Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Contribution Guidelines

Thank you for your interest in contributing to MindSafe. As a security-focused project, we maintain high standards for code quality, memory safety, and cryptographic implementation.

The Transparency Pact

As noted in our Transparency Disclosure, MindSafe is approximately 80% human-written. To maintain the integrity of our security model:

  • Logic & Security: We require all core logic, encryption flows, and database interactions to be human-audited.
  • AI Assistance: You may use AI for generating boilerplate, unit test structures, or UI layouts. However, any AI-generated code must be clearly identified in your Pull Request (PR) description and thoroughly audited by the contributor before submission.

Security-First Contributions

If your contribution affects the crypto, auth, or database modules:

  1. No Proprietary Cryptography: Do not implement custom “rolled” encryption. We only accept industry-standard primitives (e.g., RustCrypto crates).
  2. Zeroization: Ensure any new sensitive buffers (passwords, keys, plaintext) are wrapped in zeroizing containers to prevent memory leaks.
  3. Audit Requirement: PRs involving security logic require a “deep dive” review. Expect detailed questions regarding memory safety and side-channel resistance.

Development Workflow

1. Branching Strategy

  • main: The stable, production-ready branch. Never push directly to main.
  • stage: The integration branch for upcoming releases.
  • feature/your-feature: Create a descriptive branch from stage for your changes.

2. Pull Request Process

  1. Sync: Ensure your branch is rebased against the latest stage branch.
  2. Test: Run cargo test and ensure all suites pass. (if available)
  3. Lint: Run cargo fmt and cargo clippy. We do not accept PRs with clippy warnings in the core logic.
  4. Description: Your PR must include:
    • A summary of changes.
    • The problem it solves.
    • A disclosure of which parts (if any) used AI assistance.

Code Style

  • Follow standard Rust API Guidelines.
  • Use descriptive naming for variables and functions.
  • Document all public functions and structs using /// doc comments (this helps our mdBook generation).

Reporting Vulnerabilities

Do not open a public Issue for security vulnerabilities. If you discover a security flaw, please follow the instructions in our SECURITY.md file to report it privately to the maintainers. This allows us to coordinate a fix before the vulnerability is made public.

License

By contributing to MindSafe, you agree that your contributions will be licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0).