Welcome to the Mainframe protocol! We're excited to have you contribute to building the future of agent-linked NFTs on Solana.
- Code of Conduct
- Getting Started
- Development Setup
- Development Workflow
- Code Standards
- Security Guidelines
- Testing Requirements
- Pull Request Process
- Community & Support
This project and everyone participating in it is governed by our Code of Conduct. By participating, you are expected to uphold this code.
Before contributing, ensure you have:
- Rust (1.81+)
- Solana CLI (1.18.26+)
- Anchor CLI (0.31.1)
- Node.js (18+)
- Yarn package manager
- Git for version control
-
Fork and Clone
git clone https://github.com/YOUR_USERNAME/maikers-mainframe cd maikers-mainframe -
Install Dependencies
# Install Rust dependencies cargo --version # Install Anchor CLI cargo install --git https://github.com/coral-xyz/anchor avm --locked --force avm install 0.31.1 avm use 0.31.1 # Install JavaScript dependencies yarn install
-
Build the Program
anchor build
-
Run Tests
anchor test
If all tests pass, you're ready to start contributing!
git checkout -b feature/your-feature-name
# or
git checkout -b fix/issue-description- Write code following our Code Standards
- Add tests for new functionality
- Update documentation as needed
- Ensure security considerations are addressed
# Run all tests
anchor test
# Run specific test
anchor test --grep "test_name"
# Check formatting
cargo fmt --all -- --check
# Run linting
cargo clippy --all-targets --all-features -- -D warnings
# Security audit
cargo auditUse clear, descriptive commit messages:
git add .
git commit -m "feat: add agent batch creation instruction
- Implement batch_create_agents instruction
- Add comprehensive tests for batch operations
- Update documentation for new functionality
- Optimize compute units for multiple agents"- Push your branch to GitHub
- Create a pull request with a clear title and description
- Link any related issues
- Wait for code review and address feedback
- Formatting: Use
rustfmtwith default settings - Linting: Follow
clippyrecommendations - Documentation: Document all public functions and modules
- Error Handling: Use proper error types and messages
- Security: Follow Solana security best practices
- Formatting: Use project's ESLint/Prettier configuration
- Types: Use strict TypeScript with proper type annotations
- Testing: Write comprehensive tests for client code
- Documentation: Include JSDoc for public APIs
- README: Keep it current and accurate
- Code Comments: Explain complex logic and security considerations
- Architecture Docs: Update when making structural changes
- API Documentation: Document all public interfaces
Security is paramount when dealing with financial transactions on Solana.
-
Input Validation
- Validate all user inputs in program instructions
- Check account ownership and permissions
- Verify PDA derivations
-
Access Controls
- Implement proper authorization checks
- Use account constraints appropriately
- Follow principle of least privilege
-
Economic Security
- Verify fee calculations thoroughly
- Test edge cases in fee distribution
- Ensure no arithmetic overflow/underflow
-
Testing
- Write security-focused test cases
- Test malicious input scenarios
- Verify account state transitions
- Private keys or mnemonics
- API keys or secrets
- Hardcoded addresses (use constants)
- Test tokens or mainnet data
All security-sensitive changes must:
- Include comprehensive tests
- Be reviewed by security-focused maintainers
- Pass security audit checks
- Be documented with security implications
- Unit Tests: Test individual functions and edge cases
- Integration Tests: Test complete instruction flows
- Security Tests: Test malicious scenarios and access controls
- Performance Tests: Verify compute unit usage
- All new instructions must have comprehensive tests
- Edge cases and error conditions must be tested
- Security-sensitive code requires additional test coverage
- Fee calculations need thorough validation
# All tests
anchor test
# With coverage (if available)
anchor test --coverage
# Security audit
cargo audit
# Performance profiling
anchor test --profile- Self Review: Review your own code thoroughly
- Testing: Ensure all tests pass
- Documentation: Update relevant documentation
- Security: Consider security implications
- Performance: Check for performance regressions
- Clear, descriptive title
- Detailed description of changes
- All tests passing
- No breaking changes (unless justified)
- Documentation updated
- Security considerations addressed
- Performance impact assessed
- Automated Checks: CI/CD pipeline must pass
- Code Review: At least one maintainer approval
- Security Review: Security-sensitive changes need security team approval
- Final Approval: Core team member final approval
- Squash commits if requested
- Merge to main branch
- Monitor for any issues post-merge
- Documentation: Check docs/ directory
- Issues: Search existing GitHub issues
- Discussions: Use GitHub Discussions for questions
- Security: Email security@maikers.com for security issues
- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: Technical questions and community discussions
- Pull Requests: Code contributions and reviews
We welcome contributions in these areas:
- Core Protocol: Anchor program improvements
- SDK Development: Client library enhancements
- Documentation: Guides, tutorials, and reference docs
- Testing: Test coverage and infrastructure
- Security: Security audits and improvements
- Performance: Optimization and monitoring
- Developer Tools: Build tools and development aids
We value all contributions! Contributors may be recognized through:
- GitHub contributor status
- Mention in release notes
- Community shoutouts
- Potential collaboration opportunities
By contributing to Mainframe, you agree that your contributions will be licensed under the Apache License 2.0.
Ready to contribute? Start by checking our good first issues or reach out in GitHub Discussions!
Thank you for helping build the future of agent-linked NFTs! 🤖✨