feat: initial public release

ConsentOS — a privacy-first cookie consent management platform.

Self-hosted, source-available alternative to OneTrust, Cookiebot, and
CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google
Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant
architecture with role-based access, configuration cascade
(system → org → group → site → region), dark-pattern detection in
the scanner, and a tamper-evident consent record audit trail.

This is the initial public release. Prior development history is
retained internally.

See README.md for the feature list, architecture overview, and
quick-start instructions. Licensed under the Elastic Licence 2.0 —
self-host freely; do not resell as a managed service.

CONTRIBUTING.md

@@ -0,0 +1,118 @@
+# Contributing to ConsentOS
+
+Thanks for your interest in contributing! This document explains how to get started.
+
+## Code of Conduct
+
+This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.
+
+## Getting Started
+
+### Prerequisites
+
+- Docker and Docker Compose v2.15+
+- Node.js 20+
+- Python 3.12+
+- [uv](https://docs.astral.sh/uv/) (Python package manager)
+
+### Local Setup
+
+```bash
+# Clone the repository
+git clone https://github.com/consentos/consentos.git
+cd consentos
+
+# Copy the example environment file
+cp .env.example .env
+
+# Start all services
+make up
+
+# Run database migrations
+make migrate
+
+# Seed the known cookies database
+make seed
+
+# Verify everything is running
+# API:      http://localhost:8000/docs
+# Admin UI: http://localhost:5173
+# CDN:      http://localhost:8080
+```
+
+### Running Tests
+
+```bash
+# Start test infrastructure (PostgreSQL + Redis)
+make test-infra-up
+
+# Run API tests
+make test
+
+# Run with coverage
+make test-cov
+
+# Run banner tests
+cd apps/banner && npm test
+
+# Run admin UI tests
+cd apps/admin-ui && npm test
+
+# Stop test infrastructure
+make test-infra-down
+```
+
+## Making Changes
+
+### Branch Naming
+
+Create a branch from `master` using the convention:
+
+```
+<type>/<short-description>
+```
+
+Examples: `feat/add-geo-rules`, `fix/consent-cookie-expiry`, `docs/api-examples`
+
+### Commit Messages
+
+We use [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+feat: add regional consent mode overrides
+fix: correct TC string encoding for vendor consents
+docs: document compliance rule engine
+chore: update Python dependencies
+refactor: simplify cookie classification pipeline
+test: add integration tests for scanner API
+```
+
+### Code Standards
+
+- **Python:** Type hints everywhere. Linted with Ruff, type-checked with MyPy (strict mode)
+- **TypeScript:** Strict mode enabled. Linted with ESLint
+- **SQL:** CTEs over subqueries, explicit column lists (no `SELECT *`)
+- **Language:** British English in all prose, comments, and UI strings
+
+### Before Submitting
+
+1. Run `make check` (lint + tests) and ensure it passes
+2. Add or update tests for any changed behaviour
+3. Ensure no secrets or credentials are committed
+
+## Pull Requests
+
+- Keep PRs focused — one logical change per PR
+- Write a clear title (under 70 characters) and description
+- Link to any related issues
+- All CI checks must pass before merge
+- PRs require at least one approving review
+
+## Reporting Issues
+
+- Use [GitHub Issues](https://github.com/consentos/consentos/issues) for bugs and feature requests
+- For security vulnerabilities, see [SECURITY.md](SECURITY.md)
+
+## Licence
+
+By contributing, you agree that your contributions will be licensed under the [Elastic License 2.0](LICENSE).