scalytics · novatechflow · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026
diff --git a/.env.example b/.env.example
@@ -1,27 +1,25 @@
-PORT=3000
-NODE_ENV=development
-JWT_SECRET=
-JWT_EXPIRE=30d
-ENCRYPTION_SECRET=
-DB_PATH=./data/community.db
-MODELS_DIR=./models
-LOG_LEVEL=info
-ALLOW_EXTERNAL_IN_PRIVATE=false
-MCP_API_BASE_URL=https://api.example.com/v1
-
-# GitHub OAuth settings
-GITHUB_CLIENT_ID=
-GITHUB_CLIENT_SECRET=
-
-# Admin and Group Protection Settings
-# Prevents admin password reset during server restart/update
-PRESERVE_ADMIN_PASSWORD=true
-# Additional safeguard for admin password
-NEVER_RESET_ADMIN_PASSWORD=true
-# Prevents modification of user groups during migrations
-SKIP_GROUP_CREATION=true
-# Migration mode: 'full', 'safe', or 'minimal'
-# - full: All migrations including user/group modifications
-# - safe: Schema migrations without user/group changes (default for updates)
-# - minimal: Only critical database structure
-MIGRATION_MODE=safe
+PORT=CHANGEME
+NODE_ENV=CHANGEME
+JWT_SECRET=CHANGEME
+JWT_EXPIRE=CHANGEME
+ENCRYPTION_SECRET=CHANGEME
+DB_PATH=CHANGEME
+MODELS_DIR=CHANGEME
+LOG_LEVEL=CHANGEME
+LANCEDB_BASE_URI=CHANGEME
+OPENAI_API_KEY=CHANGEME
+ANTHROPIC_API_KEY=CHANGEME
+COHERE_API_KEY=CHANGEME
+MISTRAL_API_KEY=CHANGEME
+ALLOW_EXTERNAL_IN_PRIVATE=CHANGEME
+MCP_API_BASE_URL=CHANGEME
+MCP_API_KEY=CHANGEME
+MCP_DEFAULT_MODEL=CHANGEME
+GITHUB_CLIENT_ID=CHANGEME
+GITHUB_CLIENT_SECRET=CHANGEME
+API_CORS_ORIGIN=CHANGEME
+FRONTEND_URL=CHANGEME
+PRESERVE_ADMIN_PASSWORD=CHANGEME
+NEVER_RESET_ADMIN_PASSWORD=CHANGEME
+SKIP_GROUP_CREATION=CHANGEME
+MIGRATION_MODE=CHANGEME
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,13 @@
+# Default ownership
+* @scalytics
+
+# Backend
+/src/ @scalytics
+/scripts/ @scalytics
+
+# Frontend
+/frontend/ @scalytics
+
+# Deployment and docs
+/deploy/ @scalytics
+/docs/ @scalytics
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,58 @@
+name: Bug Report
+description: Report a reproducible problem in Scalytics Connect
+title: "[Bug]: "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a bug. Please provide enough detail to reproduce it.
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: What happened?
+      placeholder: Describe the observed behavior.
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide exact steps.
+      placeholder: |
+        1. ...
+        2. ...
+        3. ...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      placeholder: Describe what you expected.
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs and Screenshots
+      description: Include relevant logs, stack traces, or screenshots.
+      render: shell
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Which version/commit are you using?
+      placeholder: e.g. 1.8.0 or commit SHA
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - Backend
+        - Frontend
+        - Python services
+        - Deployment
+        - Documentation
+        - Other
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability report
+    url: mailto:security@scalytics.io
+    about: Report security issues privately. Do not file public issues for vulnerabilities.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,46 @@
+name: Feature Request
+description: Propose a new capability or enhancement
+title: "[Feature]: "
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for the suggestion. Please focus on problem and impact.
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem Statement
+      description: What user or operational problem are you trying to solve?
+      placeholder: Describe the pain point.
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed Solution
+      description: What should change?
+      placeholder: Describe your proposed approach.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Any alternatives you considered.
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: Who benefits and how?
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - Backend
+        - Frontend
+        - Python services
+        - Deployment
+        - Documentation
+        - Other
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,28 @@
+## Summary
+
+- What changed?
+- Why was this needed?
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] Feature
+- [ ] Refactor
+- [ ] Documentation
+- [ ] Chore
+
+## Testing
+
+- [ ] `npm run lint`
+- [ ] `npm test -- --runInBand --passWithNoTests`
+- [ ] `cd frontend && npm run build`
+- [ ] `python -m compileall scripts src/python_services` (if Python affected)
+
+Notes:
+
+## Checklist
+
+- [ ] Linked issue(s) where relevant
+- [ ] No secrets or credentials committed
+- [ ] Updated docs and `CHANGELOG.md` if user-facing behavior changed
+- [ ] Added migration notes for any breaking change
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,70 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  backend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+
+      - name: Install backend deps
+        run: npm ci
+
+      - name: Lint backend (if config exists)
+        run: |
+          if [ -f .eslintrc ] || [ -f .eslintrc.js ] || [ -f .eslintrc.cjs ] || [ -f .eslintrc.json ] || [ -f eslint.config.js ] || [ -f eslint.config.mjs ] || [ -f eslint.config.cjs ]; then
+            npm run lint
+          else
+            echo "No ESLint config found; skipping lint."
+          fi
+
+      - name: Test backend
+        run: npm test -- --runInBand --passWithNoTests
+
+  frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install frontend deps
+        working-directory: frontend
+        run: npm install
+
+      - name: Build frontend
+        working-directory: frontend
+        run: CI=false npm run build
+
+  python-sanity:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Compile Python sources
+        run: |
+          python -m compileall scripts src/python_services
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
@@ -0,0 +1,31 @@
+name: Dependency Check
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * 1'
+
+jobs:
+  deps:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Backend deps check
+        run: |
+          npm ci
+          npm run deps:check
+          npm run deps:audit
+
+      - name: Frontend deps check
+        working-directory: frontend
+        run: |
+          npm ci
+          npm run deps:check
+          npm run deps:audit
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -0,0 +1,30 @@
+name: Secrets Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Install gitleaks
+        run: |
+          GITLEAKS_VERSION=8.24.2
+          curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" | tar -xz
+          sudo mv gitleaks /usr/local/bin/gitleaks
+
+      - name: Run gitleaks
+        run: |
+          rm -rf /tmp/repo-scan
+          mkdir -p /tmp/repo-scan
+          git archive --format=tar HEAD | tar -xf - -C /tmp/repo-scan
+          gitleaks detect --source /tmp/repo-scan --no-git --redact --exit-code 1