maevsi · dargmuesli · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026
@@ -0,0 +1,44 @@
+---
+applyTo: '**'
+---
+# Project Instructions
+
+`stack` is the Docker Swarm configuration for [vibetype.app](https://vibetype.app/), an event community platform, managed with [dargstack](https://github.com/dargstack/dargstack/).
+
+## Documentation Map
+
+**For understanding the stack structure and deployment:**
+- [README.md](README.md): Project overview, quick start
+- [artifacts/docs/README.md](artifacts/docs/README.md): Auto-generated service, secret and volume reference (do not edit manually)
+
+**For contributing:**
+- [CONTRIBUTING.md](CONTRIBUTING.md): Development setup, dargstack guidelines, code style, git workflow
+
+## Code Style
+
+- Do not use abbreviations in naming, except where omitting them would look unnatural
+- Use natural language in any non-code text instead of referring to code directly, e.g. "the database's password" instead of "the `postgres_password`", except when a code reference is needed
+- Use backticks in any non-code text to refer to code, e.g. "`postgres`" instead of "postgres"
+- Sort YAML keys lexicographically except where order is semantically significant
+- Code formatting is done by the editor via `.editorconfig`
+
+## Git
+
+- Work on branches other than the default branch
+  - Use this branch naming pattern: `<type>/<scope>/<description>`
+- Git commit titles must follow the Conventional Commits specification and be lowercase only
+  - The commit scope should not be repeated in the commit description, e.g. `feat(postgres): add role` instead of `feat(postgres): add postgres role`
+- Git commit scopes must be chosen as follows (ordered by priority):
+  1. service name, e.g. `postgres`, `traefik`, `vibetype`
+  2. simplified dependency name, e.g. `dargstack`, `docker`
+  3. area, e.g. `secrets`, `volumes`, `certificates`
+- Commit bodies are only to be filled in when necessary, e.g. to mention a resolved issue link
+
+## Docker / dargstack
+
+- Each service lives under `src/development/<service>/compose.yaml` as a full Compose document and optionally `src/production/<service>/compose.yaml` as a delta-only override
+- Lines annotated with `# dargstack:dev-only` are stripped from production compose
+- Run `dargstack build <service>` after changing a service's source code to rebuild its development container image
+- Run `dargstack validate` to check the stack configuration
+- Run `dargstack document` to regenerate `artifacts/docs/README.md` (do not edit that file manually)
+- Do not commit files from `artifacts/` unless they are tracked (e.g. `artifacts/docs/SERVICES_ADDITIONAL.md`)
@@ -0,0 +1,130 @@
+# Contributing to stack
+
+Thank you for your interest in contributing!
+
+The fullstack environment composes several services, among those are the following first-party:
+
+| Repository | Required | Profile | Access |
+|---|---|---|---|
+| [maevsi/android](https://github.com/maevsi/android) | optional | — | public |
+| [maevsi/ios](https://github.com/maevsi/ios) | optional | — | public |
+| [maevsi/postgraphile](https://github.com/maevsi/postgraphile) | ✅ | `default` | public |
+| [maevsi/reccoom](https://github.com/maevsi/reccoom) | optional | `recommendation` | private |
+| [maevsi/sqitch](https://github.com/maevsi/sqitch) | ✅ | `default` | public |
+| [maevsi/stack](https://github.com/maevsi/stack) | ✅ | — | public |
+| [maevsi/vibetype](https://github.com/maevsi/vibetype) | ✅ | `default` | public |
+
+## Development Setup
+
+There are two development modes:
+
+| Mode | When to use | Setup | Where to start |
+|---|---|---|---|
+| **Frontend only** | Working on UI, i18n, or anything that doesn't require running backend services | Manual only | [Vibetype repository](https://github.com/maevsi/vibetype#development) |
+| **Fullstack** | Working on backend services, the database, the API, or any cross-cutting concern | Automated or manual | This guide (continue reading) |
+
+> 🪟 **Windows users:** Set up [WSL](https://docs.microsoft.com/en-us/windows/wsl/install) first and continue inside the Linux subsystem.
