Thanks for your interest in contributing.
Prerequisites: Install devbox. This repo uses devbox to manage tools and dependencies.
-
Fork and clone the repository.
-
Install dependencies:
devbox run -- pnpm install --frozen-lockfile
-
Build and run tests before opening a pull request:
devbox run -- pnpm run format:check devbox run -- pnpm run lint devbox run -- pnpm run check-types devbox run -- pnpm run build
-
Run security scan for the changes you added
devbox run -- just security-scan
- Keep changes focused and small when possible.
- Add tests for behavioral or security-sensitive changes.
- Update docs when user-facing behavior changes.
- Follow existing package and workflow conventions.
- Use a clear title that explains intent.
- Include a concise summary and test plan.
- Link related issues when applicable.
Do not disclose security vulnerabilities publicly.
Report them through the security policy in SECURITY.md.