docs: community health files

[piotrzajac]

Summary

Add SECURITY.md, CODE_OF_CONDUCT.md, and .github/CODEOWNERS to complete
the GitHub community health checklist.

Summary by CodeRabbit

• Documentation
  • Added Code of Conduct establishing community participation standards, acceptable behaviors, and enforcement responsibilities
  • Added Security Policy documenting vulnerability reporting procedures and security update timelines for supported versions

Checklist

• Commit messages follow Conventional Commits (type(scope): description)
• dotnet build src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes with no warnings
• dotnet test src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes on all framework slices
• Code coverage remains at least at the level prior the change (verified by Codecov)
• Mutation score remains at least at the level prior the change (verified by Stryker)
• New tests follow the GIVEN/WHEN/THEN naming convention and AAA structure (see AGENTS.md)
• No new [SuppressMessage] without a justification comment
• No // TODO: comments added — open a GitHub issue instead
• No new dependencies introduced that are incompatible with the MIT license (verified by FOSSA)

[coderabbitai]

Warning

Rate limit exceeded

@piotrzajac has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 45 minutes and 10 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 45 minutes and 10 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7ee966d5-bf7c-469f-94e4-49d618fabdc0

📥 Commits

Reviewing files that changed from the base of the PR and between 0b5ff69 and b750bd1.

📒 Files selected for processing (3)

• .backlog/completed/task-5 - Add-SECURITY.md.md
• .backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md
• .backlog/completed/task-7 - Add-CODEOWNERS-file.md

📝 Walkthrough

Walkthrough

This PR completes three backlog tasks by marking them as Done and assigning them to contributors, while simultaneously implementing their deliverables: adding CODE_OF_CONDUCT.md, SECURITY.md, and updating the CODEOWNERS file to establish repository governance and security policies.

Changes

Cohort / File(s)	Summary
Backlog task completion .backlog/completed/task-5 - Add-SECURITY.md.md, .backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md, .backlog/completed/task-7 - Add-CODEOWNERS-file.md	Updated task metadata by changing status from To Do to Done and populating assignee list with claude and piotrzajac.
Repository governance documentation CODE_OF_CONDUCT.md, SECURITY.md	Added two new documentation files: CODE_OF_CONDUCT.md establishes Contributor Covenant-based conduct guidelines with pledge, behaviors, enforcement scope, and reporting flow; SECURITY.md defines the security policy with version support table, vulnerability reporting instructions via GitHub's private disclosure flow, and response timelines (14-day acknowledgement, 90-day fix target).
CODEOWNERS configuration .github/CODEOWNERS	Added a rule assigning ownership of all files (*) to user piotrzajac.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Possibly related PRs

• chore(ai): CodeRabbit config #308: Updates backlog markdown front-matter with same status/assignee pattern and adds related repository configuration files.
• Backlog setup #301: Directly related task completion that finalizes the backlog items and delivers the CODEOWNERS, CODE_OF_CONDUCT.md, and SECURITY.md files referenced in the backlog setup.

Suggested labels

enhancement

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: community health files' clearly and concisely describes the main change: adding documentation files for GitHub community health.
Description check	✅ Passed	The description follows the template structure, explains the purpose (adding SECURITY.md, CODE_OF_CONDUCT.md, and CODEOWNERS), completes the full checklist, and provides adequate context for the changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/community-health-files

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/CODEOWNERS (1)

1-1: Consider adding a secondary default owner to reduce review bottlenecks.

Line 1 defines a valid default owner, but having only one owner is a single point of failure for review routing.

♻️ Suggested update

-* `@piotrzajac`
+* `@piotrzajac` `@Accenture/`<team-name>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/CODEOWNERS at line 1, The CODEOWNERS entry "* `@piotrzajac`" creates a
single point of failure for default reviews; update that default owner line to
include a secondary owner (for example by changing "* `@piotrzajac`" to "*
`@piotrzajac` `@backupUser`" or "@team-name") so PRs route to two reviewers by
default and reduce review bottlenecks while keeping the existing primary owner.

SECURITY.md (1)

16-23: Consider a fallback private reporting channel (email).

Lines 16-23 depend entirely on GitHub private advisories; adding a security email fallback improves accessibility for reporters who can’t use that flow.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@SECURITY.md` around lines 16 - 23, Add a fallback private reporting channel
to SECURITY.md alongside the GitHub private advisory instructions by inserting a
monitored security contact email (e.g., security@yourdomain.com) and optional
instructions for encrypted reports (PGP key/fingerprint) so reporters who cannot
use GitHub can still submit sensitive details; update the paragraph that
currently references only the Security tab to mention the email as an
alternative and include a short note that submissions to that address will be
handled privately by the maintainers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CODE_OF_CONDUCT.md`:
- Around line 43-44: Add a direct maintainer email address to the Code of
Conduct contact line that currently names "Piotr Zajac ([`@piotrzajac`])" so
reports can be submitted privately; update the line in CODE_OF_CONDUCT.md that
references Piotr Zajac/[`@piotrzajac`] to include a contact email (e.g., "or email
piotr@example.com") and ensure the wording preserves the GitHub contact while
providing the private email for reporting.

---

Nitpick comments:
In @.github/CODEOWNERS:
- Line 1: The CODEOWNERS entry "* `@piotrzajac`" creates a single point of failure
for default reviews; update that default owner line to include a secondary owner
(for example by changing "* `@piotrzajac`" to "* `@piotrzajac` `@backupUser`" or
"@team-name") so PRs route to two reviewers by default and reduce review
bottlenecks while keeping the existing primary owner.

In `@SECURITY.md`:
- Around line 16-23: Add a fallback private reporting channel to SECURITY.md
alongside the GitHub private advisory instructions by inserting a monitored
security contact email (e.g., security@yourdomain.com) and optional instructions
for encrypted reports (PGP key/fingerprint) so reporters who cannot use GitHub
can still submit sensitive details; update the paragraph that currently
references only the Security tab to mention the email as an alternative and
include a short note that submissions to that address will be handled privately
by the maintainers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 33eeac36-3d08-4003-af4b-1b01aefbc4cd

📥 Commits

Reviewing files that changed from the base of the PR and between 4e4f3dd and 0b5ff69.

📒 Files selected for processing (6)

• .backlog/completed/task-5 - Add-SECURITY.md.md
• .backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md
• .backlog/completed/task-7 - Add-CODEOWNERS-file.md
• .github/CODEOWNERS
• CODE_OF_CONDUCT.md
• SECURITY.md