From f82e252e39b982ba18aedf2b8e7f546222e6f7a3 Mon Sep 17 00:00:00 2001
From: DevITWay <devitway@gmail.com>
Date: Sat, 31 Jan 2026 11:59:18 +0000
Subject: [PATCH] docs: add CONTRIBUTING.md and SECURITY.md

---
 CONTRIBUTING.md | 128 ++++++++++++++++++------------------------------
 SECURITY.md     |  53 ++++++++++++++++++++
 2 files changed, 101 insertions(+), 80 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 5046997..a80e46b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,100 +1,68 @@
 # Contributing to NORA
 
-Thanks for your interest in contributing to NORA!
+Thank you for your interest in contributing to NORA!
 
 ## Getting Started
 
-1. **Fork** the repository
-2. **Clone** your fork:
-   ```bash
-   git clone https://github.com/your-username/nora.git
-   cd nora
-   ```
-3. **Create a branch**:
-   ```bash
-   git checkout -b feature/your-feature-name
-   ```
+1. Fork the repository
+2. Clone your fork: `git clone https://github.com/YOUR_USERNAME/nora.git`
+3. Create a branch: `git checkout -b feature/your-feature`
 
 ## Development Setup
 
-### Prerequisites
-
-- Rust 1.75+ (`rustup update`)
-- Docker (for testing)
-- Git
-
-### Build
-
 ```bash
+# Install Rust (if needed)
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+
+# Build
 cargo build
-```
 
-### Run
-
-```bash
-cargo run --bin nora
-```
-
-### Test
-
-```bash
+# Run tests
 cargo test
-cargo clippy
-cargo fmt --check
+
+# Run locally
+cargo run --bin nora -- serve
 ```
 
-## Making Changes
-
-1. **Write code** following Rust conventions
-2. **Add tests** for new features
-3. **Update docs** if needed
-4. **Run checks**:
-   ```bash
-   cargo fmt
-   cargo clippy -- -D warnings
-   cargo test
-   ```
-
-## Commit Messages
-
-Follow [Conventional Commits](https://www.conventionalcommits.org/):
-
-- `feat:` - New feature
-- `fix:` - Bug fix
-- `docs:` - Documentation
-- `test:` - Tests
-- `refactor:` - Code refactoring
-- `chore:` - Maintenance
-
-Example:
-```bash
-git commit -m "feat: add S3 storage migration"
-```
-
-## Pull Request Process
-
-1. **Push** to your fork:
-   ```bash
-   git push origin feature/your-feature-name
-   ```
-
-2. **Open a Pull Request** on GitHub
-
-3. **Wait for review** - maintainers will review your PR
-
 ## Code Style
 
-- Follow Rust conventions
-- Use `cargo fmt` for formatting
-- Pass `cargo clippy` with no warnings
-- Write meaningful commit messages
+- Run `cargo fmt` before committing
+- Run `cargo clippy` and fix warnings
+- Follow Rust naming conventions
 
-## Questions?
+## Pull Request Process
 
-- Open an [Issue](https://github.com/getnora-io/nora/issues)
-- Ask in [Discussions](https://github.com/getnora-io/nora/discussions)
-- Reach out on [Telegram](https://t.me/DevITWay)
+1. Update documentation if needed
+2. Add tests for new features
+3. Ensure all tests pass: `cargo test`
+4. Ensure code is formatted: `cargo fmt --check`
+5. Ensure no clippy warnings: `cargo clippy`
 
----
+## Commit Messages
 
-Built with love by the NORA community
+Use conventional commits:
+
+- `feat:` - new feature
+- `fix:` - bug fix
+- `docs:` - documentation
+- `style:` - formatting
+- `refactor:` - code refactoring
+- `test:` - adding tests
+- `chore:` - maintenance
+
+Example: `feat: add OAuth2 authentication`
+
+## Reporting Issues
+
+- Use GitHub Issues
+- Include steps to reproduce
+- Include NORA version and OS
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.
+
+## Contact
+
+- Telegram: [@DevITWay](https://t.me/DevITWay)
+- GitHub Issues: [getnora-io/nora](https://github.com/getnora-io/nora/issues)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..33278a2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,53 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.2.x   | :white_check_mark: |
+| < 0.2   | :x:                |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via:
+
+1. **Email:** devitway@gmail.com
+2. **Telegram:** [@DevITWay](https://t.me/DevITWay) (private message)
+
+### What to Include
+
+- Type of vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+### Response Timeline
+
+- **Initial response:** within 48 hours
+- **Status update:** within 7 days
+- **Fix timeline:** depends on severity
+
+### Severity Levels
+
+| Severity | Description | Response |
+|----------|-------------|----------|
+| Critical | Remote code execution, auth bypass | Immediate fix |
+| High | Data exposure, privilege escalation | Fix within 7 days |
+| Medium | Limited impact vulnerabilities | Fix in next release |
+| Low | Minor issues | Scheduled fix |
+
+## Security Best Practices
+
+When deploying NORA:
+
+1. **Enable authentication** - Set `NORA_AUTH_ENABLED=true`
+2. **Use HTTPS** - Put NORA behind a reverse proxy with TLS
+3. **Limit network access** - Use firewall rules
+4. **Regular updates** - Keep NORA updated to latest version
+5. **Secure credentials** - Use strong passwords, rotate tokens
+
+## Acknowledgments
+
+We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.