chore(docs): add scorecard, deepwiki and socket.dev badges

[aaguiarz]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• Documentation
  • Refreshed README header badges: added Socket badge for the PyPI package, a DeepWiki badge, and an OpenSSF Scorecard.
  • Aligned the Release badge on the same line as the DeepWiki badge for a cleaner layout.
  • Renamed the Twitter badge to X and updated the link to x.com/openfga.
  • Updated overall badge lineup to reflect new branding and resources.
  • No changes to public APIs or functionality.

[coderabbitai]

Walkthrough

Updates README header badges: replaced Release and License badges with a Socket Badge and DeepWiki badge; added an OpenSSF Scorecard badge; moved Release badge inline with DeepWiki; renamed Twitter badge to X with updated link. No code or exported entities changed.

Changes

Cohort / File(s)	Summary
Docs: README badges update README.md	Replaced Release and License badges with Socket and DeepWiki badges; added OpenSSF Scorecard badge; repositioned Release badge; renamed Twitter badge to X with new URL; retained autogenerated SDK note.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Title Check	✅ Passed	The title "chore(docs): add scorecard, deepwiki and socket.dev badges" is concise and directly describes the main change in the changeset — updating README header badges to add Scorecard, DeepWiki, and Socket.dev — which matches the raw summary of README badge updates; it uses appropriate chore/docs scope and is clear for repository history scanning.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/add-badges

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.73%. Comparing base (42cc5cc) to head (ed8cff6).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #227   +/-   ##
=======================================
  Coverage   70.73%   70.73%           
=======================================
  Files         134      134           
  Lines       10884    10884           
=======================================
  Hits         7699     7699           
  Misses       3185     3185           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

README.md (2)

5-5: Add a space between badges to avoid them collapsing.

Insert a single space between the closing DeepWiki link and the opening of the Release badge so they render as two separate badges.

---

9-9: Align “X” badge text and site naming; fix hover text.

Update the title to “@openfga on X” and (optionally) standardize references elsewhere.

-[![X](https://img.shields.io/twitter/follow/openfga?color=%23179CF0&logo=twitter&style=flat-square "@openfga on Twitter")](https://x.com/openfga)
+[![X](https://img.shields.io/twitter/follow/openfga?color=%23179CF0&logo=twitter&style=flat-square "@openfga on X")](https://x.com/openfga)

Also consider updating the Resources entry for consistency (outside this hunk):

- - [Twitter](https://twitter.com/openfga)
+ - [X (formerly Twitter)](https://x.com/openfga)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 42cc5cc and ed8cff6.

📒 Files selected for processing (1)

• README.md (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Socket Security: Pull Request Alerts

🔇 Additional comments (1)

README.md (1)

7-7: Scorecard badge LGTM.

Correct target and image URL. No issues.

[coderabbitai]

🛠️ Refactor suggestion

🧩 Analysis chain

Avoid pinning Socket badge to a fixed version; also verify package slug.

Pinning to 0.9.6 will go stale and the slug uses a hyphen while PyPI/install uses an underscore. Prefer an unpinned/latest badge and confirm the correct Socket.dev path for this package.

---

🌐 Web query:

For Socket.dev PyPI badges:
1) What is the correct badge URL format to always show the latest version (no hardcoded version segment)?
2) For the OpenFGA Python SDK, which PyPI slug is correct for Socket.dev: `openfga_sdk` or `openfga-sdk`?

💡 Result:

Answers:

1. Use the package badge endpoint without a version segment, e.g.:
   https://socket.dev/pypi/package//badge.svg
   (replace with the package's PyPI slug). [1]

2. The OpenFGA Python SDK’s PyPI slug is openfga-sdk (with a hyphen). [2]

Sources:
[1] Example Socket.dev PyPI package page (shows package slug in its URL path). https://socket.dev/pypi/package/abadge.
[2] OpenFGA Python SDK on PyPI: openfga-sdk. https://pypi.org/project/openfga-sdk/

---

Use unpinned Socket.dev PyPI badge and correct slug (openfga-sdk)

Replace the pinned badge in README.md (line 4) with the unpinned badge endpoint: https://socket.dev/pypi/package/openfga-sdk/badge.svg — the PyPI slug is openfga-sdk (hyphen), not openfga_sdk.

🤖 Prompt for AI Agents

In README.md around line 4, the Socket.dev PyPI badge is pinned and uses the
wrong slug; replace the current badge/image URL and link target to use the
unpinned badge endpoint with the correct hyphenated slug:
https://socket.dev/pypi/package/openfga-sdk/badge.svg and ensure any hyperlink
pointing to the package uses the slug openfga-sdk (with a hyphen) rather than
openfga_sdk.