Add community health files, comparison table, and README improvements (#337)

yshmarov · web-flow · commit 96b124b7e8de · 2026-02-21T14:51:25.000+01:00
- CHANGELOG.md: Keep a Changelog format covering recent history
- CONTRIBUTING.md: Setup, conventions, and PR guidelines
- SECURITY.md: Responsible disclosure policy
- docs/README.md: Learning path index for progressive disclosure
- docs/deployment.md: Rewrite for Kamal (replace Fly.io/Render/Heroku)
- GitHub issue templates (bug report, feature request)
- GitHub pull request template with checklist
- README: CI badge, stars badge, comparison table vs Bullet Train and
  Jumpstart Pro, deploy section updated to Kamal, fixed LICENSE link
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,29 @@
+---
+name: Bug Report
+about: Report something that isn't working
+labels: bug
+---
+
+**Describe the bug**
+
+A clear description of what's broken.
+
+**Steps to reproduce**
+
+1.
+2.
+3.
+
+**Expected behavior**
+
+What should happen.
+
+**Actual behavior**
+
+What happens instead.
+
+**Environment**
+
+- Ruby version:
+- Rails version:
+- OS:
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: Suggest a new feature or improvement
+labels: enhancement
+---
+
+**Problem**
+
+What problem does this solve?
+
+**Proposed solution**
+
+How should it work?
+
+**Alternatives considered**
+
+Any other approaches you've thought about.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+## What changed
+
+<!-- Brief description of the changes -->
+
+## Why
+
+<!-- What problem does this solve? -->
+
+## Checklist
+
+- [ ] Tests pass (`rails test:all`)
+- [ ] Linters pass (`bundle exec rubocop -A && bundle exec erb_lint --lint-all -a`)
+- [ ] Scoped queries to organization where applicable
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,98 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [Unreleased]
+
+### Added
+
+- Direct invitation links via Invitations#show page
+- Cloudflared tunnel documentation
+- Profile and notifications links to navigation
+
+### Changed
+
+- Replaced Fly.io, Render, and Heroku deployment with Kamal
+- Renamed PageComponent to SectionComponent
+- Increased SectionComponent max width to 2xl
+- Use md size for SimpleForm inputs
+
+### Removed
+
+- Sign-in and authentication success toasts
+- `created_at` column from organization table
+
+### Security
+
+- Updated faraday to 2.14.1 to fix SSRF vulnerability (CVE-2026-25765)
+
+## [2026-01-23]
+
+### Added
+
+- Linear-inspired light and dark themes
+- Essential tests for StripePrice and SubscriptionPolicy
+- Git workflow rules to CLAUDE.md
+- AI learnings to CLAUDE.md
+- CLAUDE.md with project guidance for Claude Code
+
+### Changed
+
+- Simplified AccessRequest STI with template method pattern
+- Replaced StripePriceService with StripePrice PORO
+- Used Pundit for SubscriptionsController authorization
+- Simplified default Stripe checkout settings
+- Replaced DropdownPopoverComponent with CSS-only version
+- Simplified pundit_user in OrganizationsController
+- Redirect to organization dashboard after invitation acceptance
+- Improved accessibility and empty state handling in views
+- Consolidated documentation into docs/ folder
+
+### Fixed
+
+- Allow users to be re-invited after declining
+- Inefficient participant? query
+- MembershipPolicy#index to require membership
+- Magic string in Membership model
+- Notification error when organization is destroyed
+
+### Security
+
+- Enabled Pundit verify_authorized in base controller
+- Restricted developer OAuth provider to development only
+- Removed admin bypass in development for admin routes
+- Added tokens to parameter filter list
+- Sanitized markdown output while preserving embeds
+- Updated production domain to use HOST environment variable
+
+### Removed
+
+- ruby_llm gem (not core for boilerplate)
+- profitable gem
+- nested_scaffold gem in favor of AI-based code generation
+
+## [2026-01-06]
+
+### Added
+
+- Improved linting configuration
+
+### Changed
+
+- Refactored form builder variable from `form` to `f`
+- Refactored membership system with directional naming for invitations and join requests
+
+## [2025-12-24]
+
+### Added
+
+- Sidebar organization selector with daisyUI tree nav
+- Search moved from navbar to sidebar
+
+### Changed
+
+- Updated daisyUI to latest version
+- Refactored Devise layouts and improved OAuth divider
+- Updated sign-in button text for clarity
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,47 @@
+# Contributing to Moneygun
+
+Thanks for your interest in contributing! Here's how to get started.
+
+## Development Setup
+
+1. Fork and clone the repo
+2. Run `bin/setup` to install dependencies and set up the database
+3. Run `bin/dev` to start the development server
+
+See [Getting Started](docs/getting-started.md) for detailed setup instructions.
+
+## Making Changes
+
+1. Create a feature branch from `main`
+2. Make your changes
+3. Run the test suite: `rails test:all`
+4. Run linters: `bundle exec rubocop -A && bundle exec erb_lint --lint-all -a`
+5. Push and open a pull request
+
+## Code Conventions
+
+- **Thin controllers, rich models** - business logic belongs in models
+- **Always scope to organization** - use `Current.organization.resources`, never `Resource.all`
+- **Associate with membership** - org-scoped resources belong to `membership`, not `user`
+- **Pundit for authorization** - generate policies with `rails g pundit:policy resource_name`
+
+See [Development Guide](docs/development.md) for more details.
+
+## Pull Requests
+
+- Keep PRs focused on a single change
+- Include tests for new features and bug fixes
+- Make sure CI passes (linting + tests)
+- Describe what changed and why in the PR description
+
+## Reporting Bugs
+
+Open an issue with:
+
+- Steps to reproduce
+- Expected vs actual behavior
+- Ruby/Rails version
+
+## Feature Requests
+
+Open an issue describing the use case and proposed solution. Discussion before implementation helps avoid wasted effort.
diff --git a/README.md b/README.md
@@ -3,7 +3,9 @@
 **The Rails 8 SaaS boilerplate for multi-tenant applications.**
 
