JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests Actions Releases 28 Activity

docs: community standards, privacy notice and release-body automation

Browse Source 
Closes the remaining gaps in GitHub's community-standards check, adds
explicit privacy and dependency documentation matching the plugin's
"DSGVO-by-design" claim, and removes the stale upstream Crowdin
artefact so the repo no longer suggests it ships its own translation
pipeline.

New community-health files:

- CODE_OF_CONDUCT.md: project-specific, short and direct, single
  reporting path to kontakt@hellion-media.de
- CONTRIBUTING.md: scope, accepted vs declined contributions, build
  and test instructions, EUPL-1.2 contribution terms, translation
  policy split between Hellion-specific (here) and upstream strings
  (Chat 2 repo)
- SUPPORT.md: routing for bugs, security, privacy and casual feedback
- .github/PULL_REQUEST_TEMPLATE.md: summary, change-type checklist,
  testing notes, compatibility notes for migrations and manifest
  fields, contribution checklist
- .github/FUNDING.yml: comments-only file, no platforms enabled,
  points donors at the upstream Chat 2 maintainers' Ko-fi pages

New privacy and compliance documentation:

- PRIVACY.md: what the plugin stores locally (config, SQLite,
  EmoteCacheV1), retention defaults, the two outbound network calls
  (BetterTTV API+CDN with ShowEmotes opt-out, Square Enix Lodestone
  font once-off), explicit no-telemetry statement, GDPR
  Art. 15/17/18/20/21 rights mapped to plugin features, third-party
  privacy-policy links
- THIRD_PARTY_NOTICES.md: direct NuGet dependencies with versions
  pinned to v0.5.4 (MessagePack, Microsoft.Data.Sqlite, morelinq,
  Pidgin, SixLabors.ImageSharp under Six Labors Split License 1.0),
  Dalamud SDK and .NET tooling, bundled Exo 2 font (OFL-1.1) and
  plugin icon, network-touch status per component, re-audit commands

Crowdin cleanup:

- crowdin.yml deleted (was upstream Chat 2's project_id 663694,
  pointed at /ChatTwo/Resources/Language.resx, never wired to
  HellionChat strings)
- README, CONTRIBUTING and CODE_OF_CONDUCT no longer suggest
  HellionChat operates a Crowdin project; remaining mentions are
  explicitly framed as upstream Chat 2's workflow

Contact and version consistency:

- Maintainer email switched from maintainer@hellion-media.de to
  kontakt@hellion-media.de in SECURITY.md and NOTICE.md
- README version references updated to 0.5.4 (header, project status
  block) and the update-tag pattern generalised from v0.1.x to v0.X.Y
- bug_report.yml version placeholder bumped to 0.5.4
- Project-documents table added to README footer linking all health
  and reference files in one place

Release-body automation:

