docs: expand trust signals to enterprise standard

Flesh out CONTRIBUTING.md with dev setup, PR format, and review
guidelines. Add proper SECURITY.md with advisory links and disclosure
policy. Expand CODE_OF_CONDUCT.md based on Contributor Covenant v2.1.
Improve issue templates with structured fields.

Co-authored-by: Daniel <dsantoreis@gmail.com>

Author: 2 people

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,12 +4,27 @@ about: Report a reproducible bug
 labels: bug
 ---
 
-## Summary
+## What happened
+
+A clear description of what went wrong.
 
 ## Steps to reproduce
 
+1. ...
+2. ...
+3. ...
+
 ## Expected behavior
 
-## Actual behavior
+What should have happened instead.
 
 ## Environment
+
+- OS: 
+- Python version: 
+- Docker version (if applicable): 
+- Browser (if frontend): 
+
+## Logs / Screenshots
+
+Paste any relevant error output or screenshots.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,9 +1,21 @@
 ---
 name: Feature request
-about: Propose a new capability
+about: Suggest an improvement
 labels: enhancement
 ---
 
 ## Problem
 
+What problem does this solve? What's frustrating or missing today?
+
 ## Proposed solution
+
+How would you like it to work?
+
+## Alternatives considered
+
+Any other approaches you've thought about.
+
+## Additional context
+
+Screenshots, links, or examples from other projects.

CODE_OF_CONDUCT.md

@@ -1,4 +1,26 @@
 # Code of Conduct
 
-Be respectful, constructive, and professional.
-Harassment and personal attacks are not tolerated.
+## Our Standards
+
+We're committed to providing a welcoming, inclusive environment for everyone. Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+
+Examples of unacceptable behavior:
+
+- Harassment, trolling, or personal attacks
+- Publishing others' private information without permission
+- Any conduct that would be considered inappropriate in a professional setting
+
+## Enforcement
+
+Project maintainers are responsible for clarifying standards of acceptable behavior and will take appropriate corrective action in response to unacceptable behavior.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting the maintainers directly. All complaints will be reviewed and investigated.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1.

CONTRIBUTING.md

@@ -1,7 +1,61 @@
-# Contributing
+# Contributing to Askbase
 
-Thanks for contributing.
+Thanks for considering a contribution. Here's how to get started.
 
-1. Fork and create a branch
-2. Run tests and lint
-3. Open a PR with Problem, Root cause, Fix, Testing
+## Getting Started
+
+1. Fork the repo and clone your fork
+2. Create a branch from `main` (`git checkout -b fix/your-change`)
+3. Install dependencies: `pip install -r requirements.txt` for the API, `npm install` in `frontend/`
+4. Run locally with `docker compose up --build -d`
+
+## Making Changes
+
+- Keep PRs focused on a single concern
+- Follow existing code style (black + ruff for Python, prettier for TypeScript)
+- Add or update tests for behavioral changes
+- Run the test suite before opening a PR
+
+## PR Format
+
+Structure your PR description:
+
+```
+**Problem:** What was broken or missing
+**Root cause:** Why it was happening
+**Fix:** What you changed
+**Testing:** How you verified it works
+```
+
+## Development Setup
+
+```bash
+# Backend
+cd api
+python -m venv .venv && source .venv/bin/activate
+pip install -r requirements.txt
+pytest
+
+# Frontend
+cd frontend
+npm install
+npm run dev
+
+# Full stack
+docker compose up --build -d
+```
+
+## Reporting Bugs
+
+Open an issue with:
+- Steps to reproduce
+- Expected vs actual behavior
+- Environment details (OS, Python version, browser)
+
+## Code Review
+
+All submissions go through review. We look for correctness, test coverage, clean code, and no unnecessary complexity.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.

SECURITY.md

@@ -1,4 +1,25 @@
-# Security
+# Security Policy
 
-Report security issues privately to project maintainers.
-Do not open public issues for vulnerabilities before coordinated disclosure.
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| latest  | Yes       |
+
+## Reporting a Vulnerability
+
+**Do not open public issues for security vulnerabilities.**
+
+Use [GitHub's private security advisory feature](https://github.com/dsantoreis/askbase/security/advisories/new) to report vulnerabilities confidentially.
+
+Please include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if you have one)
+
+We aim to acknowledge reports within 48 hours and provide a timeline for resolution within 5 business days.
+
+## Disclosure Policy
+
+We follow coordinated disclosure. Once a fix is released, we'll publish a security advisory with credit to the reporter (unless they prefer to remain anonymous).