community: open-source health files, LLM discovery, and SEO improvements

[ajitpratap0]

Summary

This PR adds the full open-source community health scaffold and makes the project significantly more discoverable by LLMs, search engines, and potential contributors.

LLM & SEO Discovery

• llms.txt — structured LLM discovery file following the llmstxt.org spec; gives AI crawlers a clean, machine-readable overview of the project, API surface, doc links, and capabilities
• Repository description and 20 topics were already updated via GitHub API (see v1.9.0 work); this PR completes the written artifacts

Community Health Files

• CODE_OF_CONDUCT.md — Contributor Covenant 2.1 (industry standard)
• SUPPORT.md — support channels, response-time expectations, and supported-versions table
• GOVERNANCE.md — project roles (users → contributors → committers → maintainers), decision-making process, release flow, and conflict resolution
• CODEOWNERS — auto-assigns @ajitpratap0 for reviews on all core paths (parser, security, CLI, public API, release infrastructure, community files)

GitHub Automation

• .github/FUNDING.yml — enables the GitHub Sponsors button on the repository
• .github/labeler.yml — 14 label-mapping rules (parser, tokenizer, ast, security, linter, lsp, cli, docs, performance, dialects, ci-cd, python, wasm, transform)
• .github/stale.yml — stale policy config (60 days → stale, 14 days → close; exempt: security, P0, P1, bug, good first issue, help wanted)
• .github/workflows/labeler.yml — triggers actions/labeler@v5 on pull_request_target to auto-apply labels
• .github/workflows/stale.yml — runs actions/stale@v9 on a daily schedule

Issue & Discussion Templates

• .github/ISSUE_TEMPLATE/config.yml — blank issues disabled; 4 contact links (Q&A Discussions, Ideas Discussions, pkg.go.dev, private security advisories)
• .github/ISSUE_TEMPLATE/documentation.md — structured docs-improvement template
• .github/DISCUSSION_TEMPLATE/q-and-a.md — structured Q&A template
• .github/DISCUSSION_TEMPLATE/ideas.md — feature proposal template with API sketch section
• .github/DISCUSSION_TEMPLATE/show-and-tell.md — community showcase template

README Enhancements

• Community Health badge row (Contributor Covenant, Contributing, Governance, Support, Good First Issues live count)
• Enhanced Get Help table with Docs Issues, Q&A, Ideas, Show & Tell channels
• Good First Issues and Help Wanted buttons in the Contributors section

Labels Created (GitHub API)

stale, tokenizer, ast, wasm, showcase — filling gaps required by labeler and discussion templates

Test plan

• CI passes (no Go code changed — only markdown/yaml)
• actions/labeler workflow appears in Actions tab after merge
• actions/stale workflow appears in Actions tab after merge
• Issue template chooser shows the new Documentation template
• Discussions → New shows the three structured templates
• FUNDING.yml shows Sponsor button on repo homepage

🤖 Generated with Claude Code

[claude]

Claude finished @ajitpratap0's task —— View job

---

PR Review: Community Health & LLM Discovery Improvements

This is an excellent comprehensive addition of community health files and automation. Here's my detailed analysis:

✅ Strengths - Well-Executed Community Scaffold

Community Health Files - High Quality

• CODE_OF_CONDUCT.md: Proper Contributor Covenant 2.1 with customized enforcement channels (security advisories) ✅
• SUPPORT.md: Comprehensive support matrix with realistic response times and clear escalation paths ✅
• GOVERNANCE.md: Well-structured progression (User→Contributor→Committer→Maintainer) with clear decision processes ✅
• CODEOWNERS: Comprehensive coverage with security-sensitive paths properly protected ✅

GitHub Automation - Secure & Well-Configured

• Labeler workflow: Uses pull_request_target correctly with contents: read minimal permissions ✅
• Stale bot: Reasonable 60-day stale + 14-day close policy with proper exemptions for critical labels ✅
• Label mapping: Excellent coverage across 14 areas (parser, tokenizer, ast, security, etc.) ✅

