CONTRIBUTING.md

🤝 Contributing to Black Trigram (흑괘)

🔐 ISMS Alignment: Contributions follow Hack23 Secure Development Policy and Open Source Policy.

Contributing

Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

Issues and PRs

If you have suggestions for how this project could be improved, or want to report a bug, open an issue! We'd love all and any contributions. If you have questions, too, we'd love to hear them.

We'd also love PRs. If you're thinking of a large PR, we advise opening up an issue first to talk about it, though! Look at the links below if you're not sure how to open a PR.

Submitting a pull request

1. Fork and clone the repository.
2. Configure and install the dependencies: npm install
3. Make sure the tests pass on your machine: npm test
4. Create a new branch: git checkout -b my-branch-name
5. Make your change, add tests, and make sure the tests still pass.
6. Push to your fork and submit a pull request.
7. Pat your self on the back and wait for your pull request to be reviewed and merged.

Here are a few things you can do that will increase the likelihood of your pull request being accepted:

• Write and update tests.
• Keep your changes as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
• Write a good commit message.

Work in Progress pull requests are also welcome to get feedback early on, or if there is something blocked you.

🤖 Using GitHub Copilot

This project is fully configured for GitHub Copilot with comprehensive instructions and custom agents:

Quick Start with Copilot

1. Read the Instructions: Start with .github/copilot-instructions.md for coding patterns and best practices

2. Use Custom Agents: Check .github/agents/README.md for specialized agents:

   • 🛠️ Coding Agent - Feature implementation and bug fixes
   • ⚛️ Frontend Specialist - React 19 and TypeScript
   • 🎮 Game Developer - Three.js game systems
   • 🧪 Testing Agent - Vitest and Cypress tests
   • 📝 Documentation Writer - Technical documentation
   • 🛡️ Security Specialist - Security and dependencies
   • 🔍 Code Review Agent - Code quality reviews

3. MCP Configuration: The project uses Model Context Protocol servers for enhanced capabilities - see .github/COPILOT_MCP_SETUP.md

Development Workflow with Copilot

# Validate your setup
npm run validate:mcp

# Start development with Copilot assistance
npm run dev

# Run checks before committing
npm run check      # TypeScript validation
npm run lint       # Code quality
npm test           # Unit tests

Best Practices

• Follow the patterns in copilot-instructions.md
• Use the appropriate custom agent for your task
• Include Korean-English bilingual text for all user-facing strings
• Add data-testid attributes for testable components
• Follow the React + Three.js (@react-three/fiber) integration patterns
• Maintain 60fps performance targets

🔐 Security Contribution Guidelines

Black Trigram follows Hack23 AB's Secure Development Policy. All contributions must:

Security Requirements

• 🔍 Security Testing: Run security checks before submitting PRs

  npm run check        # TypeScript validation
  npm run lint         # ESLint security rules
  npm test             # Unit tests with security test cases
  npm run test:e2e     # E2E security tests

• 📦 Dependency Security: All new dependencies must:

  • Have no known high/critical vulnerabilities
  • Use exact version pinning (no ^ or ~)
  • Include justification in PR description
  • Pass FOSSA license compliance check

• 🛡️ Secure Coding: Follow secure coding practices:

  • No hardcoded secrets or credentials
  • Input validation for all user inputs
  • Proper error handling (no sensitive data in errors)
  • CSP-compliant code (no inline scripts)
  • Follow OWASP Top 10 guidelines

• 🎯 Vulnerability Reporting: Report security issues via:

  • GitHub Security Advisories
  • Follow SECURITY.md disclosure process
  • Do NOT open public issues for security vulnerabilities

ISMS Policy References

Contributors should be familiar with:

• 🛠️ Secure Development Policy - Security-integrated SDLC standards
• 🔍 Vulnerability Management - Security testing procedures
• 🔓 Open Source Policy - Open source governance
• 📝 Change Management - Risk-controlled changes

Resources

• How to Contribute to Open Source
• Using Pull Requests
• GitHub Help

---

📚 Related Documents

🔐 Security & Compliance

• 🔒 Security Policy - Vulnerability reporting process
• 🛡️ Security Architecture - Security implementation
• 🎯 Threat Model - Security threat analysis
• 📋 CRA Assessment - EU Cyber Resilience Act compliance
• 🗺️ ISMS Reference Mapping - Complete ISMS policy mapping

🛠️ Development

• 🔧 Development Guide - Security features and testing
• 🔄 Workflows - CI/CD security automation
• 📐 Architecture - System design

🧪 Testing

• 🧪 Unit Test Plan - Unit testing strategy
• 🎯 E2E Test Plan - End-to-end testing

---

📋 Document Control:
✅ Approved by: James Pether Sörling, CEO
📤 Distribution: Public
🏷️ Classification:
📅 Effective Date: 2025-01-15
⏰ Next Review: 2025-04-15
🎯 Framework Compliance: