feat: enhance self-dogfooding setup with security and testing improvements

.dockerignore

@@ -0,0 +1,54 @@
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Python cache
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.Python
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+
+# Documentation
+*.md
+docs/
+
+# Tests
+tests/
+test_*.py
+*_test.py
+
+# CI/CD
+.github/
+.pre-commit-config.yaml
+
+# Cache directories
+.mypy_cache/
+.ruff_cache/
+.pytest_cache/
+.coverage
+
+# Development files
+.env*
+!.env.sample
+docker-compose*.yml
+Makefile
+
+# Temporary files
+*.tmp
+*.log

.env.dogfood

@@ -0,0 +1,21 @@
+# GitGuard Self-Dogfooding Configuration
+# Generated on 2025-01-20
+
+# GitHub App Configuration (REQUIRED - set these after creating your GitHub App)
+GITHUB_APP_ID=
+GITHUB_APP_PRIVATE_KEY=
+GITHUB_WEBHOOK_SECRET=
+
+# GitGuard Configuration
+GITGUARD_MODE=report-only
+GITGUARD_LOG_LEVEL=info
+GITGUARD_WEBHOOK_PATH=/webhook/github
+
+# Database Configuration
+POSTGRES_DB=gitguard
+POSTGRES_USER=gitguard
+POSTGRES_PASSWORD=gitguard-dev-1737395000
+
+# Temporal Configuration
+TEMPORAL_HOST=localhost:7233
+TEMPORAL_NAMESPACE=gitguard

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,34 +1,60 @@
 name: Bug report
-description: Report a bug in GitGuard
-title: "[BUG] "
-labels: ["bug", "needs-triage"]
+description: Something isn't working as expected
+labels: [bug, triage]
+assignees: []
 body:
-  - type: textarea
-    id: what-happened
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for helping improve GitGuard! Please fill in the details below.
+  - type: input
+    id: summary
     attributes:
-      label: What happened?
-      description: Describe the bug and expected behavior
+      label: Summary
+      description: One-line description of the bug
+      placeholder: Policy evaluation always returns DENY for valid inputs
     validations:
       required: true
   - type: textarea
-    id: repro
+    id: steps
     attributes:
       label: Steps to reproduce
-      description: Step-by-step reproduction
+      description: Exact steps with minimal repro (commands, sample repo/policy, config)
+      render: bash
       placeholder: |
-        1. Go to '...'
-        2. Run '...'
-        3. See error
+        1. `git clone ...`
+        2. `docker compose -f docker-compose.demo.yml up`
+        3. Call POST /evaluate with payload X
     validations:
       required: true
-  - type: input
-    id: version
+  - type: textarea
+    id: expected
     attributes:
-      label: GitGuard version (tag/commit)
+      label: Expected behavior
     validations:
       required: true
   - type: textarea
+    id: actual
+    attributes:
+      label: Actual behavior and logs
+      render: text
+  - type: input
+    id: version
+    attributes:
+      label: Version / image tag
+      placeholder: e.g., v0.1.0 or ghcr.io/ava-prime/gitguard:0.1.0
+  - type: input
     id: env
     attributes:
       label: Environment
-      description: OS, Python, Docker/K8s, etc.
+      placeholder: OS, Python, Docker version, CI provider
+  - type: checkboxes
+    id: regression
+    attributes:
+      label: Regression?
+      options:
+        - label: This worked in a previous version
+  - type: textarea
+    id: extra
+    attributes:
+      label: Additional context

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability report
+    url: https://github.com/Ava-Prime/gitguard/security/advisories/new
+    about: Please use GitHub Security Advisories for confidential security reports.
+  - name: Questions & discussion
+    url: https://github.com/Ava-Prime/gitguard/discussions
+    about: Ask questions, propose ideas, and chat with maintainers here.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,20 +1,34 @@
 name: Feature request
-description: Propose an enhancement
-title: "[FEAT] "
-labels: ["enhancement", "needs-triage"]
+description: Propose a new capability or improvement
+labels: [enhancement, triage]
+assignees: []
 body:
+  - type: input
+    id: problem
+    attributes:
+      label: Problem statement
+      placeholder: What user need or pain are we solving?
+    validations:
+      required: true
   - type: textarea
-    id: summary
+    id: proposal
     attributes:
-      label: Summary
-      description: What and why?
+      label: Proposed solution
+      placeholder: Describe the UX/API/config, and any alternatives you considered
     validations:
       required: true
+  - type: textarea
+    id: value
+    attributes:
+      label: Value / impact
+      placeholder: Why this matters; who benefits
+  - type: textarea
+    id: scope
+    attributes:
+      label: Scope / non-goals
+      placeholder: What this feature will NOT do
   - type: textarea
     id: acceptance
     attributes:
       label: Acceptance criteria
-      description: Clear pass/fail checks
-      placeholder: |
-        - [ ] ...
-        - [ ] ...
+      placeholder: Checkable outcomes or tests that define "done"

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,37 +1,27 @@
-## 📋 Summary
-<!-- What does this PR do and why? -->
+## Summary
+<!-- What does this change do? Keep it crisp. -->
 
-## 🔄 Change Type
-- [ ] feat: New feature
-- [ ] fix: Bug fix
-- [ ] perf: Performance improvement
-- [ ] refactor: Code refactoring
-- [ ] docs: Documentation
-- [ ] chore: Maintenance
+## Type
+- [ ] feat
+- [ ] fix
+- [ ] docs
+- [ ] chore
+- [ ] refactor
+- [ ] perf
+- [ ] test
 
-## 🛡️ Safety Checklist
-- **Tests**: <!-- added/updated/n/a -->
-- **Migrations**: <!-- yes/no --> (backwards compatible? y/n)
-- **Security**: <!-- threats considered -->
-- **Rollback plan**: <!-- how to revert if needed -->
-- **Graph API**: <!-- endpoints affected/n/a -->
-- **Policy transparency**: <!-- policies updated/n/a -->
-- **Chaos engineering**: <!-- drills affected/n/a -->
-- **SLO monitoring**: <!-- metrics impacted/n/a -->
+## Linked issues
+Fixes #
 
-## 📊 Impact Assessment
-<!-- GitGuard will auto-populate this section -->
-- **Risk Score**: _Calculating..._
-- **Size**: _Analyzing..._
-- **Performance**: _Benchmarking..._
-- **Coverage**: _Computing delta..._
-- **Graph API Health**: _Checking endpoints..._
-- **Policy Transparency**: _Validating policies..._
-- **Chaos Engineering**: _Assessing drill impact..._
-- **SLO Compliance**: _Monitoring metrics..._
+## Release notes (user-facing)
+<!-- Optional: one or two short bullets that should appear in the changelog -->
 
-## 📸 Screenshots/Benchmarks
-<!-- Optional: visual changes or performance results -->
+## Testing
+- [ ] Added/updated tests
+- [ ] Verified demo (Compose) locally
+- [ ] CI green
 
----
-*This PR will be automatically reviewed by GitGuard 🛡️*
+## Quality gates
+- [ ] `ruff` / `mypy` clean
+- [ ] No secrets added; licenses respected
+- [ ] Policy cookbook updated (if applicable)

.github/dependabot.yml

@@ -23,8 +23,8 @@ updates:
       observability:
         patterns: ["prometheus-client", "structlog*"]
         update-types: ["minor", "patch"]
+  # Python deps for Guard Codex
 
-  # Python deps for Guard Codex (adjust/remove if not present)
   - package-ecosystem: "pip"
     directory: "/apps/guard-codex"
     schedule: