Merge branch 'main' into flowfuse-ai-expert

Author: sumitshinde-84

.github/.trivyignore.yaml

@@ -0,0 +1,2 @@
+# Trivy ignore file
+# Add patterns to ignore specific vulnerabilities

.github/trivy.yaml

@@ -0,0 +1,29 @@
+# Trivy Security Scanner Configuration
+# Documentation: https://aquasecurity.github.io/trivy/latest/docs/configuration/
+
+scan:
+  scanners:
+    - vuln
+    - secret
+
+  skip-dirs:
+    - node_modules
+    - .git
+    - coverage
+    - ci
+
+severity:
+  - CRITICAL
+  - HIGH
+  - MEDIUM
+  - LOW
+
+pkg:
+  types:
+    - os
+    - library
+  include-dev-deps: true
+
+format: "sarif"
+ignorefile: ".github/.trivyignore.yaml"
+exit-code: 0

.github/workflows/sast-scan.yml

@@ -0,0 +1,19 @@
+name: SAST Scan
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  scan:
+    name: SAST Scan
+    uses : flowfuse/github-actions-workflows/.github/workflows/sast_scan.yaml@v0.46.0

src/handbook/company/communication.md

@@ -160,9 +160,30 @@ Example standup messages:
 
 #### Monday Team Catchup
 
-We hold an optional team catchup every Monday. This meeting is a chance to share company updates, get to know each other, and talk about anything you want to share, both professionally and personally.
-
-You can add simple items to the agenda, such as what you did over the weekend or anything that kept you busy. Adding items also helps set the order of conversation and makes sure everyone has space to speak.
+1. Purpose & Attendance
+Our Monday meeting serves a dual purpose: maintaining organizational alignment as we scale and fostering a connected team culture.
+* First 10 Minutes (Mandatory): All team members are expected to join for the Department Spotlight to stay informed on collective progress and high-level goals.
+* Remainder of Meeting (Optional): Following the spotlight, the meeting transitions into an open team catch-up. You are welcome to stay to share personal or professional updates, or depart if you need to focus on other priorities.
+
+2. Format: Department Spotlights
+Each Monday, one department will lead a 5–10 minute presentation. These briefings are intended to be concise, high-level, and focused on information that impacts the broader organization.
+The rotation will follow a four-week cycle:
+* Week 1: Company Update – Focusing on organizational health and "big picture" goals by the CEO
+* Week 2: Technology & Product – Demonstrating what we are building and the "why" behind it by the Engineering & Product leadership
+* Week 3: Sales – Reporting on growth, revenue, and direct customer insights by Sales leadership
+* Week 4: Marketing – Highlighting how we are communicating our value to the market by marketing leadership
+
+3. Presenter Guidelines 
+To maintain a high-energy pace and respect the team's time:
+
+* Content: Focus on three pillars: Recent Wins, Current Challenges, and Upcoming Milestones.
+* Time Limit: 10 minutes maximum (including 2 minutes for Q&A).
+* Visuals: Keep to 3–5 high-impact, data-informed slides.
+* Deadline: Share your slides in the #General channel by EOD Friday prior to your presentation.
+
+4. Open Agenda (Optional Segment)
+For the latter portion of the meeting, team members are encouraged to add items to the agenda. This is an informal space to share weekend highlights, personal news, or professional updates that keep you busy.
+Effective Date: This new format begins Monday, February 2nd, 2026.
 
 #### Strategy Call
 

src/handbook/operations/index.md

@@ -29,6 +29,19 @@ or go bankrupt a table is maintained with where to go in case of service disrupt
 | AWS | Hosting for FlowFuse Cloud | ? | - |
 | GitHub | Task management, planning and code development | - | - |
 
+## Calendar Conventions
+
+To help team members quickly identify meeting types in calendar apps and menubar tools, use these emoji conventions when creating calendar entries:
+
+- 🎥 - Google Meet meetings (add this emoji to the event title for quick visual identification)
+
+This convention is particularly helpful for:
+- Quick visual scanning in menubar calendar apps
+- Distinguishing Google Meet from Slack Huddles at a glance
+- Identifying external-facing meetings quickly
+
+**Note:** For internal face-to-face discussions, prefer Slack Huddles in public channels over Google Meet when possible, as noted in the services table above.
+
 ## Email
 
