Phase 04: Contributor Experience

.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "07:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - go
+    groups:
+      gomod-minor-and-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"

CONTRIBUTING.md

@@ -0,0 +1,40 @@
+# Contributing
+
+## Development Setup
+
+Run `make help` first to see the local contributor workflow.
+
+You need Go installed locally, plus `golangci-lint` and `govulncheck`; `make test` installs `gotestsum` automatically through the existing `Makefile`.
+
+Install hints:
+
+- `golangci-lint`: https://golangci-lint.run/welcome/install/
+- `govulncheck`: `go install golang.org/x/vuln/cmd/govulncheck@latest`
+
+```bash
+make help
+```
+
+Use [README.md](README.md) for installation, examples, and architecture context.
+
+## Local Checks
+
+```bash
+make build
+make test
+make integration-test
+make lint
+make lint-fix
+make security-scan
+make clean
+```
+
+## Pull Request Workflow
+
+Create a branch from main, run local checks, and open PR with a short summary of the change and any relevant context for reviewers.
+
+Keep [README.md](README.md) adopter-focused by linking contributors back there for installation, examples, and architecture details instead of duplicating that content in this guide.
+
+## Security
+
+For disclosure guidance, reporting channels, and expectations, see [SECURITY.md](SECURITY.md).

README.md

@@ -1,6 +1,8 @@
 # GIN Index
 
-[![CI](https://github.com/amikos-tech/ami-gin/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/amikos-tech/ami-gin/actions/workflows/ci.yml)
+[![CI](https://github.com/amikos-tech/ami-gin/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/amikos-tech/ami-gin/actions/workflows/ci.yml) [![Go Reference](https://pkg.go.dev/badge/github.com/amikos-tech/ami-gin.svg)](https://pkg.go.dev/github.com/amikos-tech/ami-gin) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for local contributor workflows and [SECURITY.md](SECURITY.md) for disclosure guidance.
 
 A Generalized Inverted Index (GIN) for JSON data, designed for row-group pruning in columnar storage formats like Parquet.
 

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you suspect a vulnerability, do not open public issues, public pull requests, or public discussions. Use a private reporting channel so details can be triaged safely.
+
+## Preferred Channel
+
+When GitHub private vulnerability reporting is available for this repository, use that private GitHub flow first.
+
+## Fallback Contact
+
+If GitHub private vulnerability reporting is unavailable or unsuitable, email security@amikos.tech.
+
+## Disclosure Expectations
+
+We aim to acknowledge reports within 5 business days and send follow-up status updates as triage progresses.
+
+## Supported Versions
+
+Security support currently applies to the latest development line on main and, once releases exist, the latest tagged release.