docs: add CONTRIBUTING.md and SECURITY.md#549
Open
dashitongzhi wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to add contributor and security documentation to the repo. However, only CONTRIBUTING.md is actually included in the diff — the SECURITY.md advertised in the description is missing — and the contents of CONTRIBUTING.md diverge substantially from the real repository (wrong Python version, wrong run commands, fabricated project structure, and a non-existent test suite).
Changes:
- Adds a new top-level
CONTRIBUTING.mddescribing setup, project layout, dev workflow, and PR process. - Mentions a
SECURITY.mdthat is not part of this diff.
Comments suppressed due to low confidence (5)
CONTRIBUTING.md:30
- Both run commands here are wrong for this project:
uvicorn main:app --reload— there is no top-levelmainmodule. The ASGI app lives atapp.main:app(seeapp/main.py).python -m grok2api— there is nogrok2apipackage; the project name inpyproject.tomlisgrok2apibut the actual Python package isapp, and it has no__main__entry point.
The project's documented start command (see the docstring at the top of app/main.py) is uv run granian --interface asgi --host 0.0.0.0 --port 8000 --workers 1 app.main:app. Following these instructions as-is will fail immediately.
```bash
uvicorn main:app --reload
# or
python -m grok2api
**CONTRIBUTING.md:43**
* This project structure does not match the actual repository. The real layout has `app/control/`, `app/dataplane/`, `app/platform/`, `app/products/`, and `app/statics/` — there is no `app/api/`, `app/core/`, `app/models/`, top-level `tests/`, or top-level `docker/` directory (Docker files `Dockerfile` and `docker-compose.yml` live at the repo root). New contributors relying on this diagram will be confused about where to add code.
grok2api/
├── app/ # Main application
│ ├── api/ # API routes
│ ├── core/ # Core logic
│ └── models/ # Data models
├── tests/ # Test suite
├── docker/ # Docker configuration
└── docs/ # Documentation
**CONTRIBUTING.md:60**
* There is no `tests/` directory in this repository, and `pytest` is not declared in `pyproject.toml` (only `ruff` is in the `dev` dependency group). Running `pytest tests/` as instructed will fail. Either add a tests suite/pytest dependency, or update this section to reflect the actual quality gate (e.g. `ruff` checks).
- Test
pytest tests/
**CONTRIBUTING.md:17**
* `pip install -e .` will not by itself install the dev tooling. The project uses `uv` (see `uv.lock` and the `[dependency-groups]` table in `pyproject.toml`), and `ruff` is declared in the `dev` group rather than as a regular dependency. Consider documenting `uv sync` (with the dev group) instead, to match how the project is actually managed.
- Clone and install
git clone https://github.com/chenyme/grok2api.git cd grok2api pip install -e .
**CONTRIBUTING.md:77**
* PR description mentions a SECURITY.md being added, but no SECURITY.md is included in this diff — only CONTRIBUTING.md is present. Line 77 here also points readers at SECURITY.md, which will be a dangling reference until that file is added.
Security
If you find a security vulnerability, please see SECURITY.md for reporting instructions.
</details>
---
💡 <a href="/chenyme/grok2api/new/main?filename=.github/instructions/*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.
| ## Development Setup | ||
|
|
||
| 1. **Requirements** | ||
| - Python 3.10+ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary\n\nAdded contributor and security documentation:\n\n- CONTRIBUTING.md - Setup instructions, project structure, development guidelines\n- SECURITY.md - Security reporting policy, supported versions, best practices\n\nThese files help new contributors and establish a clear security reporting process.