIRED_SCOPES=sdlc

synaptixs_spine-1.23.0/.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Code owners for the public mirror (synaptixs/spine).
+#
+# The "Protect main" ruleset on synaptixs/spine requires a code-owner review on
+# every PR into main. This assigns ownership to the synaptixs maintainer identity,
+# who approves release PRs (develop → main). Kept off the maintainer's personal
+# handle on purpose — the public repo uses the de-linked org identity.
+* @ssmith-synaptixs

synaptixs_spine-1.23.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,22 @@
+---
+name: Bug report
+about: Report a problem with Spine
+title: "[bug] "
+labels: bug
+---
+
+**What happened?**
+
+**What did you expect to happen?**
+
+**Steps to reproduce**
+1.
+2.
+
+**Environment**
+- Spine / `synaptixs-spine` version:
+- Python version:
+- OS:
+- Codegen model / provider:
+
+**Logs or trace** (please redact any secrets)

synaptixs_spine-1.23.0/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Questions & Discussions
+    url: https://github.com/synaptixs/spine/discussions
+    about: Ask questions, share ideas, and discuss usage here.

synaptixs_spine-1.23.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,15 @@
+---
+name: Feature request
+about: Suggest an idea or improvement for Spine
+title: "[feat] "
+labels: enhancement
+---
+
+**Problem / motivation**
+What are you trying to do that's hard or impossible today?
+
+**Proposed solution**
+
+**Alternatives considered**
+
+**Additional context**

synaptixs_spine-1.23.0/.github/pull_request_template.md

@@ -0,0 +1,13 @@
+## What & why
+
+<!-- What does this change do, and why? Link any related issue. -->
+
+## How it was tested
+
+<!-- Commands run, scenarios covered. -->
+
+## Checklist
+- [ ] Quality gate green locally (`mypy src tests`, `ruff format --check .`)
+- [ ] Tests added/updated where it matters
+- [ ] No secrets committed
+- [ ] Docs updated if behavior changed

synaptixs_spine-1.23.0/.github/release.yml

@@ -0,0 +1,16 @@
+# Categorizes GitHub's auto-generated release notes (grouped by PR label).
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+  categories:
+    - title: ✨ Features
+      labels: [feature, enhancement]
+    - title: 🐛 Fixes
+      labels: [bug, fix]
+    - title: 📚 Docs
+      labels: [documentation, docs]
+    - title: 🔧 Maintenance
+      labels: [chore, ci, dependencies]
+    - title: Other changes
+      labels: ["*"]

synaptixs_spine-1.23.0/.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      # JDK for the Java-codegen integration tests (Maven is pre-installed on the
+      # runner). The tests skip cleanly when the toolchain is absent.
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: "17"
+
+      # Node for the TypeScript-codegen integration tests (npm comes with Node).
+      # The tests skip cleanly when the toolchain is absent.
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Install project
+        run: uv sync --extra dev
+
+      - name: Lint (ruff)
+        run: uv run ruff check .
+
+      - name: Format check (ruff)
+        run: uv run ruff format --check .
+
+      - name: Type check (mypy)
+        run: uv run mypy
+
+      - name: Tests
+        run: uv run pytest

synaptixs_spine-1.23.0/.github/workflows/publish-pypi.yml

@@ -0,0 +1,40 @@
+name: Publish to PyPI
+
+# Manual, intentional publish to PRODUCTION PyPI via OIDC Trusted Publishing — no
+# stored token. One-time setup on PyPI (https://pypi.org): register a trusted
+# publisher for the `synaptixs-spine` project:
+#   Owner: synaptixs   Repository: spine
+#   Workflow: publish-pypi.yml   Environment: pypi
+# PyPI supports a "pending publisher", so register it BEFORE the first upload —
+# the first publish then creates the project. Bump `version` in pyproject.toml each
+# release (PyPI is immutable; a duplicate version is rejected).
+on:
+  workflow_dispatch:
+
+jobs:
+  publish-pypi:
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      contents: read # an explicit permissions block drops the defaults; checkout needs this
+      id-token: write # required for OIDC trusted publishing
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Build sdist + wheel
+        run: uv build
+
+      - name: Check metadata
+        run: uvx twine check dist/*
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        # No repository-url → defaults to production PyPI (upload.pypi.org).

