186 lines
3.8 KiB
Markdown
186 lines
3.8 KiB
Markdown
# Contributing to RMI Backend
|
|
|
|
Thank you for your interest in contributing to RMI! This is a commercial security product, and we take security seriously. Please read this guide carefully.
|
|
|
|
## Table of Contents
|
|
|
|
- [Development Environment](#development-environment)
|
|
- [Code Style](#code-style)
|
|
- [Security Requirements](#security-requirements)
|
|
- [Testing](#testing)
|
|
- [Pull Request Process](#pull-request-process)
|
|
- [Release Process](#release-process)
|
|
|
|
## Development Environment
|
|
|
|
### Prerequisites
|
|
|
|
- Python 3.11+
|
|
- [uv](https://github.com/astral-sh/uv) for package management
|
|
- Docker for local development
|
|
- Tailscale for secure server access
|
|
|
|
### Setup
|
|
|
|
```bash
|
|
# Clone the repository
|
|
git clone git@github.com:crypto-rug-muncher/rugmuncher-backend.git
|
|
cd rugmuncher-backend
|
|
|
|
# Install dependencies
|
|
uv sync --frozen
|
|
|
|
# Set up environment
|
|
cp .env.example .env
|
|
# Edit .env with your local credentials
|
|
|
|
# Run linter
|
|
ruff check .
|
|
|
|
# Run type checker
|
|
mypy app/
|
|
|
|
# Run tests
|
|
pytest tests/unit/
|
|
```
|
|
|
|
## Code Style
|
|
|
|
### Python
|
|
|
|
- **Format**: Black with 88-character lines
|
|
- **Lint**: Ruff with `--select=E,F,I,S,W` rules
|
|
- **Types**: Full type hints on all public functions
|
|
- **Imports**: Isort with `known_first_party=app`
|
|
|
|
### Commit Messages
|
|
|
|
```
|
|
<type>(<scope>): <subject>
|
|
|
|
<body>
|
|
|
|
<footer>
|
|
```
|
|
|
|
Types: `feat`, `fix`, `refactor`, `test`, `docs`, `chore`, `perf`
|
|
|
|
Examples:
|
|
```
|
|
feat(auth): add JWT token validation middleware
|
|
fix(scanner): handle empty response from DexScreener
|
|
refactor(databus): consolidate provider initialization
|
|
```
|
|
|
|
## Security Requirements
|
|
|
|
### Zero Tolerance
|
|
|
|
1. **No secrets in code** - API keys, tokens, passwords never in source
|
|
2. **No debug logging** - Remove print statements, use structlog
|
|
3. **No bare except clauses** - Always catch specific exceptions
|
|
4. **No sync HTTP calls** - Use httpx async for all external calls
|
|
|
|
### Security Checklist
|
|
|
|
Before merging, verify:
|
|
|
|
- [ ] No hardcoded secrets (run `gitleaks check`)
|
|
- [ ] All except clauses are explicit (run `grep -r "except:"`)
|
|
- [ ] All HTTP calls are async (run `grep -r "import requests"`)
|
|
- [ ] Type hints on all public functions
|
|
- [ ] Lint passes (`ruff check .`)
|
|
- [ ] Type check passes (`mypy app/`)
|
|
|
|
### Reporting Vulnerabilities
|
|
|
|
**DO NOT OPEN A PUBLIC ISSUE.** Email security@rugmunch.io with:
|
|
- Type of vulnerability
|
|
- Affected endpoint/component
|
|
- Steps to reproduce
|
|
- Proof of concept (if available)
|
|
- Impact assessment
|
|
|
|
Response time: Within 24 hours.
|
|
|
|
## Testing
|
|
|
|
### Unit Tests
|
|
|
|
```bash
|
|
pytest tests/unit/ -v
|
|
```
|
|
|
|
### Integration Tests
|
|
|
|
```bash
|
|
pytest tests/integration/ -v
|
|
```
|
|
|
|
### Test Requirements
|
|
|
|
- All new features need tests
|
|
- Bug fixes need regression tests
|
|
- Cover edge cases and error conditions
|
|
- Use pytest fixtures for test data
|
|
|
|
## Pull Request Process
|
|
|
|
1. **Create a feature branch**
|
|
```bash
|
|
git checkout -b feature/your-feature
|
|
```
|
|
|
|
2. **Make your changes**
|
|
- Follow code style guidelines
|
|
- Add tests for new functionality
|
|
- Update documentation as needed
|
|
|
|
3. **Run checks**
|
|
```bash
|
|
ruff check . --fix
|
|
mypy app/
|
|
pytest tests/unit/
|
|
```
|
|
|
|
4. **Commit your changes**
|
|
```bash
|
|
git commit -m "feat(scope): add your feature"
|
|
```
|
|
|
|
5. **Push and create PR**
|
|
```bash
|
|
git push origin feature/your-feature
|
|
# Create PR on GitHub
|
|
```
|
|
|
|
6. **PR Review**
|
|
- At least one maintainer review required
|
|
- All checks must pass
|
|
- No new lint/type errors introduced
|
|
|
|
## Release Process
|
|
|
|
1. **Tag release**
|
|
```bash
|
|
git checkout main
|
|
git pull
|
|
git tag -a v1.2.3 -m "Release v1.2.3"
|
|
git push origin main --tags
|
|
```
|
|
|
|
2. **Create release notes**
|
|
- Summarize changes
|
|
- Note breaking changes
|
|
- List contributors
|
|
|
|
3. **Deploy**
|
|
- CI/CD automatically deploys to production
|
|
- Monitor logs for errors
|
|
- Run smoke tests
|
|
|
|
## Questions?
|
|
|
|
- Open an issue for bugs/features
|
|
- Email security@rugmunch.io for security questions
|
|
- Check docs/ for API documentation
|