Add citation and maintainer docs

Ekin-Kahraman · Ekin-Kahraman · commit 727f4e568a5e · 2026-05-15T21:35:46.000+01:00
diff --git a/CITATION.cff b/CITATION.cff
@@ -0,0 +1,20 @@
+cff-version: 1.2.0
+message: "If you reference this prototype, please cite the repository."
+title: "SafetyNett: AI-assisted clinical safety-netting prototype"
+type: software
+license: MIT
+repository-code: "https://github.com/Ekin-Kahraman/safetynett"
+url: "https://github.com/Ekin-Kahraman/safetynett"
+abstract: "A React, TypeScript and Supabase prototype for AI-assisted primary-care safety-netting, red-flag detection, patient follow-up, and GP escalation."
+keywords:
+  - digital health
+  - clinical safety
+  - safety-netting
+  - TypeScript
+  - Supabase
+  - NHS
+authors:
+  - family-names: "Kahraman"
+    given-names: "Ekin"
+    affiliation: "University of East Anglia"
+    email: "evk23umu@uea.ac.uk"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,32 @@
+# Contributing
+
+Contributions are welcome when they improve clinical safety, product robustness, accessibility, tests, or documentation.
+
+## Development setup
+
+```bash
+npm install
+npm run lint
+npm run typecheck
+npm run build
+npm test
+```
+
+Local development requires Supabase and email-provider credentials in `.env`. Do not commit real secrets.
+
+## Pull request checklist
+
+- `npm run lint` passes.
+- `npm run typecheck` passes.
+- `npm run build` passes.
+- `npm test` passes.
+- Clinical logic changes include the source or guideline basis.
+- No real patient data, credentials, or production identifiers are committed.
+
+## Clinical safety
+
+SafetyNett is a prototype. Any change to red-flag logic, escalation routing, patient communication, or verification flow should be reviewed as a clinical-safety change and documented in the pull request.
+
+## Licence
+
+By contributing, you agree that your contributions are licensed under the MIT licence.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security policy
+
+## Supported versions
+
+Security fixes are made on the default branch. This is a hackathon prototype and is not approved for clinical deployment.
+
+## Reporting a vulnerability
+
+If you find a vulnerability involving authentication, Supabase access, patient-data handling, email or voice follow-up, prompt injection, or escalation logic, do not open a public issue.
+
+Email: evk23umu@uea.ac.uk
+Subject: `safetynett security: <short description>`
+
+Please include:
+- Reproduction steps
+- Browser and operating system
+- Whether a local or cloud environment was used
+- Expected impact
+
+I aim to respond within 7 days.
+
+## Data handling
+
+Do not enter real patient data, NHS numbers, phone numbers, clinical records, or credentials into public issues, screenshots, or demo environments. Use synthetic patients only.
diff --git a/package.json b/package.json
@@ -2,6 +2,7 @@
   "name": "safetynett",
   "private": true,
   "version": "1.0.0",
+  "license": "MIT",
   "type": "module",
   "scripts": {
     "dev": "vite",