synaptixs_spine-1.23.0/.github/workflows/publish-testpypi.yml

@@ -0,0 +1,119 @@
+name: Publish to TestPyPI
+
+# Manual, intentional publish to the TestPyPI sandbox. Build with the same uv
+# toolchain as CI, then upload the sdist + wheel.
+#
+# Auth uses PyPI **Trusted Publishing** (OIDC) — no API token stored in GitHub.
+# One-time setup on TestPyPI (https://test.pypi.org → the project, or "pending
+# publisher" before the first upload) — register THIS repository as a trusted
+# publisher for the `synaptixs-spine` project:
+#   Owner:        <this repo's owner>   (e.g. synaptixs)
+#   Repository:   <this repo's name>    (e.g. spine)
+#   Workflow:     publish-testpypi.yml
+#   Environment:  testpypi
+# A project may have several trusted publishers, but to avoid version races pick
+# ONE repo as the release source. To use an API token instead, delete the
+# `permissions`/`environment` blocks and set
+# `password: ${{ secrets.TEST_PYPI_API_TOKEN }}` on the publish step.
+
+on:
+  workflow_dispatch:
+
+jobs:
+  publish-testpypi:
+    runs-on: ubuntu-latest
+    environment: testpypi
+    permissions:
+      contents: read # an explicit permissions block drops the defaults; checkout needs this
+      id-token: write # required for OIDC trusted publishing
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Build sdist + wheel
+        run: uv build
+
+      - name: Check metadata
+        run: uvx twine check dist/*
+
+      - name: Publish to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          # Don't hard-fail when a version was already uploaded (TestPyPI is
+          # immutable per version — bump `version` in pyproject.toml to release).
+          skip-existing: true
+
+      # Tell testers a new build is up. Runs only after a successful publish.
+      # Best-effort: a webhook hiccup must not fail the release.
+      #
+      # Setup (one-time): in the target Teams channel → ··· → Workflows →
+      # template "Post to a channel when a webhook request is received". Copy the
+      # generated URL into a GitHub Actions secret named TEAMS_WEBHOOK_URL
+      # (repo → Settings → Secrets and variables → Actions). Until that secret
+      # exists the step no-ops (it does not fail). The payload is an Adaptive
+      # Card wrapped in the message/attachments envelope the Workflows webhook
+      # expects (the modern replacement for the retired O365 connectors).
+      - name: Notify Teams (testers) of the new build
+        env:
+          TEAMS_WEBHOOK_URL: ${{ secrets.TEAMS_WEBHOOK_URL }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          set -euo pipefail
+          if [ -z "${TEAMS_WEBHOOK_URL}" ]; then
+            echo "TEAMS_WEBHOOK_URL not set — skipping Teams notification."
+            exit 0
+          fi
+          VERSION=$(python -c "import tomllib,pathlib; print(tomllib.loads(pathlib.Path('pyproject.toml').read_text())['project']['version'])")
+          INSTALL="pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple/ \"synaptixs-spine==${VERSION}\""
+          PAYLOAD=$(jq -n \
+            --arg title "🚀 synaptixs-spine ${VERSION} published to TestPyPI" \
+            --arg subtitle "A new build is ready for testing." \
+            --arg version "${VERSION}" \
+            --arg commit "${GITHUB_SHA:0:7}" \
+            --arg branch "${GITHUB_REF_NAME}" \
+            --arg install "${INSTALL}" \
+            --arg pypi_url "https://test.pypi.org/project/synaptixs-spine/${VERSION}/" \
+            --arg run_url "${RUN_URL}" \
+            '{
+              type: "message",
+              attachments: [{
+                contentType: "application/vnd.microsoft.card.adaptive",
+                content: {
+                  "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+                  type: "AdaptiveCard",
+                  version: "1.4",
+                  body: [
+                    {type:"TextBlock", size:"Large", weight:"Bolder", text:$title, wrap:true},
+                    {type:"TextBlock", text:$subtitle, wrap:true, spacing:"None"},
+                    {type:"FactSet", facts:[
+                      {title:"Version", value:$version},
+                      {title:"Branch",  value:$branch},
+                      {title:"Commit",  value:$commit}
+                    ]},
+                    {type:"TextBlock", text:"Install:", weight:"Bolder", spacing:"Medium"},
+                    {type:"TextBlock", text:$install, wrap:true, fontType:"Monospace"}
+                  ],
+                  actions: [
+                    {type:"Action.OpenUrl", title:"View on TestPyPI", url:$pypi_url},
+                    {type:"Action.OpenUrl", title:"Workflow run",     url:$run_url}
+                  ]
+                }
+              }]
+            }')
+          code=$(curl -sS -o /tmp/teams_resp.txt -w "%{http_code}" \
+            -H "Content-Type: application/json" \
+            -d "${PAYLOAD}" "${TEAMS_WEBHOOK_URL}") || true
+          echo "Teams webhook HTTP ${code}"
+          # Workflows returns 200/202 on accept; warn (don't fail) on anything else.
+          case "${code}" in
+            200|202) echo "Teams notified." ;;
+            *) echo "::warning::Teams notification failed (HTTP ${code}): $(cat /tmp/teams_resp.txt)" ;;
+          esac

