gui.do / barazo-web
Barazo default frontend barazo.forum
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: add README, PR template, and security policy

- Professional README with quick start and tech stack
- PR template with checklist
- Security policy with vulnerability reporting process

Prepares repo for open source contributions

Guido X Jansen a2de5cb3 6bda479e

+287
+69
.github/PULL_REQUEST_TEMPLATE.md
··· 1 + ## Description 2 + 3 + <!-- What does this PR do? Why is it needed? --> 4 + 5 + Closes #<!-- issue number --> 6 + 7 + ## Type of Change 8 + 9 + - [ ] Bug fix (non-breaking change which fixes an issue) 10 + - [ ] New feature (non-breaking change which adds functionality) 11 + - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) 12 + - [ ] Documentation update 13 + - [ ] Refactor (no functional changes) 14 + - [ ] Dependency update 15 + - [ ] CI/CD changes 16 + 17 + ## Testing 18 + 19 + <!-- How was this tested? What scenarios were covered? --> 20 + 21 + - [ ] Unit tests added/updated 22 + - [ ] Integration tests added/updated 23 + - [ ] Manual testing performed 24 + - [ ] Accessibility tested (if UI changes) 25 + - [ ] Tested in staging environment 26 + - [ ] All tests pass locally (`pnpm test`) 27 + 28 + **Test coverage:** <!-- e.g., "Added 5 unit tests, 2 integration tests" --> 29 + 30 + ## Checklist 31 + 32 + - [ ] Code follows conventional commit format 33 + - [ ] Self-review completed (read own diff on GitHub) 34 + - [ ] No TypeScript errors (`pnpm typecheck`) 35 + - [ ] No ESLint warnings (`pnpm lint`) 36 + - [ ] Documentation updated (if applicable) 37 + - [ ] Database migration included (if schema changed) 38 + - [ ] Breaking changes documented below (if applicable) 39 + - [ ] CI checks pass 40 + - [ ] No secrets or credentials in code 41 + 42 + ## Breaking Changes 43 + 44 + <!-- If this is a breaking change, describe: 45 + 1. What breaks? 46 + 2. How should users migrate? 47 + 3. Link to migration guide (if exists) 48 + --> 49 + 50 + **None** / <!-- Describe breaking changes here --> 51 + 52 + ## Screenshots/Logs (if applicable) 53 + 54 + <!-- Add screenshots for UI changes, or logs for backend changes --> 55 + 56 + ## Additional Context 57 + 58 + <!-- Any other information reviewers should know --> 59 + 60 + ## Reviewer Checklist 61 + 62 + <!-- For reviewers - don't fill this out yourself --> 63 + 64 + - [ ] Code quality meets standards 65 + - [ ] Tests are meaningful and cover edge cases 66 + - [ ] Security considerations addressed 67 + - [ ] Performance impact acceptable 68 + - [ ] Accessibility compliant (if UI) 69 + - [ ] Documentation clear and complete
+37
.github/SECURITY.md
··· 1 + # Security Policy 2 + 3 + ## Supported Versions 4 + 5 + | Version | Supported | 6 + | ------- | ------------------ | 7 + | 1.x | :white_check_mark: | 8 + | < 1.0 | :x: | 9 + 10 + ## Reporting a Vulnerability 11 + 12 + **Do not open a public issue for security vulnerabilities.** 13 + 14 + Instead, use GitHub's private vulnerability reporting: 15 + 16 + 1. Go to the repository 17 + 2. Click "Security" tab 18 + 3. Click "Report a vulnerability" 19 + 4. Fill in the details 20 + 21 + Or email: security@atgora.forum (TBD - will be set up in Phase 2) 22 + 23 + We will respond within 72 hours with next steps. 24 + 25 + ## Security Practices 26 + 27 + - All commits must be GPG signed 28 + - Dependencies updated weekly via Dependabot 29 + - CI runs security scans on every PR 30 + - OWASP Top 10 compliance verified 31 + 32 + ## Disclosure Policy 33 + 34 + We follow responsible disclosure: 35 + - 90 days before public disclosure 36 + - Credit given to reporter (if desired) 37 + - CVE assigned when applicable
+181
README.md
··· 1 + # atgora-web 2 + 3 + **Forum frontend for ATgora** 4 + 5 + [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) 6 + [![Next.js](https://img.shields.io/badge/Next.js-16-black)](https://nextjs.org/) 7 + [![React](https://img.shields.io/badge/React-19-blue)](https://react.dev/) 8 + 9 + --- 10 + 11 + ## 🚧 Status: Pre-Alpha Development 12 + 13 + The default frontend for ATgora - community forums built on the AT Protocol. 14 + 15 + **Current phase:** Planning complete, implementation starting Q1 2026 16 + 17 + --- 18 + 19 + ## What is this? 20 + 21 + The atgora-web is the user-facing interface for ATgora forums. It provides: 22 + 23 + - **Forum UI** - Topics, replies, categories, search, profiles 24 + - **Authentication flow** - OAuth with AT Protocol PDS providers 25 + - **Admin panel** - Forum settings, moderation, analytics 26 + - **Responsive design** - Mobile-first, accessible (WCAG 2.2 AA) 27 + - **SEO-optimized** - JSON-LD, OpenGraph, sitemaps 28 + - **Themeable** - Dark/light mode, customizable branding 29 + 30 + **API-first:** Consumes atgora-api REST endpoints. Can be fully replaced with custom frontend. 