- .github/workflows/release.yml now extracts the matching version
  block from ChatTwo/HellionChat.yaml's changelog and combines it
  with a static install / docs footer (custom-repo URL, project
  document links, licence) before passing the result to
  softprops/action-gh-release@v3 via body_path
- Workflow fails fast if no changelog block exists for the tagged
  version, automating the existing "yaml + repo.json + release body
  kept in sync" rule
- Tag value passed via env: TAG_NAME with strict ^v\d+\.\d+\.\d+$
  validation before any string concatenation, so the tag input cannot
  break out into shell evaluation
This commit is contained in:
Jon Kazama
2026-05-03 10:42:07 +02:00
parent 61764459ed
commit 1b63765caa
13 changed files with 815 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
THIRD_PARTY_NOTICES.md
+92
View File
@@ -0,0 +1,92 @@
# Third-party notices
HellionChat ships and depends on a number of third-party components.
This document lists them, their licences and which of them touch the
network. It is the inventory referenced by `PRIVACY.md`.
Last reviewed: 2026-05-03 (HellionChat v0.5.4).
---
## Direct NuGet dependencies
Pinned in `ChatTwo/ChatTwo.csproj`. Versions reflect the v0.5.4 build.
| Package | Version | Licence | Network | Purpose |
| --- | --- | --- | --- | --- |
| [MessagePack](https://github.com/MessagePack-CSharp/MessagePack-CSharp) | 3.1.4 | MIT | no | Binary serialisation for the SQLite message store. |
| [Microsoft.Data.Sqlite](https://learn.microsoft.com/dotnet/standard/data/sqlite/) | 10.0.7 | MIT | no | Local SQLite access for the message database. |
| [morelinq](https://github.com/morelinq/MoreLINQ) | 4.4.0 | Apache-2.0 | no | LINQ helper extensions. |
| [Pidgin](https://github.com/benjamin-hodgson/Pidgin) | 3.3.0 | MIT | no | Parser combinator library used for chat-input parsing. |
| [SixLabors.ImageSharp](https://github.com/SixLabors/ImageSharp) | 3.1.12 | [Six Labors Split License 1.0](https://github.com/SixLabors/ImageSharp/blob/main/LICENSE) (OSI-approved; free for open-source / non-commercial use, commercial licence required for closed-source commercial use) | no | Image decoding for cached emotes. |
Six Labors note: HellionChat is an EUPL-1.2-licensed open-source
project distributed at no cost. Use of ImageSharp 3.x under the
Six Labors Split License 1.0 is permitted on that basis. Anyone
forking HellionChat for closed-source or commercial redistribution
should review the
[Six Labors licence terms](https://github.com/SixLabors/ImageSharp/blob/main/LICENSE)
and obtain a commercial licence if required.
## SDK and tooling
| Component | Licence | Notes |
| --- | --- | --- |
| [Dalamud.NET.Sdk](https://github.com/goatcorp/Dalamud) 15.0.0 | AGPL-3.0 (Dalamud) / SDK terms per goatcorp | Plugin SDK; pulls in DalamudPackager 15.0.0. |
| [.NET 10 SDK](https://dotnet.microsoft.com/) | MIT | Build toolchain. |
## Bundled assets
| Asset | Licence | Source |
| --- | --- | --- |
| Exo 2 (`HellionFont.ttf`) | SIL Open Font License 1.1 | [Google Fonts / Natanael Gama](https://fonts.google.com/specimen/Exo+2). The OFL licence text travels embedded next to the font (`HellionFont-OFL.txt`) to satisfy the "licence must be distributed with the font" clause. |
| Hellion plugin icon (`images/icon.png`) | © Hellion Media, included under the project licence (EUPL-1.2). | Original artwork. |
---
## Upstream code
HellionChat is a fork of [Chat 2](https://github.com/Infiziert90/ChatTwo)
by Infiziert90 (Infi) and Anna Clemens, also licensed under EUPL-1.2.
The bulk of the code, including the message store architecture, the
channel logic, the hook system and the ImGui chat window, originates
from upstream. See `NOTICE.md` and `UPSTREAM_SYNC.md` for the
attribution and the cherry-pick policy.
---
## Components that touch the network
Of everything listed above, **none** of the bundled or NuGet
components opens network connections on their own. All outbound
traffic is initiated explicitly by HellionChat's own source files
and is documented in `PRIVACY.md` under "Outbound network calls":
- `ChatTwo/EmoteCache.cs` → BetterTTV API + CDN (opt-out via setting)
- `ChatTwo/FontManager.cs` → Square Enix Lodestone font CDN (one-time
download)
---
## Verifying this list
To regenerate the dependency inventory after a version bump:
```bash
dotnet list ChatTwo.sln package --include-transitive
```
The "direct NuGet dependencies" table above only lists direct
references. Transitive dependencies pulled in by Dalamud SDK or by
the listed packages are covered by the SDK / package licences and
documented by their respective maintainers.
To re-audit the network-call inventory:
```bash
grep -rn -E "HttpClient|HttpRequest|new Uri\(|https?://" \
--include="*.cs" ChatTwo/
```
Any new hit that is not a click-through (`Util.OpenLink`) or a
payload-parsing call must be added to `PRIVACY.md` before release.