Docs: add retro docs website, security policy, and automated hall-of-fame workflows

2026-05-26 11:35:51 +00:00 · 2026-04-06 23:42:40 +05:30
parent ac6fb95648
commit c875852ec8
12 changed files with 524 additions and 0 deletions
@@ -0,0 +1,36 @@
+name: Security Report (Public Placeholder)
+description: Use this only if private advisory reporting is unavailable.
+title: "[Security]: "
+labels: ["security"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        For sensitive vulnerabilities, please use GitHub Security Advisories for private disclosure.
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: Short description of the issue.
+      placeholder: Describe the vulnerability.
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Reproduction Steps
+      description: Exact steps to reproduce.
+      placeholder: 1. Do this... 2. Do that...
+    validations:
+      required: true
+
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: What can an attacker do?
+      placeholder: Impact details.
+    validations:
+      required: true
@@ -0,0 +1,41 @@
+name: Deploy Docs Website
+
+on:
+  push:
+    branches: ["main"]
+    paths:
+      - "website/**"
+      - ".github/workflows/deploy-website.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: "website"
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
@@ -0,0 +1,36 @@
+name: Publish PyPI (Auto)
+
+on:
+  push:
+    tags:
+      - "v*"
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install build tooling
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: |
+          python -m twine upload dist/* --skip-existing --verbose
@@ -0,0 +1,60 @@
+name: Update Hall of Fame
+
+on:
+  push:
+    branches: ["main"]
+    paths-ignore:
+      - "website/data/contributors.json"
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  update-contributors:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Build contributor data from GitHub API
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+            const perPage = 100;
+            const contributors = await github.paginate(
+              github.rest.repos.listContributors,
+              { owner, repo, per_page: perPage }
+            );
+
+            const mapped = contributors
+              .filter(c => c.type === 'User')
+              .map(c => ({
+                login: c.login,
+                profile: c.html_url,
+                contributions: c.contributions
+              }))
+              .sort((a, b) => b.contributions - a.contributions);
+
+            const fs = require('fs');
+            fs.writeFileSync(
+              'website/data/contributors.json',
+              JSON.stringify(mapped, null, 2) + '\n'
+            );
+
+      - name: Commit updates
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          if git diff --quiet; then
+            echo "No contributor changes"
+          else
+            git add website/data/contributors.json
+            git commit -m "chore: update hall of fame contributors"
+            git push
+          fi
@@ -39,6 +39,14 @@ ExecuTrace is a Python library and CLI tool that captures developer workflows an
 - Document complex workflows reliably
 - Ensure consistent deployments

+## Documentation Website
+
+The full open source docs website (retro 70s style) lives in `website/` and can be deployed with GitHub Pages.
+
+- Source: `website/index.html`
+- Hall of Fame data: `website/data/contributors.json`
+- Security Hall of Fame data: `website/data/security_hof.json`
+
 ---

 ## Installation
@@ -79,3 +87,8 @@ exectrace replay my-workflow --explain

 MIT License - See [LICENSE](LICENSE) for details.

