Docs/privacy-guidance

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,3 +1,43 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "Bug: [short description]"
+labels: bug
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '...'
+3. See error
+
+**Expected behavior**
+What you expected to happen.
+
+**Screenshots/Logs**
+If applicable, add screenshots and relevant logs (attach files or inline snippets).
+
+**Environment**
+
+- OS: (e.g., Windows 10)
+- Version: (release or commit)
+- Build configuration: Debug/Release
+
+**Severity**
+
+- [ ] Low
+- [ ] Medium
+- [ ] High
+
+**Checklist**
+
+- [ ] I reproduced this with the latest `master` branch
+- [ ] I included logs and reproduction steps
+
 ---
 name: Bug report
 about: Create a report to help us improve
@@ -12,6 +52,7 @@ A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
+
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
@@ -24,5 +65,6 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 
 **Desktop (please complete the following information):**
- - Windows Build: 
- - ViVeTool-GUI Version:
+
+- Windows Build:
+- ViVeTool-GUI Version:

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,3 +1,29 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "Feature: [short description]"
+labels: enhancement
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is.
+
+**Describe the solution you'd like**
+Describe the preferred solution and why it helps.
+
+**Alternatives considered**
+List other solutions or features you considered.
+
+**Acceptance criteria**
+
+- Clear description of when this is done
+- Backwards compatibility notes
+
+**Checklist**
+
+- [ ] I discussed this in an issue or RFC
+- [ ] I can provide tests or a prototype
+
 ---
 name: Feature request
 about: Suggest an idea for this project

.github/ISSUE_TEMPLATE/general_request.md

@@ -0,0 +1,20 @@
+---
+name: General request
+about: General question, documentation change, or other non-bug/feature request
+title: "Request: [short description]"
+labels: question
+---
+
+**Summary**
+Describe the request or question.
+
+**Context**
+Why is this change needed? Who will benefit?
+
+**Proposed resolution**
+What would satisfy this request?
+
+**Checklist**
+
+- [ ] I searched existing issues
+- [ ] I included sufficient context and examples

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,30 @@
+<!-- Provide a short description of the change and the motivation. -->
+
+## Description
+
+What does this change do? Include references to related issues.
+
+## Type of change
+
+- Bug fix
+- New feature
+- Documentation update
+- Other
+
+## Testing & Checklist
+
+- [ ] `dotnet build` passes for `ViVeTool-GUI.Wpf`
+- [ ] Manual WPF smoke test completed (start app, open main UI, exercise primary flows)
+- [ ] Updated/added unit tests (if applicable)
+- [ ] Docs updated (README / CONTRIBUTING / SECURITY)
+- [ ] CI green
+
+## How to test
+
+Provide steps to reproduce and test the change locally.
+
+## Screenshots (if applicable)
+
+## Notes
+
+Add any additional notes for reviewers.

.github/SECURITY_REPORT_TEMPLATE.md

@@ -0,0 +1,40 @@
+Subject: [SECURITY] <short title> — ViVeTool-GUI
+
+Hello maintainers,
+
+I would like to report a potential security vulnerability in ViVeTool-GUI.
+
+Summary:
+
+- A short summary of the issue and affected components.
+
+Affected versions:
+
+- e.g., commit hash / tag / version / branch
+
+Steps to reproduce (minimal and safe):
+
+1. ...
+2. ...
+
+Impact:
+
+- Describe the impact (data exposure, privilege escalation, crash, etc.)
+
+Mitigation suggestions (if any):
+
+- Short guidance or mitigation ideas.
+
+Contact & disclosure preferences:
+
+- Preferred contact method: Use GitHub Security Advisory (<https://github.com/PeterStrick/ViVeTool-GUI/security/advisories>) for private reports. No direct email is provided.
+- Disclosure timeline or embargo request (if any)
+
+Attachments:
+
+- Logs, PoC (only if necessary — sensitive information should be shared securely)
+
+Thank you — please acknowledge receipt.
+
+Regards,
+<reporter name>

