From 94fb391de0e3a6c1288fa2c8b92a95f8d83adcce Mon Sep 17 00:00:00 2001
From: ROHAN <123131rkorohan@gmail.com>
Date: Sun, 21 Jun 2026 20:59:58 +0530
Subject: [PATCH] docs: add contributor, security and GitHub workflow templates

---
 .github/ISSUE_TEMPLATE/bug_report.md          | 24 +++++++
 .github/ISSUE_TEMPLATE/config.yml             |  7 +-
 .github/ISSUE_TEMPLATE/documentation.md       | 10 +++
 .github/ISSUE_TEMPLATE/feature_request.md     | 12 ++++
 .github/ISSUE_TEMPLATE/stellar_integration.md | 18 ++++++
 .github/pull_request_template.md              | 54 +++++++---------
 CONTRIBUTING.md                               | 64 +++++++++++++++++++
 SECURITY.md                                   | 38 +++++++++++
 8 files changed, 193 insertions(+), 34 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md
 create mode 100644 .github/ISSUE_TEMPLATE/documentation.md
 create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md
 create mode 100644 .github/ISSUE_TEMPLATE/stellar_integration.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..685be4e
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,24 @@
+---
+name: Bug Report
+about: Report a bug
+---
+
+## Description
+
+## Steps To Reproduce
+
+## Expected Behavior
+
+## Actual Behavior
+
+## Environment
+
+- Browser:
+- OS:
+
+## Affected Area
+
+- [ ] Frontend
+- [ ] Backend
+- [ ] Stellar
+- [ ] Payments
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 0d8468f..d41e592 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,6 @@
 blank_issues_enabled: false
+
 contact_links:
-  - name: Security vulnerability report
-    url: https://github.com/Obiajulu-gif/chain_move/security/policy
-    about: Please report sensitive security issues privately instead of opening public issues.
+  - name: Security Report
+    about: Report security vulnerabilities privately
+    url: mailto:security@chainmove.xyz
diff --git a/.github/ISSUE_TEMPLATE/documentation.md b/.github/ISSUE_TEMPLATE/documentation.md
new file mode 100644
index 0000000..db65e61
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/documentation.md
@@ -0,0 +1,10 @@
+---
+name: Documentation
+about: Documentation improvements
+---
+
+## Section
+
+## Current Problem
+
+## Proposed Update
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..6eb2904
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,12 @@
+---
+name: Feature Request
+about: Suggest a new feature
+---
+
+## Problem
+
+## Proposed Solution
+
+## Alternatives
+
+## Additional Context
diff --git a/.github/ISSUE_TEMPLATE/stellar_integration.md b/.github/ISSUE_TEMPLATE/stellar_integration.md
new file mode 100644
index 0000000..8547ee2
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/stellar_integration.md
@@ -0,0 +1,18 @@
+---
+name: Stellar Integration
+about: Stellar-related improvement
+---
+
+## Component
+
+- Wallet
+- Asset
+- Horizon
+- Soroban
+- RPC
+
+## Proposal
+
+## Expected Outcome
+
+## Security Considerations
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 2d4ae8a..885a54c 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,44 +1,36 @@
 ## Summary
 
-What changed?
+Describe your changes.
 
-## Area changed
+## Related Issue
 
-Check all that apply:
+Closes #
 
-- [ ] Frontend / UI
-- [ ] Backend / API routes
-- [ ] Auth / Privy
-- [ ] Payments / Paystack
-- [ ] Email / Resend
-- [ ] Stellar / Soroban
-- [ ] MongoDB models
+## Affected Areas
+
+- [ ] Frontend
+- [ ] Backend
+- [ ] Authentication
+- [ ] Payments
+- [ ] Stellar
 - [ ] Documentation
 - [ ] Tests
-- [ ] Security
-
-## Contributor safety checklist
-
-- [ ] I did not commit `.env.local` or real secrets.
-- [ ] I did not expose server-only variables in client-side code.
-- [ ] I used mock mode or my own sandbox/test credentials.
-- [ ] I did not add deployment steps for contributor PRs.
-- [ ] I did not add maintainer-only credentials.
-
-## Testing
+- [ ] UI/UX
 
-Commands run:
+## Checklist
 
-```bash
-npm run lint
-npx tsc --noEmit
-npm run build
-```
+- [ ] Code follows project conventions
+- [ ] npm run lint passes
+- [ ] npm run build passes
+- [ ] Tests updated where needed
+- [ ] No secrets committed
+- [ ] No production credentials used
+- [ ] Documentation updated if required
 
-## Screenshots / demo
+## Screenshots
 
-Add screenshots or screen recordings for UI changes.
+If applicable.
 
-## Notes for maintainers
+## Additional Notes
 
-Mention anything that needs special review, migration, or follow-up.
+Optional.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c3ef153..9c6b498 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -94,3 +94,67 @@ Avoid reintroducing stale Lisk, EVM, Solana, or Thirdweb assumptions unless the
 ## Security-sensitive changes
 
 Open a small PR and explain the risk being fixed. Security-sensitive areas include session handling, Privy token verification, Paystack webhooks, KYC upload/encryption, Stellar signing, admin permissions, and database access controls.
+
+## Environment Setup
+
+1. Copy the example environment file:
+
+```bash
+cp .env.example .env.local
+```
+Populate only your local development values.
+Never request production credentials from maintainers.
+Never commit:
+.env.local
+API keys
+JWT secrets
+database credentials
+Stellar private keys
+
+---
+
+## Mock Development
+
+Contributors should use mock mode whenever possible.
+
+Do not depend on production services for feature development.
+
+Use local test data and development configurations.
+
+---
+
+## Pull Request Guidelines
+
+Keep pull requests focused.
+
+Good examples:
+
+- Wallet UI improvements
+- Documentation updates
+- Authentication fixes
+- Stellar integration enhancements
+
+Avoid combining unrelated changes.
+
+Before opening a PR run:
+
+```bash
+npm run lint
+npm run build
+```
+
+---
+
+## Affected Areas
+
+When opening a PR specify:
+
+- Frontend
+- Backend
+- Authentication
+- Payments
+- Stellar
+- Documentation
+- Tests
+- UI/UX
+
diff --git a/SECURITY.md b/SECURITY.md
index a553a1e..63a879e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -57,3 +57,41 @@ Request maintainer review when touching:
 - Add tests for Paystack webhook signature validation.
 - Add tests for Privy token validation and role selection.
 - Add a secret scanning checklist to PR review.
+
+## Reporting Vulnerabilities
+
+Please do not create public GitHub issues for security vulnerabilities.
+
+Report vulnerabilities privately to the maintainers.
+
+Include:
+
+- Description
+- Impact
+- Reproduction steps
+- Suggested remediation
+
+## Sensitive Information
+
+Never expose:
+
+- Production API keys
+- JWT secrets
+- Database credentials
+- Payment provider secrets
+- Stellar private keys
+
+## Stellar Security
+
+Stellar private keys must:
+
+- Never be committed
+- Never be stored in frontend source code
+- Never be embedded in client bundles
+- Never appear in screenshots or examples
+
+Use environment variables for all secrets.
+
+## Responsible Disclosure
+
+Allow maintainers reasonable time to investigate and remediate before public disclosure.