Thank you for contributing! This guide covers the full contributor workflow: environment setup, finding work, opening pull requests, and code standards.
Read the README and Architecture for product context first.
- Ways to contribute
- Glossary
- Development setup
- Finding work
- Contribution workflow
- Branching and commits
- Coding standards
- Testing
- Documentation
- Security
- License
This checklist is designed for first-time contributors to help you get started quickly and smoothly. It links to the more detailed sections below for further guidance.
- Read the Architecture and Setup documentation.
- Clone the repository or fork it to your local machine.
- Run the installation commands as detailed in the Development Setup / SETUP.md.
- Verify that your local builds succeed.
- Find an issue to work on (look for
good first issue) via Finding Work. - Create a new branch following the conventions in Branching and Commits.
- Make your change and ensure it is as small as possible to satisfy the issue.
- Run local checks and tests (see Testing).
- Open a Pull Request and respond to feedback.
| Area | Examples |
|---|---|
| Contract | Proposal lifecycle improvements, owner rotation, spending limits, gas optimizations |
| Frontend | Freighter wallet integration, real-time event feed, mobile UI, accessibility |
| Testing | Additional contract tests, property-based tests, E2E UI tests |
| Documentation | Diagrams, video walkthroughs, API reference improvements |
| Reviews | Thoughtful PR reviews with concrete suggestions |
| Infrastructure | CI improvements, Dependabot config, deployment scripts |
See docs/SETUP.md for a step-by-step guide across macOS, Linux, and Windows (WSL2).
- Check the GitHub Issues tab for open issues.
- Issues tagged
good first issueare scoped for new contributors. - Issues tagged
drips-waveare eligible for Stellar Drips Wave rewards. - Comment on an issue before starting to avoid duplicated effort.
- Do not start work on an issue that is already assigned or actively being addressed.
- Fork the repository (or clone if you have direct access).
- Create a branch from
mainusing the naming conventions below. - Implement the smallest change that satisfies the issue, with tests.
- Run local checks (see Testing).
- Open a pull request into
mainwith a clear title and description. - Respond to review feedback promptly — maintainers aim to review within 3 business days.
| Prefix | Use Case | Example |
|---|---|---|
feat/ |
New feature | feat/freighter-wallet |
fix/ |
Bug fix | fix/approval-counter |
contract/ |
Contract changes | contract/proposal-expiry |
docs/ |
Documentation | docs/architecture-diagram |
chore/ |
Config, CI, tooling | chore/dependabot-config |
test/ |
Tests only | test/execute-edge-cases |
- Use imperative mood:
Add,Fix,Update— notAdded,Fixed - Keep the subject line ≤ 72 characters
- Add a blank line + body when explaining a non-obvious "why"
Include:
- What changed (high level)
- Why it was needed — link the issue (
Fixes #NorRefs #N) - How to verify — commands run, screenshots for UI changes
- Risks / follow-ups — known limitations, deferred work
Use Draft PRs for early feedback when the change is not yet polished.
- Avoid
any— use explicit types and narrow unions. - Prefer small, composable components; lift state only as high as needed.
- Use semantic HTML and label all form controls (accessibility).
- Follow existing Tailwind patterns; avoid one-off inline styles.
- Use
BigInt(notNumber) for all on-chain token amounts — see Architecture.
- Name storage keys, types, and public functions clearly.
- Document non-obvious invariants in comments near the enforcement point.
- Return typed errors (
ContractError) — never panic on user-controlled inputs. - Use
checked_add/checked_subfor all arithmetic; returnArithmeticErroron overflow. - Extend TTLs (
bump_instance/bump_persistent) whenever you read from storage.
- Match the style of surrounding code.
- Do not commit private keys, seed phrases, or
.envfiles. - Do not add production-network values (mainnet RPC URLs, mainnet contract IDs) to the codebase.
Run these checks before opening a PR:
# Contract
cd contracts/accord
cargo fmt --check
cargo clippy -- -D warnings
cargo test
# Frontend (from repo root)
cd frontend
npm run lint
npm run buildAll checks must pass (exit 0) before a PR can be merged.
- Add tests in
contracts/accord/src/test.rs. - Test positive paths (happy flow) AND negative paths (error cases).
- Use
env.mock_all_auths()for simplicity orenv.mock_auths()when testing auth specifics. - Set ledger timestamps explicitly with
env.ledger().set(...)for deadline-sensitive tests.
The project currently uses manual verification for UI changes. If you add a test runner (vitest, @testing-library/react), update this section and the CI workflow.
- Update
README.mdwhen setup steps, prerequisites, or architecture changes. - Update
docs/CONTRACT_API.mdwhen adding or changing contract functions. - Update
docs/ARCHITECTURE.mdfor structural changes to data flow or storage layout. - For small behavior changes, a clear PR description is sufficient.
Do not open public GitHub issues for unfixed security vulnerabilities.
Use GitHub's private Security Advisory flow (Security tab → "Report a vulnerability"). See docs/SECURITY.md for full disclosure policy.
By contributing, you agree your contributions are licensed under the MIT license. See LICENSE.