 [![Ruby on Rails](https://img.shields.io/badge/Rails-8-red.svg)](https://rubyonrails.org/)
-[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
+[![CI](https://github.com/yshmarov/moneygun/actions/workflows/ci.yml/badge.svg)](https://github.com/yshmarov/moneygun/actions/workflows/ci.yml)
+[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENCE.md)
+[![GitHub Stars](https://img.shields.io/github/stars/yshmarov/moneygun?style=social)](https://github.com/yshmarov/moneygun)
 
 ![Moneygun features](https://i.imgur.com/QUmTexS.png)
 
@@ -31,8 +33,7 @@ bin/dev
 
 ## Deploy
 
-[![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/yshmarov/moneygun)
-[![Deploy to Heroku](https://www.herokucdn.com/deploy/button.svg)](https://dashboard.heroku.com/new?template=https://github.com/yshmarov/moneygun)
+Deploy to production with [Kamal](https://kamal-deploy.org/). See the [Deployment Guide](docs/deployment.md) for details.
 
 ## Documentation
 
@@ -64,6 +65,38 @@ bin/dev
   </tr>
 </table>
 
+## How Does Moneygun Compare?
+
+Moneygun is a lightweight starting point. [Bullet Train](https://bullettrain.co/) and [Jumpstart Pro](https://jumpstartrails.com/) are more full-featured frameworks with ongoing support.
+
+| Feature | Moneygun | Bullet Train | Jumpstart Pro |
+|---------|----------|--------------|---------------|
+| **Price** | Free | Free | $249-749/yr |
+| **License** | MIT | MIT | Commercial |
+| **Multi-tenancy** | Route-based | Team-based | Multiple strategies |
+| **Authentication** | Devise + OAuth | Devise + OAuth | Devise + OAuth |
+| **Two-factor auth** | - | Yes | Yes |
+| **Authorization** | Pundit | CanCanCan | Pundit |
+| **Payments** | Stripe (Pay gem) | Stripe (Pay gem) | Stripe, Paddle, Lemon Squeezy, Braintree (Pay gem) |
+| **Teams & Invitations** | Yes | Yes | Yes |
+| **Admin panel** | Avo | Avo | Madmin |
+| **REST API** | - | Yes (OpenAPI 3.1) | Yes |
+| **Outgoing webhooks** | - | Yes | - |
+| **Code generation** | Custom scaffold | Super Scaffolding | Rails scaffold |
+| **Mobile apps (iOS/Android)** | Coming soon | - | Hotwire Native ($199-599/yr) |
+| **Notifications** | Noticed | ActionMailer + ActionCable | Noticed |
+| **Audit logs** | - | Yes | - |
+| **User impersonation** | Yes (Masquerade) | - | Yes (Pretender) |
+| **Feature flags** | Flipper | - | - |
+| **I18n** | Partial (EN, FR) | Yes | Yes |
+| **UI framework** | Tailwind + daisyUI | Tailwind (custom theme) | Tailwind + daisyUI |
+| **Background jobs** | GoodJob | Sidekiq | SolidQueue / Sidekiq |
+| **Official support** | Community | Yes | Yes |
+
+**Choose Moneygun** if you want a free, simple foundation you fully own and understand — no framework abstractions, no subscription, just plain Rails you can read top to bottom.
+
+**Choose [Bullet Train](https://bullettrain.co/)** if you need a production-grade framework with advanced features, code generation, official support, and a team behind it.
+
 ## Contributors
 
 <a href="https://github.com/yshmarov/moneygun">
@@ -72,7 +105,7 @@ bin/dev
 
 ## License
 
-MIT License - see [LICENSE](LICENSE)
+MIT License - see [LICENCE](LICENCE.md)
 
 ## Acknowledgments
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly.
+
+**Do not open a public issue.** Instead, email the maintainer directly or use [GitHub's private vulnerability reporting](https://github.com/yshmarov/moneygun/security/advisories/new).
+
+Include:
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+You can expect an initial response within 48 hours.
+
+## Supported Versions
+
+Only the latest version on the `main` branch receives security updates.
diff --git a/docs/README.md b/docs/README.md
@@ -0,0 +1,26 @@
+# Moneygun Documentation
+
+## Learning Path
+
+### 1. Get Running
+
+- **[Getting Started](getting-started.md)** - Installation, credentials, and first boot
+
+### 2. Understand the Architecture
+
+- **[Architecture](architecture.md)** - Multi-tenancy, models, Current context, controller patterns
+
+### 3. Build Features
+
+- **[Development](development.md)** - Adding resources, testing, coding conventions
+- **[Stripe Integration](stripe-integration.md)** - Payments, subscriptions, and paywalls
+
+### 4. Ship It
+
+- **[Deployment](deployment.md)** - Production deployment with Kamal
+- **[Cloudflared](cloudflared.md)** - Tunnel setup for webhook testing
+
+### 5. Keep It Clean
+
+- **[Linting](linting.md)** - RuboCop, erb_lint, Prettier
+- **[Syncing](syncing.md)** - Keeping your fork up to date
diff --git a/docs/deployment.md b/docs/deployment.md
