Contributions should improve one or more of the following:
- finding quality
- parser correctness
- reporter stability
- developer experience
- documentation clarity
- operational maturity
Read:
- AGENTS.md
- PRD.md
- ARCHITECTURE.md
- docs/sop/development-workflow.md
- docs/sop/rule-authoring.md if you are adding or changing rules
- documentation
- parser
- rule
- reporter
- CLI or platform
- policy and baseline
Every non-trivial contribution should include:
- problem statement
- scope of change
- tests or fixtures
- docs updates if behavior changed
- explicit note of any security implications
- code and docs align
- tests pass
- new behavior is covered by fixtures
- project memory updated for material changes
- stable rule ID
- deterministic behavior
- rationale and remediation text
- positive and negative fixtures
- false positive analysis in the PR description
- update linked source-of-truth docs if behavior changes
- avoid aspirational claims that are not implemented
- prefer plain language and examples
- keep changes narrow and reviewable
- separate mechanical refactors from behavioral changes
- document any assumptions that affect severity or policy