Thank you for improving Sentris Flow. This guide keeps contributions consistent, reviewable, and compliant with our legal and security expectations.
- Fork or branch from
main. - Keep subjects in Conventional Commit style (e.g.,
feat:,fix:,docs:) and reference the issue/milestone where relevant. - Run the core gates before opening a PR:
bun run test,bun run lint, andbun run typecheck. Call out any intentional gaps in the PR description. - For backend integrations, prefer targeted checks when needed:
bun --cwd backend run migration:smoke. - If you touch workflows or contracts, update fixtures/docs under
docs/as needed.
AGENTS.md— repo layout, commands, testing gates, and PR expectations.- Component patterns —
docs/development/component-development.mdx(isolated volume requirement);worker/src/utils/COMPONENTS_TO_MIGRATE.mdfor migration status.
We require a DCO sign-off on every commit. Use git commit -s so Git appends a Signed-off-by: Name <email> line. If you forgot to sign off, amend and force-push the branch:
git commit --amend -s
git push --force-with-leaseThe repository enforces a DCO status check on pull requests; unsignoffed commits will fail CI until corrected.
- Tests, lint, and type checks pass (or documented exceptions).
- New or changed behaviour is covered with tests near the code (
__tests__,*.spec.ts/*.test.ts). - Docs/runbooks updated when contracts, workflows, or operational steps change.
- Keep workflow/run identifiers in the
sentris-run-*shape and reuse shared Zod schemas from@sentris/sharedinstead of ad-hoc types. - Screenshots or trace snippets included for UI/observability changes when helpful.
- Keep diffs focused and avoid unrelated formatting churn.
- Explain risk areas and validation performed in the PR description.
- If a check is flaky or blocked, note it explicitly so reviewers know what was attempted.
- Avoid committing secrets; prefer
.env.exampleupdates for new settings. - For vulnerability reports, follow the process in
SECURITY.md(private disclosure first). - Components that interact with Docker must follow the isolated volume pattern described in
packages/component-sdk/anddocs/development/component-development.mdx.
- Open a GitHub discussion/issue with module context (frontend/backend/worker/packages).
- Internal team: share blocking details (logs, run IDs, Loki queries) in the PR or chat to speed triage.