synaptixs_spine-1.23.0/.github/workflows/release.yml

@@ -0,0 +1,45 @@
+name: Release notes
+
+# On every release to main (a develop -> main merge), publish a GitHub Release for
+# the current version with auto-generated notes. Idempotent: if a release for the
+# version tag already exists, it does nothing. Notes are categorized by .github/release.yml.
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: write # create the tag + release
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0 # full history so release notes can diff against the prior tag
+
+      - name: Read version from pyproject.toml
+        id: ver
+        run: |
+          set -euo pipefail
+          v="$(python -c "import tomllib,pathlib; print(tomllib.loads(pathlib.Path('pyproject.toml').read_text())['project']['version'])")"
+          echo "version=$v" >> "$GITHUB_OUTPUT"
+          echo "Detected version: $v"
+
+      - name: Create release if the tag doesn't exist yet
+        env:
+          GH_TOKEN: ${{ github.token }}
+          VERSION: ${{ steps.ver.outputs.version }}
+        run: |
+          set -euo pipefail
+          tag="v${VERSION}"
+          if gh release view "$tag" >/dev/null 2>&1; then
+            echo "Release $tag already exists — nothing to do."
+            exit 0
+          fi
+          echo "Creating release $tag with auto-generated notes."
+          gh release create "$tag" \
+            --target "${GITHUB_SHA}" \
+            --title "Spine $tag" \
+            --generate-notes

synaptixs_spine-1.23.0/.github/workflows/security-scan.yml

@@ -0,0 +1,38 @@
+name: Security scan
+
+# Produces the "security scan" status check that the synaptixs/spine "Protect main"
+# ruleset requires on PRs into main. The job NAME must stay exactly "security scan"
+# — the ruleset matches the required check by that context name. Runs on PRs into
+# main (and on demand); a clean tree passes, committed secrets fail it.
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    name: security scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Scan for committed secrets
+        run: |
+          set -euo pipefail
+          # High-signal credential/key patterns. Fail the check if any are committed.
+          patterns='AKIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{36}|xox[baprs]-[0-9A-Za-z-]{10,}|-----BEGIN [A-Z ]*PRIVATE KEY-----'
+          # Allowlist (not real secrets):
+          #  - this workflow defines the patterns themselves
+          #  - tests/ and scripts/ hold dummy fixtures for the codereview secret-detector
+          #  - AKIAIOSFODNN7EXAMPLE is AWS's canonical documentation example key
+          matches="$(git grep -nIE "$patterns" -- . ':!.github/workflows' ':!tests' ':!scripts' || true)"
+          real="$(printf '%s\n' "$matches" | grep -vE 'AKIAIOSFODNN7EXAMPLE' | grep -v '^$' || true)"
+          if [ -n "$real" ]; then
+            printf '%s\n' "$real"
+            echo "::error::Potential committed secret detected — see matches above."
+            exit 1
+          fi
+          echo "No committed secrets detected."

synaptixs_spine-1.23.0/.gitignore

@@ -0,0 +1,33 @@
+/docs/*
+!/docs/specs/
+!/docs/evals/
+
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.venv/
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+htmlcov/
+.coverage
+dist/
+build/
+
+# Editors / OS
+.DS_Store
+.idea/
+.vscode/
+
+# Local smoke-test artefacts
+.smoke-api.log
+
+# Claude Code session lockfiles
+.claude/
+
+# Secrets / local credentials (live integration testing)
+.env
+.env.*
+!.env.example
+*.pem

synaptixs_spine-1.23.0/.mcp.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "orchestrator": {
+      "command": "orchestrator-mcp",
+      "args": []
+    }
+  }
+}

synaptixs_spine-1.23.0/.pre-commit-config.yaml

@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.6.9
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.11.2
+    hooks:
+      - id: mypy
+        additional_dependencies: [pydantic>=2.7]
+        args: [--strict]
+        files: ^(src|tests)/
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-merge-conflict

synaptixs_spine-1.23.0/.python-version

@@ -0,0 +1 @@
+3.12

synaptixs_spine-1.23.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,43 @@
+# Code of Conduct
+
+This project adopts the [Contributor Covenant, v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) as its Code of Conduct.
+
+The full text is available at the link above. A short summary:
+
+## Our pledge
+
+We pledge to make participation in our community a respectful and welcoming experience for everyone, regardless of background, identity, or experience level.
+
+## Expected behavior
+
+- Be respectful in discussions, code reviews, and issues.
+- Assume good faith. Ask questions before assuming intent.
+- Give and accept constructive feedback gracefully.
+- Focus on what is best for the project and the community.
+
+## Unacceptable behavior
+
+- Personal attacks, insults, or derogatory comments.
+- Public or private harassment.
+- Publishing others' private information without explicit permission.
+- Other conduct which could reasonably be considered inappropriate in a professional setting.
+
+## Scope
+
+This Code of Conduct applies to all project spaces — GitHub issues and pull requests, discussion forums, chat channels, and any in-person or virtual events associated with the project.
+
+## Reporting
+
+If you experience or witness behavior that violates this Code of Conduct, please report it by emailing the maintainers. Reports will be reviewed and investigated promptly and confidentially.
+
+**Contact:** Open a private issue or email the repository maintainer listed in the GitHub org settings. (Replace with a dedicated address once the project has one.)
+
+## Enforcement
+
+Maintainers are responsible for clarifying and enforcing standards of acceptable behavior. They may take any action they deem appropriate in response to violations, including warnings, temporary bans, or permanent removal from the project.
+
+The full enforcement guidelines from the Contributor Covenant v2.1 apply.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct/.