diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..2af3744 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,358 @@ +# Contributing to AgentCircle + +Thank you for your interest in contributing to AgentCircle! This document provides guidelines and instructions for contributing to this AI agent trust and payment layer protocol. + +## Table of Contents + +- [Code of Conduct](#code-of-conduct) +- [Getting Started](#getting-started) +- [Development Setup](#development-setup) +- [Project Structure](#project-structure) +- [Contributing Workflow](#contributing-workflow) +- [Coding Standards](#coding-standards) +- [Testing](#testing) +- [Security](#security) +- [Community](#community) + +## Code of Conduct + +This project adheres to a code of conduct that all contributors are expected to follow: + +- Be respectful and inclusive in all interactions +- Provide constructive feedback and accept it gracefully +- Focus on what's best for the AI agent ecosystem +- Show empathy towards other contributors and users + +## Getting Started + +### Prerequisites + +Before you begin, ensure you have the following installed: + +- **Node.js** (v18 or higher) +- **npm** or **yarn** +- **Git** +- **Foundry** (for Solidity development) +- **MetaMask** or similar Web3 wallet +- **Base Sepolia testnet ETH** (for testing) + +### Quick Start + +1. **Fork the repository** on GitHub +2. **Clone your fork**: + ```bash + git clone https://github.com/YOUR_USERNAME/AgentCircle.git + cd AgentCircle + ``` +3. **Install dependencies**: + ```bash + npm install + ``` +4. **Set up environment variables**: + ```bash + cp .env.example .env + # Edit .env with your configuration + ``` + +## Development Setup + +### Smart Contract Development + +AgentCircle uses Solidity for its on-chain components: + +```bash +# Install Foundry +curl -L https://foundry.paradigm.xyz | bash +foundryup + +# Install dependencies +forge install + +# Compile contracts +forge build + +# Run tests +forge test +``` + +### Frontend Development + +```bash +# Start development server +npm run dev + +# Build for production +npm run build + +# Run linter +npm run lint +``` + +### TEE Environment Setup + +For TEE-related development: + +1. **Install TEE SDK** (follow vendor-specific instructions) +2. **Configure TEE environment variables** in `.env` +3. **Test TEE operations** using provided test scripts + +## Project Structure + +``` +AgentCircle/ +├── contracts/ # Solidity smart contracts +│ ├── AgentPolicy.sol # Core policy management +│ ├── TrustRegistry.sol # Agent trust scoring +│ └── PaymentEscrow.sol # Payment handling +├── src/ # Frontend source code +│ ├── components/ # React components +│ ├── hooks/ # Custom React hooks +│ └── utils/ # Utility functions +├── test/ # Test files +│ ├── unit/ # Unit tests +│ └── integration/ # Integration tests +├── scripts/ # Deployment and utility scripts +└── docs/ # Documentation +``` + +## Contributing Workflow + +### 1. Create an Issue + +Before starting work: + +- Check existing issues to avoid duplicates +- Create a new issue describing your proposed change +- Wait for maintainer feedback on significant changes + +### 2. Branch Naming + +Create branches with descriptive names: + +``` +feature/add-lit-protocol-integration +fix/tee-attestation-bug +docs/update-api-reference +refactor/optimize-gas-usage +``` + +### 3. Commit Messages + +Follow conventional commits format: + +``` +type(scope): description + +[optional body] + +[optional footer] +``` + +Types: +- `feat`: New feature +- `fix`: Bug fix +- `docs`: Documentation changes +- `style`: Code style changes (formatting) +- `refactor`: Code refactoring +- `test`: Test additions/changes +- `chore`: Build process or auxiliary tool changes + +Examples: +``` +feat(contracts): add ERC-8004 policy attestation + +Implement ERC-8004 standard for agent policy attestations +with TEE-backed signatures. + +Closes #123 +``` + +### 4. Pull Request Process + +1. **Ensure tests pass**: + ```bash + forge test + npm test + ``` + +2. **Update documentation** if needed + +3. **Create PR** with: + - Clear title and description + - Reference to related issue(s) + - Screenshots (for UI changes) + - Test results + +4. **Address review feedback** promptly + +5. **Wait for approval** from at least one maintainer + +## Coding Standards + +### Solidity + +- Follow [Solidity Style Guide](https://docs.soliditylang.org/en/latest/style-guide.html) +- Use `solhint` for linting +- Document all public functions with NatSpec +- Include comprehensive inline comments for complex logic + +```solidity +/** + * @notice Registers an agent's policy on-chain + * @param agentId Unique identifier for the agent + * @param policyHash IPFS hash of the policy document + * @param teeAttestation TEE attestation of policy compliance + * @return policyId The unique policy ID + */ +function registerPolicy( + bytes32 agentId, + string calldata policyHash, + bytes calldata teeAttestation +) external returns (uint256 policyId) { + // Implementation +} +``` + +### TypeScript/JavaScript + +- Use TypeScript for all new code +- Follow ESLint configuration +- Use functional components with hooks +- Document complex functions with JSDoc + +```typescript +/** + * Verifies TEE attestation for an agent policy + * @param policyId - The policy ID to verify + * @param attestation - TEE attestation bytes + * @returns Promise resolving to verification result + */ +async function verifyAttestation( + policyId: string, + attestation: Uint8Array +): Promise { + // Implementation +} +``` + +## Testing + +### Unit Tests + +Write comprehensive unit tests for all contracts: + +```solidity +function test_RegisterPolicy_Success() public { + // Arrange + bytes32 agentId = keccak256("agent1"); + string memory policyHash = "QmTest123"; + bytes memory attestation = hex"1234"; + + // Act + uint256 policyId = registry.registerPolicy(agentId, policyHash, attestation); + + // Assert + assertEq(registry.getPolicyAgent(policyId), agentId); +} +``` + +### Integration Tests + +Test cross-contract interactions: + +```bash +# Run all tests +forge test + +# Run with gas report +forge test --gas-report + +# Run specific test +forge test --match-test test_RegisterPolicy +``` + +### Frontend Tests + +```bash +# Run unit tests +npm test + +# Run with coverage +npm run test:coverage + +# Run e2e tests +npm run test:e2e +``` + +## Security + +### Reporting Vulnerabilities + +**DO NOT** open public issues for security vulnerabilities. + +Instead: +1. Email security concerns to: security@agentcircle.xyz +2. Include detailed description and reproduction steps +3. Allow 48 hours for initial response +4. Coordinate disclosure timeline + +### Security Best Practices + +When contributing: + +- **Never commit private keys** or sensitive data +- **Use environment variables** for configuration +- **Validate all inputs** in smart contracts +- **Follow checks-effects-interactions** pattern +- **Use reentrancy guards** where appropriate +- **Get security review** for significant changes + +### TEE Security + +- Verify attestation signatures +- Validate TEE measurement hashes +- Use secure channels for sensitive data +- Follow Lit Protocol security guidelines + +## Community + +### Communication Channels + +- **GitHub Issues**: Bug reports and feature requests +- **GitHub Discussions**: General questions and ideas +- **Discord**: [Join our community](https://discord.gg/agentcircle) +- **Twitter**: [@AgentCircle](https://twitter.com/AgentCircle) + +### Getting Help + +- Check [documentation](https://docs.agentcircle.xyz) +- Search existing issues +- Ask in Discord #dev-help channel +- Tag maintainers in PRs if stuck + +### Recognition + +Contributors will be: +- Listed in CONTRIBUTORS.md +- Mentioned in release notes +- Eligible for bounty programs +- Considered for core team roles + +## Bounty Program + +We offer bounties for: + +- **Critical bugs**: $5,000 - $10,000 +- **High impact features**: $1,000 - $5,000 +- **Documentation improvements**: $100 - $500 +- **Test coverage**: $50 - $200 + +Check [active bounties](https://github.com/PL-Genesis-AgentCircle/AgentCircle/issues?q=is%3Aopen+label%3Abounty) for opportunities. + +## License + +By contributing, you agree that your contributions will be licensed under the MIT License. + +--- + +Thank you for helping build the trust layer for AI agents! 🚀 \ No newline at end of file