31 + 32 + --- 33 + 34 + ## Tech Stack 35 + 36 + | Component | Technology | 37 + |-----------|-----------| 38 + | Framework | Next.js 16, React 19 | 39 + | Styling | TailwindCSS, Radix Colors, Flexoki | 40 + | Components | shadcn/ui (admin), custom components | 41 + | Icons | Phosphor Icons | 42 + | Typography | Source Sans 3, Source Code Pro (self-hosted) | 43 + | Syntax Highlighting | Shiki + Flexoki theme | 44 + | Validation | Zod | 45 + | Testing | Vitest, @axe-core/playwright | 46 + | Accessibility | eslint-plugin-jsx-a11y (strict) | 47 + 48 + --- 49 + 50 + ## Key Features (Planned MVP) 51 + 52 + - **Core forum pages** - Homepage, categories, topics, replies, search, profiles 53 + - **Authentication** - AT Protocol OAuth (works with Bluesky, any PDS) 54 + - **Markdown editor** - Rich editing with preview 55 + - **Reactions** - Configurable per forum 56 + - **Admin panel** - Categories, moderation, forum settings, content maturity controls 57 + - **Accessibility** - WCAG 2.2 AA compliant, keyboard navigation, screen reader tested 58 + - **SEO** - Server-side rendering, JSON-LD, sitemap generation 59 + - **Dark mode** - Manual toggle, respects system preference 60 + 61 + --- 62 + 63 + ## Prerequisites 64 + 65 + - Node.js 24 LTS 66 + - pnpm 67 + - atgora-api running (see [atgora-api](https://github.com/atgora-forum/atgora-api)) 68 + 69 + --- 70 + 71 + ## Quick Start 72 + 73 + **Clone and install:** 74 + ```bash 75 + git clone https://github.com/atgora-forum/atgora-web.git 76 + cd atgora-web 77 + pnpm install 78 + ``` 79 + 80 + **Configure environment:** 81 + ```bash 82 + cp .env.example .env.local 83 + # Set NEXT_PUBLIC_API_URL to your atgora-api instance 84 + ``` 85 + 86 + **Run development server:** 87 + ```bash 88 + pnpm dev 89 + ``` 90 + 91 + Open [http://localhost:3001](http://localhost:3001) 92 + 93 + **Run tests:** 94 + ```bash 95 + pnpm test 96 + pnpm lint 97 + pnpm typecheck 98 + ``` 99 + 100 + --- 101 + 102 + ## Development 103 + 104 + See [CONTRIBUTING.md](../CONTRIBUTING.md) for full guidelines. 105 + 106 + **Accessibility requirements:** 107 + - Semantic HTML (`<button>`, not `<div onClick>`) 108 + - Keyboard navigable (test with Tab key only) 109 + - ARIA attributes where needed 110 + - Visible focus indicators 111 + - vitest-axe tests for all components 112 + - Minimum Lighthouse accessibility score: 95 113 + 114 + **SEO requirements:** 115 + - JSON-LD structured data on all page types 116 + - OpenGraph + Twitter Cards 117 + - Canonical URLs 118 + - Sitemaps 119 + 120 + --- 121 + 122 + ## Deployment 123 + 124 + **Production deployment via Docker:** 125 + ```bash 126 + docker pull ghcr.io/atgora-forum/atgora-web:latest 127 + ``` 128 + 129 + See [atgora-deploy](https://github.com/atgora-forum/atgora-deploy) for full deployment templates. 130 + 131 + --- 132 + 133 + ## Customization 134 + 135 + ATgora forums can be customized: 136 + 137 + **Easy (admin panel):** 138 + - Forum name, description, logo 139 + - Color scheme (primary color picker) 140 + - Reaction set configuration 141 + 142 + **Advanced (code):** 143 + - Fork this repo 144 + - Modify components, styles 145 + - Deploy custom frontend 146 + - Still consumes atgora-api endpoints 147 + 148 + --- 149 + 150 + ## Documentation 151 + 152 + - **User Guides:** [atgora.forum/docs](https://atgora.forum/docs) (coming soon) 153 + - **PRD:** [docs/prd.md](docs/prd.md) 154 + 155 + --- 156 + 157 + ## License 158 + 159 + **MIT** - Encourages customization and theming. Forum admins can modify freely. 160 + 161 + See [LICENSE](LICENSE) for full terms. 162 + 163 + --- 164 + 165 + ## Related Repositories 166 + 167 + - **[atgora-api](https://github.com/atgora-forum/atgora-api)** - Backend API (AGPL-3.0) 168 + - **[atgora-lexicons](https://github.com/atgora-forum/atgora-lexicons)** - AT Protocol schemas 169 + - **[atgora-deploy](https://github.com/atgora-forum/atgora-deploy)** - Deployment templates 170 + 171 + --- 172 + 173 + ## Community 174 + 175 + - 🌐 **Website:** [atgora.forum](https://atgora.forum) (coming soon) 176 + - 💬 **Discussions:** [GitHub Discussions](https://github.com/orgs/atgora-forum/discussions) 177 + - 🐛 **Issues:** [Report bugs](https://github.com/atgora-forum/atgora-web/issues) 178 + 179 + --- 180 + 181 + © 2026 ATgora. Licensed under MIT.