Thanks for your interest in contributing. This project currently prioritizes a local-only release scope and strict review controls.
- Local-first behavior is the default and required baseline.
- Do not add or enable external sync/network transport features in this release line.
- Keep changes minimal, testable, and easy to review.
- Search existing issues and pull requests to avoid duplicate work.
- Open an issue first for large or design-changing proposals.
- For security-sensitive findings, do not open a public issue. Use a private channel instead.
- Fork and clone the repository.
- Install dependencies:
npm ci npm --prefix webview ci
- Build:
npm run build:all
- Test:
npm run test
All changes must be submitted by pull request.
- Target branch:
main - Keep PRs small and focused
- Include clear summary and verification steps
- Pass required checks (including
dependency-gate) - Ensure no-network guard passes:
npm run no-network:guard
Please use the PR template checklist and complete all applicable items.
By contributing, you certify you have the right to submit the work under the project license. Please sign off each commit with:
Signed-off-by: Your Name <your-email@example.com>
Git shortcut:
git commit -s -m "your message"- Follow existing architecture and naming conventions.
- Do not include secrets, keys, tokens, personal data, or machine-specific absolute paths.
- Update docs when behavior or public usage changes.
- If tests are skipped, state why in the PR.
By submitting a contribution, you agree that your contribution is licensed under the Apache License 2.0.
For private/security reports, use the project private channel listed in the README. Do not disclose exploit details in public issues before maintainers respond.