feat: add open-source polish — LICENSE, CI, templates, pyproject.toml

- Add MIT LICENSE
- Add pyproject.toml with Python 3.9+ and dev dependencies
- Add .github/workflows/ci.yml (pytest on Python 3.10/3.11/3.12)
- Add .github/ISSUE_TEMPLATE/ (bug report + feature request)
- Add .github/SECURITY.md (responsible disclosure)
- Add .github/CODEOWNERS (security-sensitive file review)
- Add .pre-commit-config.yaml with gitleaks hook
- Add .gitleaks.toml with allowlists for placeholder tokens
- Add CHANGELOG.md (v1.0.0 entry)
- Add HISTORY.md (provenance record)
- Update README.md with badges, setup scripts, requirements, license

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Shane Butler

.github/CODEOWNERS

@@ -0,0 +1,9 @@
+# Code owners — these files require review from the maintainer
+# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Security-sensitive files
+.gitignore              @shanebutler
+.claude/                @shanebutler
+connection_templates/   @shanebutler
+scripts/                @shanebutler
+.github/                @shanebutler

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug Report
+about: Something isn't working as expected
+title: ''
+labels: bug
+assignees: ''
+---
+
+**What happened?**
+A clear description of the bug.
+
+**What did you expect?**
+What should have happened instead.
+
+**Steps to reproduce**
+1. Run `...`
+2. Ask Claude `...`
+3. See error
+
+**Environment**
+- OS: [e.g., macOS 14.2, Ubuntu 22.04]
+- Python version: [e.g., 3.11.5]
+- Claude Code version: [run `claude --version`]
+- Data source: [MotherDuck / local DuckDB / CSV]
+
+**Error output**
+```
+Paste any error messages here
+```
+
+**Additional context**
+Anything else that might help (screenshots, log files, etc.).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature Request
+about: Suggest an improvement or new capability
+title: ''
+labels: enhancement
+assignees: ''
+---
+
+**What problem does this solve?**
+Describe the use case or pain point.
+
+**Proposed solution**
+How you think it should work.
+
+**Alternatives considered**
+Other approaches you thought about.
+
+**Additional context**
+Examples, screenshots, or references.

.github/SECURITY.md

@@ -0,0 +1,37 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+Instead, email: **shane@aianalystlab.ai**
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if you have one)
+
+You should receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.
+
+## Scope
+
+This policy covers:
+- The AI Analyst repository code
+- Configuration files and templates
+- Setup scripts
+- Data handling and connection logic
+
+This policy does NOT cover:
+- Claude Code itself (report to [Anthropic](https://www.anthropic.com/security))
+- MotherDuck (report to [MotherDuck](https://motherduck.com))
+- Third-party dependencies (report to their maintainers)
+
+## Best Practices for Users
+
+- Never commit `.claude/mcp.json` with real tokens (use `.claude/mcp.json.example`)
+- Never commit connection templates with credentials (use `.yaml.example` files)
+- Never share your MotherDuck token publicly
+- Review `.gitignore` before pushing to ensure no sensitive data is tracked

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.10', '3.11', '3.12']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]" 2>/dev/null || pip install pandas matplotlib duckdb pyyaml pytest faker
+
+      - name: Download sample data
+        run: bash scripts/download-data.sh --sample
+
+      - name: Run tests
+        run: python -m pytest tests/ -v --tb=short

.gitleaks.toml

@@ -0,0 +1,24 @@
+title = "AI Analyst gitleaks config"
+
+[allowlist]
+  description = "Known safe patterns"
+  paths = [
+    '''\.yaml\.example$''',
+    '''\.json\.example$''',
+    '''data/checksums\.sha256$''',
+  ]
+  regexTarget = "match"
+  regexes = [
+    '''your-motherduck-token-here''',
+    '''your-token-here''',
+    '''your_password''',
+    '''your-proxy:port''',
+    '''placeholder''',
+  ]
+
+[[rules]]
+  id = "connection-template-credentials"
+  description = "Credentials in connection template YAML files"
+  regex = '''(password|token|secret|api_key)\s*[:=]\s*["\']?[A-Za-z0-9+/=_-]{20,}'''
+  path = '''connection_templates/.*\.yaml$'''
+  tags = ["credential"]

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.0
+    hooks:
+      - id: gitleaks

CHANGELOG.md

@@ -0,0 +1,21 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.0] - 2026-02-19
+
+### Added
+- Initial public release
+- 17 specialized analysis agents with DAG-based parallel execution
+- 30 auto-applied skills (question framing, data quality, visualization, validation)
+- 14 slash commands for interactive use
+- NovaMart demo dataset (13 tables, 50K users, 6.5M events)
+- Tiered data system: Tier 1 in git, Tier 2 via GitHub Releases
+- Setup scripts: `setup.sh`, `download-data.sh`, `build-duckdb.sh`
+- Multi-warehouse support: DuckDB, MotherDuck, Postgres, BigQuery, Snowflake
+- SWD-styled chart generation with collision detection
+- Marp slide deck creation with branded HTML components
+- 4-layer validation framework with A-F confidence scoring
+- Knowledge system for cross-session memory
+- Metric dictionary with standardized definitions
+- Analysis archive with pattern extraction

HISTORY.md

@@ -0,0 +1,17 @@
+# History
+
+## Provenance
+
+This repository was extracted from the `ai-analytics-for-builders` monorepo on 2026-02-19.
+
+- **Source:** `bootcamp/repo/` subdirectory of the monorepo
+- **Extraction method:** `git archive HEAD:bootcamp/repo/` (clean snapshot, no history)
+- **Development period:** February 13-19, 2026
+- **Contributors:** Shane Butler, with Claude Code (Opus) as AI pair programmer
+- **Original context:** Student-facing product for the AI Analyst Bootcamp (weekend intensive)
+
+## Why no git history?
+
+The monorepo contains multiple products (courses, email pipelines, podcast tools, marketing). Extracting git history for just `bootcamp/repo/` would have carried irrelevant commits from other projects and leaked internal file paths. A clean snapshot gives a smaller, cleaner repo.
+
+The full development history is preserved in the private `ai-analytics-for-builders` monorepo for provenance.

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Shane Butler
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.