Thank you for your interest in contributing to Decepticon! Whether you're a security researcher, AI engineer, or documentation enthusiast, we welcome your contributions.
- Python 3.13+
- Docker & Docker Compose v2
- Node.js 22+ (for CLI client)
- uv (Python package manager)
git clone https://github.com/PurpleAILAB/Decepticon.git
cd Decepticon
# Start with hot-reload (builds Docker images + watches for source changes)
make dev
# In a separate terminal — open the interactive CLI
make climake test # Run pytest inside container
make test-local # Run pytest locally (requires: uv sync --dev)
make lint # Lint + typecheck locally
make lint-fix # Auto-fix lint issuesUse the Bug Report issue template. Include:
- Steps to reproduce
- Expected vs actual behavior
- Docker and Python version info
Use the Feature Request issue template.
- Fork the repository and create your branch from
main. - Write code following the conventions below.
- Test your changes — ensure
make lintandmake test-localpass. - Commit with clear, descriptive messages using Conventional Commits format:
feat(scope):— new featurefix(scope):— bug fixdocs:— documentation onlychore:— maintenancerefactor:— code restructuring
- Open a PR against
mainwith a clear description of what and why.
- Python: Pydantic v2, Ruff for formatting/linting, basedpyright for type checking
- Line length: 100 characters
- Imports: Absolute imports, public API re-exported through
__init__.py - Logging:
from decepticon.core.logging import get_logger; log = get_logger("module.sub") - Skills: Markdown files in
decepticon/skills/with YAML frontmatter - CLI (TypeScript): Ink.js components in
clients/cli/src/
decepticon/ Python agents, core logic, backends
clients/cli/ Ink.js terminal UI (TypeScript)
decepticon/skills/ Markdown knowledge base for agents
containers/ Dockerfiles
config/ Runtime configuration
scripts/ Installer and utilities
docs/ Documentation
Every packages/decepticon/decepticon/skills/**/SKILL.md file must
conform to the schema in docs/skill-schema.md.
Before opening a PR, run make audit-skills locally and fix any
reported violations. CI runs the same check on every PR.
For the cleanup of legacy skills that pre-date the schema, see docs/skill-cleanup-process.md. New authors writing skills against the schema do not need to read the cleanup process — only the schema doc.
If any material part of your contribution was produced with an AI coding agent (Claude, Codex, Copilot, Cursor, etc.), read CONTRIBUTING_AGENT.md before opening a PR. It restates a few docs/COWORK.md rules in their AI-contributor framing and adds a short self-review checklist. The checklist is not enforced by CI; it is the bar a maintainer reviews against.
Non-obvious architectural decisions — middleware composition order, sandbox transport mechanism, C2 framework selection, network-isolation invariants — are recorded as numbered, append-only ADRs under docs/adr/. See docs/adr/README.md for when to write one and the format. If your PR depends on or reverses an architectural decision, link the ADR from the PR description.
Maintainers: see RELEASE.md for the versioning model and the release process.
If you discover a security vulnerability, please follow our Security Policy instead of opening a public issue.
By contributing, you agree that your contributions will be licensed under the Apache License 2.0.