+## Security
+
+- Policy: [SECURITY.md](SECURITY.md)
+- Advisory process: [SECURITY_ADVISORY.md](SECURITY_ADVISORY.md)
+
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+We currently support security updates for the latest stable release on PyPI:
+
+- `exectrace-workflow` latest version
+
+## Reporting a Vulnerability
+
+Please do **not** open a public issue for security bugs.
+
+Use one of these methods:
+
+1. GitHub Security Advisories (preferred):
+   - Go to Security tab in the repository
+   - Click Advisories
+   - Start a private vulnerability report
+2. If advisories are unavailable, open a private report via repository maintainers.
+
+## Disclosure Timeline
+
+1. We acknowledge reports within 72 hours.
+2. We validate and reproduce the issue.
+3. We prepare a fix and release patch.
+4. We publish an advisory with credit (if requested).
+
+## Hall of Fame
+
+Responsible reporters are credited on the project website under Security Hall of Fame after a fix is shipped.
@@ -0,0 +1,36 @@
+# Security Advisory Process
+
+This document defines how ExecuTrace handles vulnerability advisories.
+
+## Advisory Workflow
+
+1. Receive private report
+2. Triaging and severity assessment
+3. Patch development and review
+4. Coordinated release
+5. Public advisory publication and attribution
+
+## Severity Guide
+
+- Critical: Remote execution, full compromise
+- High: Privilege escalation, data exposure
+- Medium: Significant abuse with constraints
+- Low: Limited impact
+
+## Attribution
+
+Contributors and researchers who responsibly disclose verified vulnerabilities are added to:
+
+- `website/data/security_hof.json`
+- website Security Hall of Fame section
+
+## Advisory Template
+
+- Title
+- Affected versions
+- CVSS/severity
+- Technical summary
+- Reproduction
+- Mitigation
+- Fixed version
+- Credits
@@ -0,0 +1,43 @@
+async function readJson(path) {
+  const res = await fetch(path);
+  if (!res.ok) {
+    return [];
+  }
+  return res.json();
+}
+
+function renderTable(containerId, headers, rows) {
+  const container = document.getElementById(containerId);
+  if (!container) return;
+
+  if (!rows.length) {
+    container.innerHTML = "<p>No entries yet.</p>";
+    return;
+  }
+
+  const head = headers.map((h) => `<th>${h}</th>`).join("");
+  const body = rows.map((row) => `<tr>${row.map((c) => `<td>${c}</td>`).join("")}</tr>`).join("");
+
+  container.innerHTML = `<table><thead><tr>${head}</tr></thead><tbody>${body}</tbody></table>`;
+}
+
+async function init() {
+  const contributors = await readJson("data/contributors.json");
+  const security = await readJson("data/security_hof.json");
+
+  const contributorRows = contributors.map((c) => [
+    `<a href="${c.profile}" target="_blank" rel="noopener">${c.login}</a>`,
+    String(c.contributions),
+  ]);
+
+  const securityRows = security.map((s) => [
+    s.name,
+    s.issue,
+    s.reported,
+  ]);
+
+  renderTable("contributors", ["Contributor", "Commits"], contributorRows);
+  renderTable("security-hof", ["Researcher", "Issue", "Reported"], securityRows);
+}
+
+init();
@@ -0,0 +1,118 @@
+:root {
+  --bg: #15100d;
+  --panel: #1f1712;
+  --text: #ffd79a;
+  --accent: #ff8f3f;
+  --line: #6e4b2a;
+  --glow: #ffb36b;
+}
+
+* {
+  box-sizing: border-box;
+}
+
+body {
+  margin: 0;
+  font-family: "Courier New", Courier, monospace;
+  background: radial-gradient(circle at top, #2a1b12 0%, var(--bg) 45%, #0d0b0a 100%);
+  color: var(--text);
+  line-height: 1.5;
+}
+
+.grain {
+  position: fixed;
+  inset: 0;
+  pointer-events: none;
+  opacity: 0.08;
+  background-image: repeating-linear-gradient(0deg, rgba(255, 255, 255, 0.08) 0, rgba(255, 255, 255, 0.08) 1px, transparent 1px, transparent 2px);
+}
+
+.hero {
+  text-align: center;
+  padding: 3rem 1rem 2rem;
+  border-bottom: 2px solid var(--line);
+  box-shadow: 0 0 30px rgba(255, 143, 63, 0.2);
+}
+
+.hero h1 {
+  margin: 0.5rem 0;
+  font-size: clamp(2rem, 8vw, 5rem);
+  letter-spacing: 0.2rem;
+  text-shadow: 0 0 12px var(--glow);
+}
+
+.subtitle,
+.mono {
+  margin: 0.5rem 0;
+}
+
+.hero-actions {
+  margin-top: 1rem;
+}
+
+.hero-actions a {
+  color: var(--accent);
+  margin: 0 0.6rem;
+  border: 1px solid var(--line);
+  padding: 0.4rem 0.7rem;
