Harden OSS handoff: maintenance notes, issue intake, and stale policy

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -38,6 +38,15 @@ body:
     validations:
       required: true
 
+  - type: textarea
+    id: doctor_output
+    attributes:
+      label: "`nightshift doctor` output"
+      description: "Run `nightshift doctor` and paste the full output."
+      render: shell
+    validations:
+      required: true
+
   - type: textarea
     id: env
     attributes:
@@ -46,8 +55,9 @@ body:
       placeholder: |
         - OS:
         - Python:
-        - OpenCode:
-        - Nightshift:
+        - OpenCode CLI version:
+        - Nightshift version or commit:
+        - Install method (pip editable, pip, fork, etc.):
     validations:
       required: true
 
@@ -57,3 +67,5 @@ body:
       label: Logs / output
       description: Paste relevant logs, stack traces, and command output.
       render: shell
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability report
+    url: https://github.com/im-sham/nightshift/security/advisories/new
+    about: Report security issues privately. Do not open public issues for vulnerabilities.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -3,6 +3,11 @@ description: Propose an improvement for users or contributors.
 title: "[feature] "
 labels: ["enhancement"]
 body:
+  - type: markdown
+    attributes:
+      value: |
+        Nightshift is in maintenance mode. Feature requests with a clear implementation path and contributor ownership are the most likely to ship.
+
   - type: textarea
     id: problem
     attributes:
@@ -30,3 +35,10 @@ body:
       label: Impact
       description: Who benefits and how?
       placeholder: Users, contributors, maintainers, etc.
+
+  - type: textarea
+    id: ownership
+    attributes:
+      label: Contribution plan (optional)
+      description: If you can contribute this, outline scope/timeline so maintainers can prioritize review.
+      placeholder: I can open a PR that covers...

.github/workflows/stale.yml

@@ -0,0 +1,33 @@
+name: Stale
+
+on:
+  schedule:
+    - cron: "0 14 * * 1"
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Mark and close stale threads
+        uses: actions/stale@v9
+        with:
+          stale-issue-message: "This issue has been automatically marked stale due to inactivity. It will be closed in 14 days unless there is new activity."
+          close-issue-message: "Closing as stale due to inactivity. Comment with updated reproduction details to reopen."
+          days-before-issue-stale: 45
+          days-before-issue-close: 14
+          stale-pr-message: "This pull request has been automatically marked stale due to inactivity. It will be closed in 21 days unless there is new activity."
+          close-pr-message: "Closing as stale due to inactivity. Reopen or open a fresh PR if work resumes."
+          days-before-pr-stale: 60
+          days-before-pr-close: 21
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          exempt-issue-labels: "security,pinned,keep-open"
+          exempt-pr-labels: "security,pinned,keep-open"
+          exempt-draft-pr: true
+          remove-stale-when-updated: true
+          operations-per-run: 200

CONTRIBUTING.md

@@ -2,6 +2,14 @@
 
 Thanks for contributing.
 
+## Maintenance Mode Expectations
+
+Nightshift is in maintenance mode as of `v0.2.0` (February 17, 2026).
+
+- Contributions are welcome, especially bug fixes, compatibility fixes, and documentation improvements.
+- Maintainer review is best-effort and may be delayed.
+- There is no guaranteed merge timeline or support SLA.
+
 ## Local Setup
 
 ```bash
@@ -35,6 +43,7 @@ cd plugin && bun run typecheck
 - Include validation notes (tests/checks run).
 - Update docs when behavior or interfaces change.
 - Prefer portable paths and avoid user-specific absolute paths.
+- Include compatibility context when relevant (OpenCode CLI behavior changes, model command changes, etc.).
 
 ## Branch Naming
 

README.md

@@ -5,6 +5,22 @@ Nightshift is an overnight autonomous research agent designed for **OpenCode**.
 [![npm version](https://img.shields.io/npm/v/nightshift-plugin.svg)](https://www.npmjs.com/package/nightshift-plugin)
 [![Python version](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
 
+## Project Status
+
+Nightshift is currently in **maintenance mode**.
+
+- This repository is stable for community use, forks, and experimentation.
+- New feature development is not on an active roadmap.
+- Issue triage and PR review are best-effort with no guaranteed response SLA.
+
+## Compatibility Notes
+
+`v0.2.0` (released February 17, 2026) is the baseline community release.
+
+- Validated against the OpenCode CLI integration surface used by Nightshift (`opencode models` and `opencode run`) as of this release date.
+- Future OpenCode CLI changes may require community patches.
+- For setup verification, run `nightshift doctor` and `nightshift start . --dry-run` before full runs.
+
 ## Features
 
 - **Autonomous Research**: Deep dives into codebases without manual intervention.

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+Nightshift is in maintenance mode and currently supports:
+
+- `0.2.x` (best-effort fixes)
+
+Older versions are considered unsupported.
+
+## Reporting A Vulnerability
+
+Please report vulnerabilities privately through GitHub Security Advisories:
+
+- https://github.com/im-sham/nightshift/security/advisories/new
+
+Do not open public GitHub issues for unpatched vulnerabilities.
+
+## Response Expectations
+
+- Triage is best-effort (no guaranteed SLA).
+- If validated, fixes may be released directly on `main` or through the next tagged patch/minor release.
+- You may be asked to help validate fixes across your environment and OpenCode version.