Templates & Discovery

• Issue templates: Well-structured with proper field validation and security advisory routing ✅
• Discussion templates: Clear separation of Q&A, Ideas, and Show & Tell ✅
• llms.txt: Outstanding LLM discovery file - comprehensive API surface, proper links, current version info ✅

⚠️ Minor Issues & Recommendations

1. Stale Bot Configuration Discrepancy

Issue: .github/stale.yml (config file) and .github/workflows/stale.yml (workflow) have different configurations.

Workflow file:

days-before-stale: 60
days-before-close: 14
exempt-issue-labels: 'pinned,security,P0,P1,bug,good first issue,help wanted'

Config file:

daysUntilStale: 60
daysUntilClose: 14
exemptLabels: [pinned, security, P0, P1, bug, good first issue, help wanted]

Recommendation: The GitHub Actions actions/stale@v9 uses workflow parameters, so the .github/stale.yml config file is redundant and should be removed to avoid confusion.

2. Security Advisory URL Consistency

The CODE_OF_CONDUCT.md uses a different security advisory URL pattern than other files:

• CODE_OF_CONDUCT: https://github.com/ajitpratap0/GoSQLX/security/advisories/new
• SUPPORT.md: References SECURITY.md file
• config.yml: Uses the same URL as CODE_OF_CONDUCT

Recommendation: Ensure SECURITY.md exists or update references consistently.

3. FUNDING.yml Minor Enhancement

Current: github: [ajitpratap0]
Recommendation: Consider adding other funding platforms if applicable (Open Collective, Ko-fi, etc.)

✅ Security Assessment - No Concerns

• Workflow permissions: Minimal necessary permissions (contents: read, pull-requests: write) ✅
• No code injection vectors: All workflows use pinned actions with secure practices ✅
• Stale bot configuration: Proper exemptions prevent important issues from being auto-closed ✅
• CODEOWNERS: Security-sensitive paths correctly protected ✅

✅ README.md Changes - Excellent

The README updates significantly improve discoverability:

• Community Health badge row with live Good First Issues counter ✅
• Enhanced "Get Help" table with specific discussion categories ✅
• Direct links to Q&A, Ideas, Show & Tell, and documentation issues ✅
• Improved contributor onboarding with Good First Issues and Help Wanted buttons ✅

📋 Final Assessment

Overall Quality: Excellent (95/100)

This PR represents a substantial improvement to the project's community infrastructure. The implementation follows GitHub best practices, uses industry-standard templates, and creates a welcoming environment for new contributors. The automation is secure and well-configured.

Recommendation: Approve with minor cleanup - address the stale bot config redundancy, but the PR is ready to merge as-is.

🎯 Impact

This PR will significantly improve:

• Contributor onboarding - Clear paths from user to committer
• Issue management - Automated labeling and stale cleanup
• LLM discovery - Structured metadata for AI crawlers
• Community engagement - Templates encourage quality submissions
• Maintainer workflow - CODEOWNERS ensures proper review coverage

Excellent work on this comprehensive community health implementation! 🚀

---

Review Tasks

• Review community health files (CODE_OF_CONDUCT.md, SUPPORT.md, GOVERNANCE.md)
• Review GitHub automation files (.github/workflows/, .github/labeler.yml, .github/stale.yml)
• Review issue and discussion templates
• Review CODEOWNERS file
• Review llms.txt structure and content
• Review README.md changes
• Check for security concerns
• Validate YAML syntax and best practices
• Provide final assessment and recommendations

[claude]

Claude finished @ajitpratap0's task —— View job

---

PR Review: Community Health & LLM Discovery

I've completed a comprehensive code review of this PR focusing on quality, best practices, security, and potential issues.