 While there are a number of email aliases and google groups used throughout the organization, there is some activities across operations, people operations, and finance management that requires that activities be done with external parties. As a redundancy, rather than use a person's individual email (e.g. zj@), we use a google group to avoid the risk of information getting lost. For example, for some government filings, we use ops@.

src/handbook/peopleops/coaching-plans.md

@@ -4,53 +4,39 @@ navTitle: Coaching Plans
 
 # Coaching Plans
 
-A Coaching Plan is tool for managers to aid in development of their team
+A Coaching Plan is a tool managers use to support a team member’s development.
+It helps them grow in their role through a structured plan, built and completed together with their manager’s mentorship.
 members, helping them grow in their role and improve their performance through a
-structured plan to be completed with the managers mentorship. Unlike
-[Performance Improvement Plans (PIPs)][pip], coaching plans are proactive, focus
-on growth, and come without the formal burden of a PIP. 
+Coaching Plans can be used proactively for career development and role growth, and they can also be used to address performance concerns with support and clear expectations.
 
 ## Purpose and Philosophy
 
-Coaching plans are built on the principle that all team members have potential
-for growth. Either in their job skills, company value alignment, or the
-operational execution of their role. Coaching plans are a positive force that
-will be deployed for team members to prepare them for career advancement, job
-role changes, and other changes.
+Coaching Plans are built on the belief that all team members have potential for growth — in their job skills, alignment with company values, or execution of their role.
 
-## When to Use a Coaching Plan
-
-A coaching plan should be initiated by a team members manager when:
+Coaching Plans are a positive, intentional investment. They are used to help team members prepare for career advancement, role changes, and evolving expectations as the company grows.
 
-- A team member shows potential for growth
-- The growth area is specific and coachable
-- The identified area for growth isn't a role deficiency, and a [PIP][pip] is in
-  order
-  - Minor performance areas need attention but don't warrant formal PIP
-    intervention
-- A team member expresses interest in expanding their responsibilities or transitioning to a new role with additional responsibilities
-- The team member is to be prepared for future role progression
-- You observe behaviors or skills that could benefit from focused development
+## When to Use a Coaching Plan
 
-## Coaching Plan vs. Performance Improvement Plan
+A Coaching Plan may be initiated by a team member’s manager when:
 
-**Coaching Plans** are:
+- A team member shows potential for growth or expanded impact
+- The growth area is specific, observable, and coachable
+- Expectations need to be clarified and supported through structured development
+- One or more performance areas would benefit from focused improvement
+- A team member expresses interest in expanding responsibilities or transitioning to a role with additional scope
+- A team member is preparing for future role progression
+- A manager observes behaviors or skills that could benefit from intentional development
 
-- **Proactive** - Focused on development and growth
-- **Supportive** - Emphasize mentorship and guidance
-- **Opportunity-based** - Address areas for improvement before they become
-  problems
-- **Growth-oriented** - Aimed at expanding capabilities and preparing for
-  advancement or addressing problems before they grow too big
-- **Collaborative** - Employee actively participates in goal-setting
+## Coaching Plan Characteristics
 
-**Performance Improvement Plans** are:
+FlowFuse's Coaching Plans are designed to be:
 
-- **Reactive** - Address existing performance deficiencies
-- **Formal** - Structured process with documented consequences
-- **Problem-focused** - Correct performance that falls below standards
-- **Corrective** - Aimed at bringing performance up to acceptable levels
-- **Prescriptive** - Clear expectations with defined outcomes
+- **Development-focused** — Centered on growth and learning, whether proactive or in response to changing expectations
+- **Supportive** — Emphasize mentorship, guidance, and partnership from managers
+- **Opportunity-based** — Frame areas for improvement as opportunities for growth and skill-building
+- **Growth-oriented** — Aimed at expanding capabilities and supporting team members in meeting and exceeding role expectations
+- **Collaborative** — Team members actively participate in goal-setting and development activities
+- **Clear and structured** — Shared expectations with documented goals, milestones, and review points
 
