From d14244e82a516613943ec9664d15510a27c286fd Mon Sep 17 00:00:00 2001
From: MicrosoftWindows96 <spam@zagrosi.com>
Date: Sat, 9 May 2026 13:00:52 +0100
Subject: [PATCH 1/2] chore(ci): ignore CycloneDX SBOM artefacts

The cargo sbom workflow regenerates *.cdx.json files on every CI
run. Treating them as source pollutes git history with build output
and risks merge conflicts on every release. Ignore them so SBOMs
stay where they belong: as workflow artefacts attached to runs and
releases.

Signed-off-by: MicrosoftWindows96 <spam@zagrosi.com>
---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index a0b853f..f3adee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,3 +63,6 @@ docs/
 
 # Auto-generated per-project Claude config
 CLAUDE.md
+
+# CycloneDX SBOMs (generated by the cargo sbom CI workflow per build).
+*.cdx.json

From 43f7715e13d68c999a54c1762e5cd4ccdd339566 Mon Sep 17 00:00:00 2001
From: MicrosoftWindows96 <spam@zagrosi.com>
Date: Sat, 9 May 2026 13:01:44 +0100
Subject: [PATCH 2/2] chore(repo): add BACKERS and CONTRIBUTORS rosters

Adds two public-facing governance files referenced by the Sponsors
profile, FUNDING.yml, and the future sponsor onboarding flow:

  * BACKERS.md groups recurring sponsors by tier (Commercial License
    at $500/mo, Operator at $100/mo, Builder at $25/mo, Backer at
    $5/mo) plus a one-time sponsor section. Each tier carries a
    short, accurate description of what the sponsor receives. Auto
    insertion markers are reserved so a future webhook bot can
    update entries without touching surrounding prose.

  * CONTRIBUTORS.md combines code contributors, founding sponsors,
    security researchers, and triage and design reviewers in one
    place, with criteria for each category and an opt-out clause
    for private contributors.

Two corrections relative to the initial draft:

  * Defer the broken Contributor License Agreement reference rather
    than link to a missing path. The CLA is a separate legal
    artefact and will land in its own change.

  * Drop the "(forthcoming)" qualifier from the SECURITY.md mention
    since SECURITY.md already exists at the repository root, and
    link to it.

Spelling normalised to American "license" to match README, the
LICENSE badge, and SECURITY.md.

Signed-off-by: MicrosoftWindows96 <spam@zagrosi.com>
---
 BACKERS.md      | 57 +++++++++++++++++++++++++++++++++++++++++++++++++
 CONTRIBUTORS.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 BACKERS.md
 create mode 100644 CONTRIBUTORS.md

diff --git a/BACKERS.md b/BACKERS.md
new file mode 100644
index 0000000..8f4e3e5
--- /dev/null
+++ b/BACKERS.md
@@ -0,0 +1,57 @@
+# Backers
+
+Zagrosi is independently developed and funded by the people and companies listed below. Their support pays for the time that turns a public roadmap into shipped code.
+
+If you find Zagrosi useful, please consider [becoming a sponsor](https://github.com/sponsors/MicrosoftWindows96). Every contribution, monthly or one-time, goes back into the project.
+
+---
+
+## Commercial License sponsors
+
+*$500 per month. Use Zagrosi inside a closed-source product or SaaS without the AGPLv3 source-disclosure obligation. Per-company license covering unlimited internal users.*
+
+<!-- COMMERCIAL_LIST_START -->
+*Reserved.*
+<!-- COMMERCIAL_LIST_END -->
+
+## Operator sponsors
+
+*$100 per month. Priority bug triage and a monthly group office-hours call.*
+
+<!-- OPERATOR_LIST_START -->
+*Reserved.*
+<!-- OPERATOR_LIST_END -->
+
+## Builder sponsors
+
+*$25 per month. Early-access changelog and a vote on quarterly roadmap polls.*
+
+<!-- BUILDER_LIST_START -->
+*Reserved.*
+<!-- BUILDER_LIST_END -->
+
+## Backers
+
+*$5 per month. Sponsor badge on your GitHub profile and a name in this file.*
+
+<!-- BACKER_LIST_START -->
+*Reserved.*
+<!-- BACKER_LIST_END -->
+
+## One-time sponsors
+
+*One-time contributions across the published tiers, including release-note mentions and architecture reviews.*
+
+<!-- ONETIME_LIST_START -->
+*Reserved.*
+<!-- ONETIME_LIST_END -->
+
+---
+
+## How this list is maintained
+
+Sponsors are added by hand on first payment until a webhook bot lands. To opt out of public listing, leave a note in your sponsor message and your support will be kept private.
+
+The marker comments above (for example `<!-- COMMERCIAL_LIST_START -->`) are intentional. A future automation pipeline reads them to insert sponsor entries without touching the surrounding prose.
+
+Order within a tier is reverse-chronological by sponsorship start date.
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
new file mode 100644
index 0000000..d8f986b
--- /dev/null
+++ b/CONTRIBUTORS.md
@@ -0,0 +1,54 @@
+# Contributors
+
+Zagrosi is the work of the people listed here. Code contributors, design reviewers, security disclosers, founding sponsors, and the wider community of testers and triagers all share the same page.
+
+Code contributors license their work to the maintainer under dual-license terms: AGPLv3 plus an optional commercial license offered to enterprise sponsors. A formal Contributor License Agreement covering this assignment is forthcoming. See [`CONTRIBUTING.md`](CONTRIBUTING.md) for the full workflow.
+
+---
+
+## Maintainer
+
+The lead maintainer goes by the GitHub handle `MicrosoftWindows96`.
+
+## Code contributors
+
+*Listed in order of first merged contribution.*
+
+<!-- CODE_CONTRIBUTORS_START -->
+*No external code contributors yet. Code contribution opens up after the foundation phase ships.*
+<!-- CODE_CONTRIBUTORS_END -->
+
+## Founding sponsors
+
+*Founding Sponsor recognition is reserved for the first wave of supporters once a one-time Founding Sponsor tier is published. Until then, recurring sponsors at every tier are listed in [BACKERS.md](BACKERS.md).*
+
+<!-- FOUNDING_SPONSORS_START -->
+*Reserved.*
+<!-- FOUNDING_SPONSORS_END -->
+
+## Security researchers
+
+*Reported security issues responsibly under the project's disclosure policy.*
+
+<!-- SECURITY_DISCLOSERS_START -->
+*Reserved.*
+<!-- SECURITY_DISCLOSERS_END -->
+
+## Triage and design reviewers
+
+*Filed structured bug reports, reviewed design notes, or moderated discussions.*
+
+<!-- REVIEWERS_START -->
+*Reserved.*
+<!-- REVIEWERS_END -->
+
+---
+
+## How to be added
+
+- **Code contributors** are added by the maintainer when the first pull request lands. The CLA must be signed and the DCO trailer must be present on every commit.
+- **Sponsors** appear in [BACKERS.md](BACKERS.md). Founding Sponsors carry over here once that one-time tier is live.
+- **Security researchers** are added on resolution of a coordinated disclosure. See [`SECURITY.md`](SECURITY.md) for the disclosure flow.
+- **Triage and design reviewers** are nominated by the maintainer based on sustained, public, recognisable contribution.
+
+To opt out of public listing, leave a note when sponsoring or filing a contribution and your involvement will be kept private.