+  text-decoration: none;
+  display: inline-block;
+}
+
+main {
+  width: min(1000px, 92%);
+  margin: 1.5rem auto 3rem;
+}
+
+section {
+  margin: 1.2rem 0;
+  background: var(--panel);
+  border: 1px solid var(--line);
+  padding: 1rem;
+}
+
+h2 {
+  margin-top: 0;
+  color: var(--accent);
+}
+
+pre {
+  background: #120e0b;
+  border: 1px solid var(--line);
+  padding: 0.8rem;
+  overflow-x: auto;
+}
+
+.grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+  gap: 1rem;
+}
+
+.table {
+  border: 1px solid var(--line);
+  background: #120e0b;
+  padding: 0.8rem;
+}
+
+.table table {
+  width: 100%;
+  border-collapse: collapse;
+}
+
+.table th,
+.table td {
+  text-align: left;
+  padding: 0.45rem;
+  border-bottom: 1px dashed var(--line);
+}
+
+a {
+  color: #ffc66d;
+}
+
+footer {
+  text-align: center;
+  padding: 1rem;
+  border-top: 1px solid var(--line);
+}
@@ -0,0 +1 @@
+[]
@@ -0,0 +1,7 @@
+[
+  {
+    "name": "Reserved",
+    "issue": "Waiting for first responsible disclosure",
+    "reported": "-"
+  }
+]
@@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <meta name="description" content="ExecuTrace Documentation and Hall of Fame" />
+  <title>ExecuTrace // Open Source Docs</title>
+  <link rel="stylesheet" href="assets/style.css" />
+</head>
+<body>
+  <div class="grain"></div>
+  <header class="hero">
+    <p class="mono">EST. 2026 // OPEN SOURCE DEV WORKFLOW TOOLKIT</p>
+    <h1>EXECUTRACE</h1>
+    <p class="subtitle">Record terminal workflows. Replay with confidence.</p>
+    <div class="hero-actions">
+      <a href="https://pypi.org/project/exectrace-workflow/" target="_blank" rel="noopener">PyPI Package</a>
+      <a href="https://github.com/Stalin-143/ExecuTrace" target="_blank" rel="noopener">GitHub Repo</a>
+    </div>
+  </header>
+
+  <main>
+    <section>
+      <h2>What Is ExecuTrace?</h2>
+      <p>
+        ExecuTrace is a Python CLI and library for recording command history and file system changes,
+        then replaying those workflows in reliable, repeatable modes.
+      </p>
+    </section>
+
+    <section>
+      <h2>Install</h2>
+      <pre><code>pip install exectrace-workflow
+exectrace --help</code></pre>
+    </section>
+
+    <section>
+      <h2>Core Commands</h2>
+      <div class="grid">
+        <article>
+          <h3>Record</h3>
+          <pre><code>exectrace record my-workflow
+# run commands
+exectrace stop</code></pre>
+        </article>
+        <article>
+          <h3>Replay</h3>
+          <pre><code>exectrace replay my-workflow --explain
+exectrace replay my-workflow --dry-run
+exectrace replay my-workflow --smart</code></pre>
+        </article>
+        <article>
+          <h3>Manage</h3>
+          <pre><code>exectrace list
+exectrace edit my-workflow
+exectrace delete my-workflow</code></pre>
+        </article>
+      </div>
+    </section>
+
+    <section>
+      <h2>Architecture Snapshot</h2>
+      <ul>
+        <li>Recorder: captures command and file actions</li>
+        <li>Storage: JSON/XML backends via factory pattern</li>
+        <li>Replayer: dry-run, explain, smart execution</li>
+        <li>Editor: workflow mutation and maintenance</li>
+      </ul>
+    </section>
+
+    <section>
+      <h2>Automatic Open Source Credits</h2>
+      <p>
+        Contributors are updated automatically by GitHub workflow and displayed below.
+      </p>
+      <div id="contributors" class="table"></div>
+    </section>
+
+    <section>
+      <h2>Security Hall of Fame</h2>
+      <p>
+        Researchers who responsibly disclose vulnerabilities are listed here after verification.
+      </p>
+      <div id="security-hof" class="table"></div>
+    </section>
+
+    <section>
+      <h2>Security and Advisory Process</h2>
+      <ul>
+        <li>Read security policy: <a href="../SECURITY.md">SECURITY.md</a></li>
+        <li>Disclosure process: <a href="../SECURITY_ADVISORY.md">SECURITY_ADVISORY.md</a></li>
+        <li>Use GitHub Security Advisories for private reports before public disclosure.</li>
+      </ul>
+    </section>
+  </main>
+
+  <footer>
+    <p>ExecuTrace // Open Source // MIT // PyPI 1.0.2</p>
+  </footer>
+
+  <script src="assets/app.js"></script>
+</body>
+</html>