+> If you use VS Code, see [VS Code + WSL](https://learn.microsoft.com/en-us/windows/wsl/tutorials/wsl-vscode).
+
+### Automated Setup
+
+Clone this repository into the directory where you want the project to live, then run the setup script from inside the cloned `stack` repository:
+```sh
+cd /path/to/where/you/want/the/project
+git clone https://github.com/maevsi/stack.git
+cd stack
+
+```sh
+bash scripts/setup.sh
+```
+
+The script will interactively ask which optional feature sets you want, then:
+
+1. Clone the selected repositories as siblings inside a `vibetype/` parent directory.
+2. Run `dargstack build <service>` for the selected services to build the required development container images.
+3. Deploy the development stack with `dargstack deploy`.
+
+> Per-repository setup (e.g. Node.js install for `vibetype`) is not yet automated here. Each repository will eventually provide its own `scripts/setup.sh` that this script will invoke. In the meantime, follow the manual steps below for repository-specific preparation.
+
+### Manual Setup
+
+If you prefer to step through each action yourself:
+
+1. Install prerequisites
+
+    1. [Git](https://git-scm.com/): version control
+    2. [Docker](https://docs.docker.com/engine/install/): container runtime
+    3. [dargstack](https://github.com/dargstack/dargstack#install): stack management CLI
+    <!-- 4. [nvm](https://github.com/nvm-sh/nvm#installing-and-updating): Node.js version manager (for Vibetype frontend setup) -->
+
+1. Create a parent directory and clone the sibling repositories into it:
+
+   ```sh
+   mkdir vibetype && cd vibetype
+   git clone git@github.com:maevsi/android.git # optional
+   git clone git@github.com:maevsi/ios.git # optional
+   git clone git@github.com:maevsi/postgraphile.git
+   git clone git@github.com:maevsi/reccoom.git # optional, private
+   git clone git@github.com:maevsi/sqitch.git
+   git clone git@github.com:maevsi/stack.git
+   git clone git@github.com:maevsi/vibetype.git
+   ```
+
+   <details>
+     <summary>Click here if you don't have SSH set up (you should!) to use HTTPS URLs instead</summary>
+
+
+   ```sh
+   mkdir vibetype && cd vibetype
+   git clone https://github.com/maevsi/android.git # optional
+   git clone https://github.com/maevsi/ios.git # optional
+   git clone https://github.com/maevsi/postgraphile.git
+   git clone https://github.com/maevsi/reccoom.git # optional, private
+   git clone https://github.com/maevsi/sqitch.git
+   git clone https://github.com/maevsi/stack.git
+   git clone https://github.com/maevsi/vibetype.git
+   ```
+    </details>
+
+2. Initialize all cloned projects for development according to their READMEs.
+
+3. Build development container images:
+
+   ```sh
+   cd stack
+   dargstack build
+   ```
+
+   An interactive selection dialog will let you choose which services to build.
+
+4. Deploy:
+
+   ```sh
+   dargstack deploy
+   ```
+
+5. You should now be able to access Vibetype at [https://app.localhost](https://app.localhost) 🎉
+
+
+## Guidelines
+
+### Git & GitHub
+
+Follow [@dargmuesli's Contributing Guidelines](https://gist.github.com/dargmuesli/430b7d902a22df02d88d1969a22a81b5#contribution-workflow) for branch naming, commit formatting, and the pull request workflow.
+
+### Semantic Versioning
+
+Read [@dargmuesli's guide on Semantic Versioning](https://gist.github.com/dargmuesli/430b7d902a22df02d88d1969a22a81b5#file-semantic-versioning-md) for how to format PR, issue and commit titles.
+
+### dargstack
+
+- Service files live in `src/development/<service>/compose.yaml` (full Compose document) and `src/production/<service>/compose.yaml` (production delta only).
+- Run `dargstack build` to interactively select and build development container images after making changes to a service's source code.
+- Run `dargstack document` to regenerate `artifacts/docs/README.md` after adding or modifying services.
+- Do not edit `artifacts/` files directly: they are generated or gitignored.
+
+### Code Style
+
+- Keep YAML keys sorted lexicographically where order is semantically irrelevant.
