TuringLang · shravanngoswamii · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,45 @@
+# Code of Conduct
+
+This Code of Conduct applies across repositories in the TuringLang organization unless a repository defines its own policy.
+
+## Our commitment
+
+We are committed to a welcoming, respectful, and inclusive community for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, education, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Expected behavior
+
+- Be respectful in language and tone.
+- Assume good intent and ask clarifying questions before escalating.
+- Give and receive constructive technical feedback.
+- Keep discussion focused on ideas and evidence.
+- Respect differing viewpoints and lived experiences.
+
+## Unacceptable behavior
+
+- Harassment, intimidation, discrimination, or hate speech.
+- Personal attacks, insults, or deliberately inflammatory comments.
+- Sexualized language or unwelcome sexual attention.
+- Doxxing, sharing private information, or threats.
+- Repeated disruption, trolling, or bad-faith engagement.
+
+## Scope
+
+This policy applies in project spaces, including issues, pull requests, discussions, review comments, and other community communication channels.
+
+## Reporting
+
+If you experience or witness unacceptable behavior, report it to repository or organization maintainers.
+
+- Prefer private channels where available (for example, direct contact methods listed by maintainers).
+- Include links, timestamps, and relevant context so maintainers can investigate quickly.
+- Do not post sensitive reports publicly.
+
+## Enforcement
+
+Maintainers are responsible for clarifying and enforcing this policy. They may take any action they consider appropriate, including warnings, comment moderation, temporary restrictions, or bans.
+
+All reports will be reviewed promptly and handled with discretion.
+
+## Attribution
+
+This policy is informed by widely used open-source community standards, including the Contributor Covenant.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,85 @@
+# Contributing to Turing.jl Organization Repositories
+
+This policy applies organization-wide through the shared `.github` repository. Individual repositories may add project-specific requirements, but this document defines the default expectations.
+
+## Overall expectations
+
+- Write clear and professional English in issues, pull requests, and review comments.
+- Explain reasoning, not only the code delta. For bug fixes, describe the root cause and why your fix addresses it.
+- Keep contributions focused and appropriately scoped for review.
+- Be ready to answer technical questions about your changes during review.
+
+Our standard is simple: a contribution should be worth more to the project than the time required to review it.
+
+## AI and tool-use policy
+
+Contributors may use AI tools, editors, and automation with one non-negotiable rule: **a human must stay in the loop**.
+
+### Required
+
+- You must read, review, and understand all tool-generated code or text before requesting review.
+- You are the author of the contribution and fully accountable for correctness, quality, licensing, and security.
+- You must be transparent about substantial tool usage.
+  - Add an AI disclosure in your pull request description.
+  - Include the model/tool name and a short note on how it was used.
+
+### Not allowed
+
+- Submitting unreviewed AI output for maintainers to debug or redesign.
+- Using AI tools to resolve issues labeled `good first issue`.
+  - These are learning-oriented tasks intended for hands-on contributor growth.
+
+### Recommended
+
+- Start with small, understandable changes if you are new to a repository.
+- Write PR descriptions yourself (you may use tools for copy-editing or translation).
+- Prefer incremental PRs over large, hard-to-review submissions.
+
+## Pull request guidelines
+
+- Keep PRs small enough for effective review. If a PR becomes very large, split it.
+- Include tests for behavior changes.
+- Update documentation when public behavior, APIs, or workflows change.
+- Add clear reproduction and validation steps so reviewers can verify quickly.
+
+### PR description format (for non-trivial changes)
+
+- **What**: Concrete summary of behavior changes.
+- **Why**: Problem statement, motivation, and why this approach was chosen.
+- **How to test**: Exact steps and expected results.
+- **Before/After**: Required for UI or UX changes (screenshots or video).
+- **Risks/Open questions**: Any known limitations, trade-offs, or follow-ups.
+
+End with an AI disclosure after a separator (`---`) when AI/tool assistance was substantial.
+
+## Quality bar
+
+Before opening a PR, ensure:
+
+- You can explain the change end-to-end.
+- Tests pass locally (or in CI where appropriate).
+- The patch is intentionally scoped and not padded with unrelated edits.
+- Commit messages and PR descriptions are clear and useful to reviewers.
+
+## Copyright and licensing
+
+By contributing, you confirm that you have the right to submit the content under the repository license.
+
+Using AI tools does not remove copyright obligations. Do not submit generated content that reproduces copyrighted or otherwise restricted material without proper rights.
+
+## Handling policy violations
+
+Maintainers may request changes, pause review, or close/lock threads when contributions are repeatedly extractive or non-compliant.
+
+When a contribution appears non-compliant with this policy, maintainers may use the template below:
+
+> This contribution does not appear to meet our policy for tool-assisted submissions.
+> Please revise it to make the change easier to review and add the required disclosure.
+> In particular, ensure the PR clearly explains motivation, implementation decisions,
+> and how you validated correctness.
+
+## Need help?
+
+If you are unsure about scope or design, please open a issue or a discussion on Slack / Discourse before implementing a large change.
+
+Thanks for helping make the TuringLang community sustainable, welcoming, and high quality.
diff --git a/README.md b/README.md
@@ -2,6 +2,12 @@
 
 Organization-wide GitHub Actions and other metadata.
 
+Default community health files:
+
+- `CONTRIBUTING.md`
+- `CODE_OF_CONDUCT.md`
+- `SECURITY.md`
+
 See the GitHub documentation about [creating default community health files](https://docs.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file) and
 [sharing workflows](https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/sharing-workflows-with-your-organization)
 for details on how this repository works.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,39 @@
+# Security Policy
+
+This security policy applies across repositories in the TuringLang organization unless a repository defines its own policy.
+
+## Reporting a vulnerability
+
+Please report suspected vulnerabilities privately.
+
+- Use GitHub private vulnerability reporting in the affected repository when available.
+- If private reporting is not available, contact repository maintainers directly.
+- Do not open public issues for unpatched vulnerabilities.
+
+When possible, include:
+
+- Affected repository, branch, and version
+- Reproduction steps or proof of concept
+- Expected impact and attack preconditions
+- Any mitigation ideas you have already tested
+
+## What to expect
+
+After receiving a report, maintainers will:
+
+- Acknowledge receipt as soon as practical
+- Assess severity and scope
+- Work on a fix and coordinated disclosure
+- Credit the reporter when appropriate (if requested)
+
+Response and remediation timelines depend on severity, complexity, and maintainer availability.
+
+## Disclosure guidance
+
+Please allow maintainers reasonable time to investigate and release a fix before public disclosure.
+
+If you are unsure whether something is security-sensitive, report it privately first.
+
+## Supported versions
+
+Support windows vary by repository. Unless stated otherwise in a repository's own policy, only actively maintained branches and current releases should be assumed to receive security fixes.