Review Tasks

• Analyze community health files (CODE_OF_CONDUCT.md, SUPPORT.md, GOVERNANCE.md)
• Review GitHub automation workflows and configurations
• Check issue and discussion templates
• Examine CODEOWNERS and security implications
• Review llms.txt structure and compliance
• Analyze README.md changes
• Validate YAML syntax and best practices
• Assess security concerns in workflows
• Provide comprehensive feedback and recommendations

---

🎯 Overall Assessment: Excellent (95/100)

This PR represents a substantial improvement to the project's community infrastructure and discoverability. The implementation follows GitHub best practices and industry standards throughout.

✅ Strengths - Outstanding Implementation

Community Health Files

• CODE_OF_CONDUCT.md: Perfect Contributor Covenant 2.1 with custom security advisory enforcement
• SUPPORT.md: Comprehensive support matrix with realistic response times (1-3 days bugs, 48hrs security)
• GOVERNANCE.md: Well-structured role progression with clear decision-making processes
• 14-day notice for breaking changes - excellent for production stability

GitHub Automation - Secure & Well-Configured

• Labeler workflow: Uses pull_request_target correctly with minimal permissions (contents: read, pull-requests: write)
• Stale bot: Reasonable 60-day stale + 14-day close policy with proper exemptions
• YAML syntax: All files are properly formatted and follow best practices
• Security: No code injection vectors, proper action pinning (@v5, @v9)

Templates & Discovery

• Issue templates: Blank issues disabled, structured validation, security routing
• Discussion templates: Clear separation of Q&A, Ideas, Show & Tell
• llms.txt: Outstanding LLM discovery file following llmstxt.org spec perfectly
  • Comprehensive API coverage (8 core packages)
  • Current version info (v1.9.0)
  • 25+ documentation guides matrix
  • Performance metrics (1.5M+ ops/sec)

README.md Enhancements

• Community Health badge row with live Good First Issues counter
• Enhanced "Get Help" table with specific discussion categories
• Improved contributor onboarding with clear paths

⚠️ Minor Issues & Recommendations

1. Configuration File Redundancy

Issue: Both .github/stale.yml (config file) and .github/workflows/stale.yml (workflow) exist with overlapping configurations.

Recommendation: Remove .github/stale.yml as actions/stale@v9 uses workflow parameters, making the config file redundant.

2. Security Advisory URL Consistency

Minor: CODE_OF_CONDUCT.md references security advisories, but SUPPORT.md references SECURITY.md. Ensure consistency.

3. Labeler Configuration Enhancement

Suggestion: Consider adding glob patterns for test files:

tests:
  - changed-files:
    - any-glob-to-any-file:
      - '**/*_test.go'
      - 'test/**'

🔒 Security Assessment - No Concerns

• ✅ Workflow permissions minimized to necessary scope
• ✅ Actions properly pinned to specific versions
• ✅ No code injection vectors in templates or workflows
• ✅ Security-sensitive paths protected in CODEOWNERS
• ✅ Private security advisory routing configured correctly

🚀 Impact & Benefits

This PR will significantly improve:

• Contributor onboarding - Clear role progression and contribution paths
• Issue management - Automated labeling and stale cleanup
• LLM discovery - Structured metadata for AI crawlers (excellent for Claude Code users!)
• Community engagement - Professional templates encourage quality submissions
• Maintainer workflow - CODEOWNERS ensures proper review coverage

💡 Final Recommendation

Approve and merge. This is exceptional work that transforms GoSQLX into a professionally managed open-source project. The minor issues mentioned are non-blocking and can be addressed in follow-up PRs if desired.

The community health scaffold is comprehensive, the automation is secure, and the LLM discovery implementation is outstanding. This will significantly improve the project's discoverability and contributor experience.

Excellent work on this comprehensive community health implementation! 🚀

---

[claude]

Claude finished @ajitpratap0's task —— View job

---

PR Review: Community Health & LLM Discovery

I've completed a comprehensive code review of this PR focusing on quality, best practices, security, and potential issues.

