3.8 KiB
3.8 KiB
Contributing to RMI Backend
Thank you for your interest in contributing to RMI! This is a commercial security product, and we take security seriously. Please read this guide carefully.
Table of Contents
- Development Environment
- Code Style
- Security Requirements
- Testing
- Pull Request Process
- Release Process
Development Environment
Prerequisites
- Python 3.11+
- uv for package management
- Docker for local development
- Tailscale for secure server access
Setup
# Clone the repository
git clone git@github.com:crypto-rug-muncher/rugmuncher-backend.git
cd rugmuncher-backend
# Install dependencies
uv sync --frozen
# Set up environment
cp .env.example .env
# Edit .env with your local credentials
# Run linter
ruff check .
# Run type checker
mypy app/
# Run tests
pytest tests/unit/
Code Style
Python
- Format: Black with 88-character lines
- Lint: Ruff with
--select=E,F,I,S,Wrules - Types: Full type hints on all public functions
- Imports: Isort with
known_first_party=app
Commit Messages
<type>(<scope>): <subject>
<body>
<footer>
Types: feat, fix, refactor, test, docs, chore, perf
Examples:
feat(auth): add JWT token validation middleware
fix(scanner): handle empty response from DexScreener
refactor(databus): consolidate provider initialization
Security Requirements
Zero Tolerance
- No secrets in code - API keys, tokens, passwords never in source
- No debug logging - Remove print statements, use structlog
- No bare except clauses - Always catch specific exceptions
- No sync HTTP calls - Use httpx async for all external calls
Security Checklist
Before merging, verify:
- No hardcoded secrets (run
gitleaks check) - All except clauses are explicit (run
grep -r "except:") - All HTTP calls are async (run
grep -r "import requests") - Type hints on all public functions
- Lint passes (
ruff check .) - Type check passes (
mypy app/)
Reporting Vulnerabilities
DO NOT OPEN A PUBLIC ISSUE. Email security@rugmunch.io with:
- Type of vulnerability
- Affected endpoint/component
- Steps to reproduce
- Proof of concept (if available)
- Impact assessment
Response time: Within 24 hours.
Testing
Unit Tests
pytest tests/unit/ -v
Integration Tests
pytest tests/integration/ -v
Test Requirements
- All new features need tests
- Bug fixes need regression tests
- Cover edge cases and error conditions
- Use pytest fixtures for test data
Pull Request Process
-
Create a feature branch
git checkout -b feature/your-feature -
Make your changes
- Follow code style guidelines
- Add tests for new functionality
- Update documentation as needed
-
Run checks
ruff check . --fix mypy app/ pytest tests/unit/ -
Commit your changes
git commit -m "feat(scope): add your feature" -
Push and create PR
git push origin feature/your-feature # Create PR on GitHub -
PR Review
- At least one maintainer review required
- All checks must pass
- No new lint/type errors introduced
Release Process
-
Tag release
git checkout main git pull git tag -a v1.2.3 -m "Release v1.2.3" git push origin main --tags -
Create release notes
- Summarize changes
- Note breaking changes
- List contributors
-
Deploy
- CI/CD automatically deploys to production
- Monitor logs for errors
- Run smoke tests
Questions?
- Open an issue for bugs/features
- Email security@rugmunch.io for security questions
- Check docs/ for API documentation