docs(community): add CONTRIBUTING, CODE_OF_CONDUCT, SECURITY, and GitHub templates

Adds standard open-source community health files:
- CONTRIBUTING.md with dev workflow, quality gates, and architecture overview
- CODE_OF_CONDUCT.md (Contributor Covenant 2.1)
- SECURITY.md with vulnerability disclosure process and known considerations
- .github/ISSUE_TEMPLATE/bug_report.yml and feature_request.yml
- .github/PULL_REQUEST_TEMPLATE.md with checklist

Author: blazejpawlak

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,76 @@
+name: Bug Report
+description: Report a bug or unexpected behavior in opencode-model-fallback
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a bug. Please fill in as much detail as possible.
+
+  - type: input
+    id: version
+    attributes:
+      label: Plugin version
+      placeholder: "e.g. 0.1.0"
+    validations:
+      required: true
+
+  - type: input
+    id: opencode-version
+    attributes:
+      label: OpenCode version
+      placeholder: "e.g. 1.2.24"
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: What happened?
+      description: A clear and concise description of the bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect?
+      description: A clear description of what you expected to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: config
+    attributes:
+      label: Your model-fallback.json config (redact sensitive values)
+      render: json
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Paste any relevant lines from your log file (`~/.local/share/opencode/logs/`).
+      render: text
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: Steps to reproduce
+      placeholder: |
+        1. Configure fallback chain with ...
+        2. Send a message that triggers a rate limit
+        3. Observe ...
+    validations:
+      required: true
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating system
+      options:
+        - macOS
+        - Linux
+        - Windows
+        - Other
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,36 @@
+name: Feature Request
+description: Suggest a new feature or enhancement
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Have an idea for improving opencode-model-fallback? We'd love to hear it.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: What problem does this solve?
+      description: Describe the problem or limitation you're running into.
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe your proposed solution
+      description: A clear description of what you want to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Any alternative solutions or workarounds you've considered.
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+      description: Any other context, screenshots, or examples.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,37 @@
+## Summary
+
+<!-- A concise description of what this PR does and why. -->
+
+## Changes
+
+<!-- List the key changes made: -->
+
+-
+-
+-
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (fix or feature that changes existing behavior)
+- [ ] Documentation update
+- [ ] Test improvement
+- [ ] Refactor / maintenance
+
+## Testing
+
+<!-- Describe how you tested the changes. -->
+
+- [ ] `bun test` passes (all 101 tests)
+- [ ] `bunx tsc --noEmit` passes
+- [ ] `bun run lint` passes
+- [ ] `bun run build` succeeds
+
+## Related issues
+
+<!-- Link any related issues: Closes #, Fixes #, Relates to # -->
+
+## Notes for reviewers
+
+<!-- Anything specific you'd like reviewers to focus on. -->

CODE_OF_CONDUCT.md

@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at blazej@smartcoders.xyz. All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -0,0 +1,80 @@
+# Contributing to opencode-model-fallback
+
+Thank you for your interest in contributing! This document outlines the process for contributing to this project.
+
+## Getting Started
+
+```bash
+# Clone the repo
+git clone https://github.com/Smart-Coders-HQ/opencode-model-fallback.git
+cd opencode-model-fallback
+
+# Install dependencies
+bun install
+
+# Run tests
+bun test
+
+# Type check
+bunx tsc --noEmit
+
+# Build
+bun run build
+```
+
+## Development Workflow
+
+1. **Fork** the repository and create a feature branch from `main`.
+2. **Write code** — follow the [TypeScript/JavaScript conventions](https://github.com/Smart-Coders-HQ/opencode-model-fallback/blob/main/AGENTS.md) in `AGENTS.md`.
+3. **Test** — add tests for new functionality. All tests must pass: `bun test`.
+4. **Lint** — run `bun run lint` and `bun run format` before committing.
+5. **Commit** — use [Conventional Commits](https://www.conventionalcommits.org/) format:
+   - `feat: add X` — new feature (triggers minor release)
+   - `fix: correct Y` — bug fix (triggers patch release)
+   - `docs: update Z` — documentation only
+   - `test: add coverage for W` — test changes
+   - `chore: bump deps` — maintenance
+   - `BREAKING CHANGE:` in footer — triggers major release
+6. **Pull Request** — open a PR against `main`. Fill in the PR template.
+
+## Quality Gates
+
+Before a PR can be merged, all of these must pass:
+
+- `bun run lint` — Biome linting
+- `bun test` — 101 tests, 0 failures
+- `bunx tsc --noEmit` — TypeScript type check
+- `bun run build` — clean build
+
+## Architecture
+
+The plugin is structured as follows:
+
+```
+src/
+  plugin.ts           # Entry point — event router + chat.message hook
+  preemptive.ts       # Sync preemptive redirect logic
+  types.ts            # Shared type definitions
+  config/             # Zod schema, file discovery, defaults, auto-migration
+  detection/          # Pattern matching + error classification
+  state/              # ModelHealthStore, SessionStateStore, FallbackStore
+  resolution/         # Chain walker, agent→config resolver
+  replay/             # abort→revert→prompt orchestrator
+  display/            # Toast notifications, usage enrichment
+  tools/              # /fallback-status tool
+  logging/            # Structured file + client logger
+```
+
+See `AGENTS.md` for full architecture details and key invariants.
+
+## Reporting Issues
+
+Please use [GitHub Issues](https://github.com/Smart-Coders-HQ/opencode-model-fallback/issues) and select the appropriate template.
+
+## Security Vulnerabilities
+
+Please do **not** open public issues for security vulnerabilities. See [SECURITY.md](SECURITY.md) for responsible disclosure instructions.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [Apache 2.0 License](LICENSE).

SECURITY.md

@@ -0,0 +1,44 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+To report a security vulnerability, email us at **blazej@smartcoders.xyz** with the subject line `[SECURITY] opencode-model-fallback`.
+
+Please include:
+
+- A description of the vulnerability and its potential impact
+- Steps to reproduce the issue
+- Any suggested mitigations or fixes
+
+You should receive a response within **72 hours**. If you do not hear back, please follow up via email.
+
+We will:
+
+1. Acknowledge receipt of your report
+2. Investigate and confirm the vulnerability
+3. Work on a fix and release a patched version
+4. Credit you in the release notes (unless you prefer to remain anonymous)
+
+## Scope
+
+This security policy covers the `opencode-model-fallback` plugin code. It does not cover:
+
+- Third-party dependencies (report those to the respective projects)
+- The OpenCode runtime itself
+- Issues requiring physical access to your machine
+
+## Known Security Considerations
+
+- **Config file permissions**: The plugin reads config from `~/.config/opencode/model-fallback.json` and agent config directories. Ensure these paths have appropriate permissions (readable only by your user).
+- **Log files**: Log files stored in `~/.local/share/opencode/logs/` may contain model usage metadata. They are created with `0o600` permissions (owner read/write only).
+- **YAML parsing**: Agent config files with YAML frontmatter are parsed with the CORE schema, which disallows executable YAML types.
+
+Thank you for helping keep opencode-model-fallback secure.