 ## Creating a Coaching Plan
 
@@ -88,8 +74,6 @@ While coaching plans are less formal than PIPs, it's important to:
 - Record achievements and milestones
 - Maintain confidentiality while sharing appropriate updates with HR and
   management
-  - Coaching plans are only shared with: the team member, manager, the managers'
-    manager, and HR
+  - Coaching Plans are only shared with the team member, their manager, the manager’s manager, and HR
 
-[pip]: /handbook/peopleops/organization/#performance-improvement-plan-(pip)
 [smart]: https://www.atlassian.com/blog/productivity/how-to-write-smart-goals

src/handbook/peopleops/leave.md

@@ -7,17 +7,20 @@ navTitle: Holiday & Leave
 ## Logging time off
 
 When taking more than 3 days off consecutively, tell (don't ask) your manager.
-This ensure scheduling of work and operations continue to run smoothly without
-you. When taking over 2 weeks of consecutively seek approval from your manager.
+This ensures scheduling of work and operations can continue to run smoothly
+without you. When taking more than 2 consecutive weeks off, seek approval from
+your manager.
 
 Before you can take time off you should _always_:
 
 - Log your time off
   [in Deel](https://help.letsdeel.com/hc/en-gb/articles/4409044013201-How-do-I-request-time-off-)
-  - Deel disallows [overages on the contracted days off](#holiday-policy), if
+  - Deel disallows [overages on the contracted days off](#holiday-policy). If
     you cannot file the complete length, file up to the allowance.
-- Add an 'Out of office' appointment in your personal Google Calendar, and
+    - This is a limitation in Deel and does not limit the amount of time off you may take.
+- Add an 'Out of Office' appointment in your personal Google Calendar, and
   decline all meetings automatically.
+- Add your Out of Office to your [team calendar](#team-calendars) as `Name OOO`.
 - Add a 'Vacation responder' to your Gmail account, and provide another contact
   person within your team.
   1. Open **Gmail** in your browser.
@@ -29,17 +32,28 @@ Before you can take time off you should _always_:
      - **Subject** (e.g., _"Out of Office"_)
      - **Message** (e.g., _"I am out of the office and without email access
        through [Day], [Date]. Please contact [team member] in my absence."_)
-- Add an event to the shared 'FlowFuse Team Events' calendar showing all the
-  days you will not be working. This makes it easier for our team to understand
-  who is going to be away each week.
-- Inform fellow team members of your time off, and hand over work that's
-  distributed.
+- Inform fellow team members of your time off, and hand over work that’s distributed.
+  
+### Team Calendars
 
-PTO requests in Deel will be routed to your manager.
+We use team-specific calendars to track team meetings, events, and team-level availability.
+
+Out of Office time should be visible in two places:
+- Your **personal calendar** so collaborators across the company can see your availability.
+- Your **team calendar** so your immediate team has clear visibility into coverage and capacity.
+
+This is intentional and not considered duplication. Each calendar serves a different audience.
+
+- [Engineering](https://calendar.google.com/calendar/u/0?cid=Y19iMTZjMTdjYzlmNmZiMTYyZmI0NmUxMDIyNzNkNTFmMWQ4ZjI0MThkMzVmZTc5ZmExNGU0NTE3M2NkMDE5NTVlQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20)
+- [Marketing](https://calendar.google.com/calendar/u/0?cid=Y19iY2UwZjY2NzE3ZTQ3YjAzZjgxZjliNTdjNWNhYTkyYTZlOTM1ZTg5NGU5MDdiOTZjNmY5N2I4ODA3MjllMDQ5QGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20)
+- [Sales](https://calendar.google.com/calendar/u/0?cid=Y19lNThhNThlZDlmNjMyOGQ2YzcwN2VmMWM1MWYxMGU0MzAwMWY4NzhlY2Y0MTI2NTRmY2QzNDYyY2QwMjhiYzFlQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20)
+- [BizOps](https://calendar.google.com/calendar/u/0?cid=Y18wMGU5ZjcyZDE2ZTg0YzU1OTY2ODYxMTAxNmVlMjY2YmRlNzlmMDU3ZjAyMWJjNmU4ZTQ3ZjE0YzE2YjYyZGZiQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20)
+
+If you own a recurring event, place it on the most appropriate calendar for visibility. In some cases, this may still be the FlowFuse Team Events calendar.
 
