chore(ci): add spdx license headers

SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES
SPDX-License-Identifier: Apache-2.0
Signed-off-by: Cory Rylan <crylan@nvidia.com>

Author: coryrylan

.claude/settings.json

@@ -17,13 +17,15 @@
       "mcp__elements__packages_list",
       "mcp__elements__packages_get",
       "mcp__elements__packages_changelogs_get",
-      "mcp__MaaS-GitLab__gitlab_list_pipelines_jobs",
-      "mcp__MaaS-GitLab__gitlab_list_issues",
-      "mcp__MaaS-GitLab__gitlab_get_issue",
       "WebFetch(domain:code.claude.com)"
     ]
   },
-  "enabledMcpjsonServers": ["elements"],
+  "enabledMcpjsonServers": [
+    "elements"
+  ],
+  "enabledPlugins": {
+    "frontend-design@claude-plugins-official": false
+  },
   "hooks": {
     "SessionStart": [
       {

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/ci.yml

@@ -0,0 +1,157 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          lfs: true
+      - uses: pnpm/action-setup@v4
+        with:
+          run_install: false
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: './.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'pnpm'
+      # - uses: google/wireit@setup-github-actions-caching/v2
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm exec playwright install --with-deps chromium
+      - name: Run CI checks
+        env:
+          ELEMENTS_PAGES_BASE_URL: ${{vars.ELEMENTS_PAGES_BASE_URL}}
+          ELEMENTS_REGISTRY_URL: ${{vars.ELEMENTS_REGISTRY_URL}}
+          ELEMENTS_REPO_BASE_URL: ${{vars.ELEMENTS_REPO_BASE_URL}}
+        run: PAGES_BASE_URL="/elements/" pnpm run ci && PAGES_BASE_URL="/elements/" node ./projects/internals/ci/cache-validate.js ci
+      - name: Write CI job summary
+        if: always()
+        run: node ./projects/internals/ci/ci-summary.js >> "$GITHUB_STEP_SUMMARY"
+      - name: Upload build artifacts
+        if: github.event_name == 'push'
+        uses: actions/upload-artifact@v7
+        with:
+          name: build-artifacts
+          retention-days: 1
+          path: |
+            projects/core/dist
+            projects/core/package.json
+            projects/forms/dist
+            projects/forms/package.json
+            projects/styles/dist
+            projects/styles/package.json
+            projects/themes/dist
+            projects/themes/package.json
+            projects/lint/dist
+            projects/lint/package.json
+            projects/cli/dist
+            projects/cli/package.json
+            projects/code/dist
+            projects/code/package.json
+            projects/create/dist
+            projects/create/package.json
+            projects/markdown/dist
+            projects/markdown/package.json
+            projects/media/dist
+            projects/media/package.json
+            projects/monaco/dist
+            projects/monaco/package.json
+            projects/pages/dist
+      - name: Upload pages artifact
+        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+        uses: actions/upload-pages-artifact@v5
+        with:
+          path: projects/pages/dist
+
+  lighthouse:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          lfs: true
+      - uses: pnpm/action-setup@v4
+        with:
+          run_install: false
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: './.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'pnpm'
+      # - uses: google/wireit@setup-github-actions-caching/v2
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm exec playwright install --with-deps chromium
+      - name: Run Lighthouse tests
+        run: WIREIT_FAILURES=kill pnpm run lighthouse && node ./projects/internals/ci/cache-validate.js lighthouse && node ./projects/internals/ci/metrics.lighthouse.js
+      - name: Write lighthouse job summary
+        if: always()
+        run: node ./projects/internals/ci/lighthouse-summary.js >> "$GITHUB_STEP_SUMMARY"
+
+  release:
+    needs: ci
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      deployments: write
+      pull-requests: write
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          lfs: true
+          ref: main
+          # Use RELEASE_TOKEN so the persisted git credentials match the token
+          # semantic-release pushes with — otherwise the default GITHUB_TOKEN's
+          # http.extraheader overrides @semantic-release/git's push auth.
+          token: ${{secrets.RELEASE_TOKEN}}
+      - uses: pnpm/action-setup@v4
+        with:
+          run_install: false
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: './.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'pnpm'
+      - run: pnpm install --frozen-lockfile
+      - name: Download build artifacts
+        uses: actions/download-artifact@v8
+        with:
+          name: build-artifacts
+          path: projects
+      - name: Release
+        env:
+          # RELEASE_TOKEN must be a PAT or GitHub App token with contents:write and
+          # bypass permission for main's branch protection rules. The default
+          # GITHUB_TOKEN cannot push tags/release commits to a protected branch.
+          GITHUB_TOKEN: ${{secrets.RELEASE_TOKEN}}
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+        run: WIREIT_PARALLEL=1 WIREIT_LOGGER=metrics pnpm run release
+
+  deploy-pages:
+    needs: ci
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{steps.deployment.outputs.page_url}}
+    concurrency:
+      group: pages
+      cancel-in-progress: false
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v5

CODE_OF_CONDUCT.md

@@ -0,0 +1,84 @@
+# Contributor Covenant Code of Conduct
+
+## Overview
+
+Define the code of conduct followed and enforced for Elements
+
+### Intended audience
+
+Community | Developers | Project Leads
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting <GitHub_Conduct@nvidia.com>. All complaints will be reviewed and
+investigated and will result in a response that is deemed necessary and appropriate
+to the circumstances. The project team is obligated to maintain confidentiality with
+regard to the reporter of an incident. Further details of specific enforcement policies
+may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at <https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+<https://www.contributor-covenant.org/faq>

CONTRIBUTING.md

@@ -0,0 +1,38 @@
+# Developer Certificate of Origin
+
+All contributions to this project must adhere to the requirements of the [Developer Certificate of Origin](https://developercertificate.org/).
+
+## Signing Your Work
+
+We require that all contributors sign-off on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license. Any contribution which contains commits that do not have the Signed-off-by trailer will not be accepted.
+
+To sign off on a commit you must use the `--signoff` (or `-s`) option when committing your change:
+``` shell
+git commit -s -m "feat: Add some feature."
+```
+
+This will append the following trailer to your commit message:
+``` text
+Signed-off-by: Your Name <yourname@example.com>
+```
+
+---
+
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+
+Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
+
+(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
+
+(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.