initial commit

Author: CodeMeAPixel

.github/CODEOWNERS

@@ -0,0 +1 @@
+*     @CodeMeAPixel

.github/CONTRIBUTING.md

@@ -0,0 +1,44 @@
+# Contributing to pxCommands
+
+## Reporting Issues
+
+- Use the issue tracker on GitHub: https://github.com/CodeMeAPixel/pxCommands
+- Include reproduction steps, FXServer version, and framework (if applicable).
+- For security issues, see [SECURITY.md](SECURITY.md).
+
+## Submitting Changes
+
+1. Fork the repository.
+2. Create a feature branch: `git checkout -b feature/your-feature`.
+3. Make clean, atomic commits with clear messages.
+4. Ensure no debug logs or test code remains.
+5. Submit a pull request with a clear description of changes.
+
+## Code Standards
+
+- Use 4-space indentation.
+- Keep functions focused and readable.
+- Avoid adding slop/bloat (excessive comments, debug output, unused code).
+- Server-side validation is mandatory for security-sensitive features.
+- Document breaking changes in PR description.
+
+## Command Pack Guidelines
+
+When contributing command packs:
+- Place the pack in `commands/yourpackname.lua`.
+- Use the `CommandPack()` helper from `system/server/pre.lua`.
+- Include inline documentation of command parameters.
+- Test thoroughly before submission (especially admin checks).
+- Avoid hardcoded player IDs or resource paths in command logic.
+
+## Testing
+
+Before submitting:
+- Test on a clean server with your target framework.
+- Verify ACL/admin checks work as expected.
+- Check that command help text displays correctly.
+- Ensure no console errors or warnings appear.
+
+## License
+
+By contributing, you agree that your code will be licensed under AGPL-3.0 (same as the project).

.github/FUNDING.yml

@@ -1,2 +1,3 @@
-github: TheRealToxicDev
-custom: toxicdev.me
+patreon: codemeapixel
+github: CodeMeAPixel
+ko_fi: codemeapixel

.github/SECURITY.md

@@ -0,0 +1,65 @@
+# Security Policy
+
+## Reporting Security Issues
+
+If you discover a security vulnerability in pxCommands, please report it responsibly by emailing **hey@codemeapixel.dev** instead of using public issue trackers.
+
+### What to Include
+
+When reporting a vulnerability, provide:
+- A clear description of the issue and its impact.
+- Affected versions or configurations.
+- Steps to reproduce the vulnerability.
+- Proof-of-concept code (if applicable).
+- Suggested remediation (optional).
+
+### Response Timeline
+
+We aim to:
+- Acknowledge receipt within 48 hours.
+- Provide an initial assessment within 5 days.
+- Release a patched version within 14 days for critical issues.
+- Credit you in release notes (unless you request anonymity).
+
+## Security Best Practices for Users
+
+### Server Configuration
+
+1. **Enable ACL enforcement** — Use FXServer's ACL system for robust admin control in standalone mode.
+2. **Validate framework settings** — Ensure `framework` in `settings.lua` matches your actual server setup.
+3. **Restrict database access** — Use role-based database credentials (ESX/QBCore).
+4. **Keep FXServer updated** — Minimum version 1226 or newer recommended.
+
+### Command Pack Safety
+
+1. **Review external packs** — Audit command packs from third-party sources before deployment.
+2. **Sandbox testing** — Test new command packs on a staging server first.
+3. **Monitor logs** — Enable logging and regularly review server logs for suspicious activity.
+
+### Development
+
+1. **Input validation** — Always validate user input on the server side; never trust client checks.
+2. **Use parameterized queries** — Avoid string concatenation in SQL; use prepared statements.
+3. **Rate limiting** — Implement cooldowns for commands that consume resources or trigger actions.
+4. **Audit trails** — Log sensitive admin actions (bans, kicks, teleports) with timestamps and source.
+
+## Known Limitations
+
+- pxCommands does not enforce encryption for command data in transit; use HTTPS proxies if needed.
+- Custom command packs execute with full resource permissions; vet all code before deployment.
+- vRP compatibility (if used) relies on vRP's admin framework; misconfiguration there affects pxCommands security.
+
+## Supported Versions
+
+Security fixes are applied to the latest release. Older versions may not receive patches; users are encouraged to update regularly.
+
+## Scope
+
+This policy applies to:
+- Core pxCommands framework code.
+- Included modules (overhead text, proximity).
+
+This policy does not apply to:
+- Third-party command packs.
+- FXServer or framework bugs (report those upstream).
+- Operational configuration issues.

.gitignore

@@ -0,0 +1 @@
+.ideas

CHANGELOG.md

@@ -0,0 +1,49 @@
+# Changelog
+
+## [0.1.0] — 02-09-2026
+
+### Added
+- GitHub Releases-based version checking (replaces local version file)
+- Development build detection ("dev" when no releases exist)
+- GitHub API integration for update checking and autoupdate
+- Comprehensive documentation reorganization (.github/, docs/)
+- MIGRATION.md guide in docs/ for upgrade path from chat_commands
+- Proper system/config.lua with structured Config table
+- `Config.Framework` single string field for framework selection (replaces booleans)
+- `Config.Formatting.*` for show_id and useFrameworkName options
+- `Config.Callbacks.onCommandExecuted` hook for command audit logging
+- `Config.AdminCheck` callback for custom admin logic
+- Example command pack in `commands/example.lua`
+- QBCore export validation to prevent nil errors
+- Modern `fxmanifest.lua` (cerulean format)
+- Support for ESX, QBCore, QBox, and standalone frameworks
+- Modular architecture with clean separation of concerns
+- pxCommands event namespace throughout
+- Enhanced SECURITY.md policy
+- Contributing guidelines
+
+### Changed
+- Rebranded from `chat_commands` to `pxCommands`
+- Updated repository to https://github.com/CodeMeAPixel/pxCommands
+- Contact updated to hey@codemeapixel.dev
+- Version system now checks GitHub Releases API instead of local file
+- Autoupdate redirects to GitHub releases instead of file updates
+- Documentation reorganized: `.github/` for repo docs, `docs/` for guides
+- Replaced global `SETTINGS` with structured `Config` table
+- settings.lua now acts as override/customization file instead of config source
+- Improved framework detection with explicit export checking
+- Enhanced logging with config-aware defaults
+- README.md moved to .github/ (GitHub auto-discovers)
+
+### Fixed
+- Fixed variable scope issue in ESX command registration (raw variable)
+- QBCore initialization now properly checks for export existence before use
+- Removed busy-wait loops in version check
+- Dead links and outdated documentation removed
+- Updated all doc cross-references to point to correct paths
+
+### Removed
+- Static version file from version checks (now uses GitHub releases)
+- vRP compatibility (deprecated; use ESX, QBCore, or QBox)
+- Old toxicdev.me documentation references
+- Corrupted dual-content in README