 ## Holiday Policy
 
-FlowFuse has a unlimited time off policy. Taking vacation is encouraged for all
+FlowFuse has an unlimited time off policy. Taking vacation is encouraged for all
 team members. To prevent an undefined number of vacation days to start a race to
 the bottom, we recommend each team member to take a minimum of 25 days a year,
 and at least 5 days a quarter.
@@ -62,7 +76,7 @@ If you live in a country where a statutory Parental Leave benefit is available,
 you will be required to claim statutory Parental Leave pay (if you are
 eligible).
 
-Any employee can take up to 6-weeks if they wish without requiring manager
+Any employee can take up to 6 weeks if they wish without requiring manager
 approval. We recommend a minimum of 4 weeks, but recognize it's a personal
 choice to make. Further leave can be requested, but should be discussed with
 your manager. Inform your manager of the expected new family member at least 16

src/handbook/peopleops/organization.md

@@ -99,30 +99,27 @@ All cases of underperformance must be documented by the manager through email to
 the CEO and CTO with the timespan of a potential plan created by the employee's
 manager.
 
-### Performance Improvement Plan (PIP)
+### Coaching Plan for Performance Support
 
-After the plan formulated by the manager has not returned the employee to performance
-that is considered on par with the expectations of their role the CEO and manager
-will create a PIP for the employee.
+When additional structure or support is needed to help a team member meet the
+expectations of their role, the manager may create a [Coaching Plan](/handbook/peopleops/coaching-plans/) in partnership
+with the employee.
 
-**A PIP is a genuine opportunity from FlowFuse to the employee to get where they need to be.** While other companies
-use PIPs solely to provide the legal documentation for termination, at FlowFuse a
-PIP is intended to set the bar for both the manager and employee and have transparency
-around expected performance.
+**A Coaching Plan is a genuine investment by FlowFuse in supporting a team member’s success.**
+FlowFuse believes in supporting team members through structured development and clear expectations. 
+A Coaching Plan sets shared expectations for both the manager and team member, while providing the support, feedback, and mentorship needed to succeed.
 
-The PIP will outline the specific areas of underperformance, the specific steps
-the employee must take to improve, and the timeline for improvement. The employee
-will be required to sign the PIP and agree to its terms.
+The Coaching Plan will outline the areas for improvement, the actions to be taken, the support and resources provided, and the expected review timeline.
 
-If an employee has been on a PIP before and for the same reasons enters this stage
-of the underperformance policy again the CEO and manager can opt for not providing
-a PIP. This ensures that a PIP is a genuine change.
+If an employee has previously completed a Coaching Plan for the same concerns and re-enters
+this stage, the company may determine that a different approach is appropriate.
+This helps ensure Coaching Plans remain a meaningful tool for growth.
 
 ### Termination
 
-If an employee's performance does not improve, or if they violate the terms of
-their PIP, they may be terminated. Termination will be based on a documented
-pattern of underperformance or unacceptable behavior.
+If performance does not improve despite sustained coaching and support, or if serious
+policy violations occur, termination may be considered.
+Termination will be based on a documented pattern of underperformance or unacceptable behavior.
 
 ## CEO underperformance
 

src/handbook/peopleops/performance-review.md

@@ -13,8 +13,8 @@ employee can still grow. This text is shared with each individual employee.
 While this performance review is written down, each manager should be communicating
 feedback regularly to minimize the chance for surprises during the written review.
 
-The performance review process will be skipped in the following circumstances; new employees who have been with the company for less than 6 months at the time of the review cycle, employees who have been on extended leave, employees who are currently on a [Performance Improvement Plan (PIP)](/handbook/peopleops/organization/#performance-improvement-plan-(pip)),
-or employees who are in the middle of role transitions or organizational changes that would make a standard review inappropriate. In cases where the formal review is skipped, managers should still provide informal feedback and check-ins to ensure ongoing communication and support.
+The performance review process will be skipped in the following circumstances: new employees who have been with the company for fewer than 6 months at the time of the review cycle, employees who have been on extended leave, and employees who are currently engaged in a  [Coaching Plan](/handbook/peopleops/coaching-plans/) where focused development work is already underway.
+In cases where the formal review is skipped, managers should still provide informal feedback and check-ins to ensure ongoing communication and support.
 
 ## Structure