Review Tasks

• Analyze community health files (CODE_OF_CONDUCT.md, SUPPORT.md, GOVERNANCE.md)
• Review GitHub automation workflows and configurations
• Check issue and discussion templates
• Examine CODEOWNERS and security implications
• Review llms.txt structure and compliance
• Analyze README.md changes
• Validate YAML syntax and best practices
• Assess security concerns in workflows
• Provide comprehensive feedback and recommendations

---

🎯 Overall Assessment: Excellent (95/100)

This PR represents a substantial improvement to the project's community infrastructure and discoverability. The implementation follows GitHub best practices and industry standards throughout.

✅ Strengths - Outstanding Implementation

Community Health Files

• CODE_OF_CONDUCT.md: Perfect Contributor Covenant 2.1 with custom security advisory enforcement
• SUPPORT.md: Comprehensive support matrix with realistic response times (1-3 days bugs, 48hrs security)
• GOVERNANCE.md: Well-structured role progression with clear decision-making processes
• 14-day notice for breaking changes - excellent for production stability

GitHub Automation - Secure & Well-Configured

• Labeler workflow: Uses pull_request_target correctly with minimal permissions (contents: read, pull-requests: write)
• Stale bot: Reasonable 60-day stale + 14-day close policy with proper exemptions
• YAML syntax: All files are properly formatted and follow best practices
• Security: No code injection vectors, proper action pinning (@v5, @v9)

Templates & Discovery

• Issue templates: Blank issues disabled, structured validation, security routing
• Discussion templates: Clear separation of Q&A, Ideas, Show & Tell
• llms.txt: Outstanding LLM discovery file following llmstxt.org spec perfectly
  • Comprehensive API coverage (8 core packages)
  • Current version info (v1.9.0)
  • 25+ documentation guides matrix
  • Performance metrics (1.5M+ ops/sec)

README.md Enhancements

• Community Health badge row with live Good First Issues counter
• Enhanced "Get Help" table with specific discussion categories
• Improved contributor onboarding with clear paths

⚠️ Minor Issues & Recommendations

1. Configuration File Redundancy

Issue: Both .github/stale.yml (config file) and .github/workflows/stale.yml (workflow) exist with overlapping configurations.

Recommendation: Remove .github/stale.yml as actions/stale@v9 uses workflow parameters, making the config file redundant.

2. Security Advisory URL Consistency

Minor: CODE_OF_CONDUCT.md references security advisories, but SUPPORT.md references SECURITY.md. Ensure consistency.

3. Labeler Configuration Enhancement

Suggestion: Consider adding glob patterns for test files:

tests:
  - changed-files:
    - any-glob-to-any-file:
      - '**/*_test.go'
      - 'test/**'

🔒 Security Assessment - No Concerns

• ✅ Workflow permissions minimized to necessary scope
• ✅ Actions properly pinned to specific versions
• ✅ No code injection vectors in templates or workflows
• ✅ Security-sensitive paths protected in CODEOWNERS
• ✅ Private security advisory routing configured correctly

🚀 Impact & Benefits

This PR will significantly improve:

• Contributor onboarding - Clear role progression and contribution paths
• Issue management - Automated labeling and stale cleanup
• LLM discovery - Structured metadata for AI crawlers (excellent for Claude Code users!)
• Community engagement - Professional templates encourage quality submissions
• Maintainer workflow - CODEOWNERS ensures proper review coverage

💡 Final Recommendation

Approve and merge. This is exceptional work that transforms GoSQLX into a professionally managed open-source project. The minor issues mentioned are non-blocking and can be addressed in follow-up PRs if desired.

The community health scaffold is comprehensive, the automation is secure, and the LLM discovery implementation is outstanding. This will significantly improve the project's discoverability and contributor experience.

Excellent work on this comprehensive community health implementation! 🚀

---