.github/workflows/publish-feature-list.yml

@@ -0,0 +1,157 @@
+name: Publish Feature List
+
+on:
+  workflow_dispatch:
+    inputs:
+      build:
+        description: 'Windows build number'
+        required: true
+        type: string
+      artifact_url:
+        description: 'URL to download the artifact from'
+        required: false
+        type: string
+      artifact_path:
+        description: 'Path to the artifact in the repository'
+        required: false
+        type: string
+      format:
+        description: 'Output format (csv or json)'
+        required: true
+        default: 'csv'
+        type: choice
+        options:
+          - csv
+          - json
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.FEED_PUBLISH_TOKEN || github.token }}
+          fetch-depth: 0
+
+      - name: Validate inputs
+        run: |
+          if [ -z "${{ inputs.build }}" ]; then
+            echo "Error: Build number is required"
+            exit 1
+          fi
+
+          if [ -z "${{ inputs.artifact_url }}" ] && [ -z "${{ inputs.artifact_path }}" ]; then
+            echo "Error: Either artifact_url or artifact_path must be provided"
+            exit 1
+          fi
+
+          echo "Build: ${{ inputs.build }}"
+          echo "Format: ${{ inputs.format }}"
+          echo "Artifact URL: ${{ inputs.artifact_url }}"
+          echo "Artifact Path: ${{ inputs.artifact_path }}"
+
+      - name: Create features directory
+        run: |
+          mkdir -p features/${{ inputs.build }}
+
+      - name: Download artifact from URL
+        if: ${{ inputs.artifact_url != '' }}
+        run: |
+          curl -L -o features/${{ inputs.build }}/features.${{ inputs.format }} "${{ inputs.artifact_url }}"
+          echo "Downloaded artifact from URL to features/${{ inputs.build }}/features.${{ inputs.format }}"
+
+      - name: Copy artifact from path
+        if: ${{ inputs.artifact_path != '' && inputs.artifact_url == '' }}
+        run: |
+          if [ -f "${{ inputs.artifact_path }}" ]; then
+            cp "${{ inputs.artifact_path }}" features/${{ inputs.build }}/features.${{ inputs.format }}
+            echo "Copied artifact from path to features/${{ inputs.build }}/features.${{ inputs.format }}"
+          else
+            echo "Error: Artifact file not found at ${{ inputs.artifact_path }}"
+            exit 1
+          fi
+
+      - name: Verify artifact
+        run: |
+          if [ ! -f "features/${{ inputs.build }}/features.${{ inputs.format }}" ]; then
+            echo "Error: Feature file was not created"
+            exit 1
+          fi
+          echo "Feature file created successfully:"
+          ls -la features/${{ inputs.build }}/
+          echo "File contents preview (first 10 lines):"
+          head -10 features/${{ inputs.build }}/features.${{ inputs.format }}
+
+      - name: Update latest.json
+        run: |
+          # Create or update latest.json
+          LATEST_FILE="latest.json"
+          BUILD="${{ inputs.build }}"
+          TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+          if [ -f "$LATEST_FILE" ]; then
+            # Read existing builds and add new one if not already present
+            EXISTING_BUILDS=$(jq -r '.builds // []' "$LATEST_FILE")
+            HAS_BUILD=$(echo "$EXISTING_BUILDS" | jq --arg b "$BUILD" 'map(select(. == $b)) | length')
+
+            if [ "$HAS_BUILD" = "0" ]; then
+              # Add new build to the list
+              jq --arg b "$BUILD" --arg t "$TIMESTAMP" '.builds = (.builds + [$b] | sort | reverse) | .latestBuild = $b | .lastUpdated = $t' "$LATEST_FILE" > tmp.json && mv tmp.json "$LATEST_FILE"
+            else
+              # Just update latestBuild if this is a newer build
+              jq --arg b "$BUILD" --arg t "$TIMESTAMP" '.latestBuild = $b | .lastUpdated = $t' "$LATEST_FILE" > tmp.json && mv tmp.json "$LATEST_FILE"
+            fi
+          else
+            # Create new latest.json
+            echo "{\"latestBuild\": \"$BUILD\", \"builds\": [\"$BUILD\"], \"lastUpdated\": \"$TIMESTAMP\"}" | jq '.' > "$LATEST_FILE"
+          fi
+
+          echo "Updated latest.json:"
+          cat "$LATEST_FILE"
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          git add .
+          if git diff --staged --quiet; then
+            echo "No changes to commit"
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          else
+            echo "Changes detected"
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Commit and push changes
+        if: steps.check_changes.outputs.has_changes == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+          git commit -m "Add feature list for build ${{ inputs.build }}"
+
+          # Try to push directly to main
+          if git push origin main; then
+            echo "Successfully pushed to main branch"
+          else
+            # If direct push fails, create a PR branch
+            BRANCH_NAME="feed/update-${{ inputs.build }}-$(date +%s)"
+            git checkout -b "$BRANCH_NAME"
+            git push origin "$BRANCH_NAME"
+            echo "Created branch $BRANCH_NAME for PR"
+            echo "Please create a pull request to merge the changes"
+          fi
+
+      - name: Summary
+        run: |
+          echo "## Feature List Published" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **Build:** ${{ inputs.build }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Format:** ${{ inputs.format }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Location:** features/${{ inputs.build }}/features.${{ inputs.format }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The feature list has been added to the repository." >> $GITHUB_STEP_SUMMARY

.github/workflows/securitycodescan.yml

@@ -19,21 +19,43 @@ jobs:
     if: ${{ github.actor != 'dependabot[bot]' }}
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: nuget/setup-nuget@323ab0502cd38fdc493335025a96c8fdb0edc71f
       - uses: microsoft/[email protected]
-
+
+      - name: Install .NET Core 3.1 runtime
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: '3.1.x'
+
       - name: Set up projects for analysis
         uses: security-code-scan/security-code-scan-add-action@2439fb4aaeda4ad590a7c8bde327d159d03875fd
 
-      - name: Restore dependencies	
+      - name: Restore dependencies 
         run: nuget restore
 
       - name: Build
         run: msbuild
 
       - name: Convert sarif for uploading to GitHub
         uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
+        with:
+          sarif_directory: ${{ runner.temp }}/scs-sarif
+
+      - name: Merge sarif results into single file
+        shell: pwsh
+        run: |
+          $sarifDir = Join-Path $env:RUNNER_TEMP "scs-sarif"
+          if (!(Test-Path $sarifDir)) { throw "SARIF directory not found: $sarifDir" }
+
+          $sarifFiles = Get-ChildItem -Path $sarifDir -Filter *.sarif | Select-Object -ExpandProperty FullName
+          if (-not $sarifFiles) { throw "No SARIF files produced for upload." }
+
+          $output = Join-Path $sarifDir "merged.sarif"
+          & "$env:USERPROFILE/.dotnet/tools/sarif" merge $sarifFiles --output $output --merge-runs
 
       - name: Upload sarif
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: ${{ runner.temp }}/scs-sarif/merged.sarif
+          category: securitycodescan