+- Use natural language in comments; refer to code artifacts with backticks.
+- Do not use abbreviations in names unless omitting them would look unnatural.
@@ -0,0 +1,32 @@
+[![ci status][ci-image]][ci-url]
+
+[ci-image]: https://img.shields.io/github/actions/workflow/status/maevsi/stack/ci.yml
+[ci-url]: https://github.com/maevsi/stack/actions/workflows/ci.yml
+
+# @maevsi/stack
+
+The Docker stack configuration for [vibetype.app](https://vibetype.app/).
+
+This project is managed with [dargstack](https://github.com/dargstack/dargstack/) and is closely related to [Vibetype's source code](https://github.com/maevsi/vibetype/).
+
+## Documentation
+
+To see which services, secrets and volumes this stack includes, head over to [`artifacts/docs/README.md`](artifacts/docs/README.md).
+
+## Development Setup
+
+> 💡 **Windows users:** Run these steps inside [WSL](https://docs.microsoft.com/en-us/windows/wsl/install).
+
+> 📖 **New to the project? Read [CONTRIBUTING.md](CONTRIBUTING.md) first** to understand the repository structure, the development modes, and what each component does. You will need this context to work effectively beyond the quick setup below.
+
+To start a local fullstack development environment, run the setup script from the directory where you want to clone the project:
+
+```sh
+bash <(curl -fsSL https://raw.githubusercontent.com/maevsi/stack/main/scripts/setup.sh)
+```
+
+Or, if you have already cloned this repository:
+
+```sh
+bash scripts/setup.sh
+```
@@ -0,0 +1,57 @@
+# Vibetype Disclosure Policy
+
+## 1 Introduction
+
+The security of Vibetype is a top priority for our team. We believe in transparency and collaboration with the community to identify and address potential security vulnerabilities. This disclosure policy outlines the procedures for reporting security issues in Vibetype and how we handle such reports.
+
+## 2 Reporting a Security Issue
+
+If you discover a security vulnerability in Vibetype, we encourage you to report it to us promptly. To report a security issue, please follow these steps:
+
+Send an email to contact+security@maev.si with the subject line "Security Issue: [Brief Description]." Please provide a detailed description of the vulnerability, including the following:
+
+- A concise summary of the issue.
+- A detailed explanation of the vulnerability and its potential impact.
+- Steps to reproduce the vulnerability (if applicable).
+- Any additional information that can help us understand and address the issue.
+
+## 3 Handling of Reports
+
+Upon receiving a security report, the Vibetype team will follow these steps:
+
+### 3.1 Acknowledgment
+
+We will acknowledge your report as soon as possible and provide an estimated timeline for the review and resolution process.
+
+### 3.2 Evaluation
+
+Our team will review the reported issue to assess its validity and severity. We may request additional information from you if necessary.
+
+### 3.3 Resolution
+
+Once we have confirmed and understood the vulnerability, we will develop and test a fix. We will try to resolve the issue as quickly as possible.
+
+### 3.4 Communication
+
+We will keep you informed of our progress throughout the process and notify you when a fix is available. If the issue affects multiple projects, we may coordinate with other project maintainers and vendors.
+
+## 4 Disclosure
+
+We believe in responsible disclosure to protect our users.
+
+If the issue is resolved, we will coordinate with you to establish a mutually agreed-upon release date for the fix.
+We will issue a security advisory and update the project's documentation once the fix is publicly available.
+
+## 5 Credit and Recognition
+
+We highly value the contributions of the security community and will provide credit to individuals or organizations who responsibly report security vulnerabilities. However, if you prefer to remain anonymous, we will respect your wishes.
+
+## 6 Legal Protection
+
+Vibetype will not pursue legal action against security researchers who follow this disclosure policy and act in good faith. We appreciate your efforts to help us maintain the security of our project.
+
+## 7 Changes to this Policy
+
+This security disclosure policy may be updated or revised from time to time.
+
+Last Updated: 2026-04-03
@@ -25,7 +25,7 @@ behavior:
   prompt:
     volume:
       # Prompt to remove volumes before deploying (development only)
-      remove: false # default: true
+      remove: true
 
 # Production environment settings
 production: