Skip to content

docs: Add comprehensive CONTRIBUTING.md for AI agent trust layer #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Kubudak90 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: Add comprehensive CONTRIBUTING.md for AI agent trust layer #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
358 changes: 358 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,358 @@
# Contributing to AgentCircle

Thank you for your interest in contributing to AgentCircle! This document provides guidelines and instructions for contributing to this AI agent trust and payment layer protocol.

## Table of Contents

- [Code of Conduct](#code-of-conduct)
- [Getting Started](#getting-started)
- [Development Setup](#development-setup)
- [Project Structure](#project-structure)
- [Contributing Workflow](#contributing-workflow)
- [Coding Standards](#coding-standards)
- [Testing](#testing)
- [Security](#security)
- [Community](#community)

## Code of Conduct

This project adheres to a code of conduct that all contributors are expected to follow:

- Be respectful and inclusive in all interactions
- Provide constructive feedback and accept it gracefully
- Focus on what's best for the AI agent ecosystem
- Show empathy towards other contributors and users

## Getting Started

### Prerequisites

Before you begin, ensure you have the following installed:

- **Node.js** (v18 or higher)
- **npm** or **yarn**
- **Git**
- **Foundry** (for Solidity development)
- **MetaMask** or similar Web3 wallet
- **Base Sepolia testnet ETH** (for testing)

### Quick Start

1. **Fork the repository** on GitHub
2. **Clone your fork**:
```bash
git clone https://github.com/YOUR_USERNAME/AgentCircle.git
cd AgentCircle
```
3. **Install dependencies**:
```bash
npm install
```
4. **Set up environment variables**:
```bash
cp .env.example .env
# Edit .env with your configuration
```

## Development Setup

### Smart Contract Development

AgentCircle uses Solidity for its on-chain components:

```bash
# Install Foundry
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Install dependencies
forge install

# Compile contracts
forge build

# Run tests
forge test
```

### Frontend Development

```bash
# Start development server
npm run dev

# Build for production
npm run build

# Run linter
npm run lint
```

### TEE Environment Setup

For TEE-related development:

1. **Install TEE SDK** (follow vendor-specific instructions)
2. **Configure TEE environment variables** in `.env`
3. **Test TEE operations** using provided test scripts

## Project Structure

```
AgentCircle/
├── contracts/ # Solidity smart contracts
│ ├── AgentPolicy.sol # Core policy management
│ ├── TrustRegistry.sol # Agent trust scoring
│ └── PaymentEscrow.sol # Payment handling
├── src/ # Frontend source code
│ ├── components/ # React components
│ ├── hooks/ # Custom React hooks
│ └── utils/ # Utility functions
├── test/ # Test files
│ ├── unit/ # Unit tests
│ └── integration/ # Integration tests
├── scripts/ # Deployment and utility scripts
└── docs/ # Documentation
```

## Contributing Workflow

### 1. Create an Issue

Before starting work:

- Check existing issues to avoid duplicates
- Create a new issue describing your proposed change
- Wait for maintainer feedback on significant changes

### 2. Branch Naming

Create branches with descriptive names:

```
feature/add-lit-protocol-integration
fix/tee-attestation-bug
docs/update-api-reference
refactor/optimize-gas-usage
```

### 3. Commit Messages

Follow conventional commits format:

```
type(scope): description

[optional body]

[optional footer]
```

Types:
- `feat`: New feature
- `fix`: Bug fix
- `docs`: Documentation changes
- `style`: Code style changes (formatting)
- `refactor`: Code refactoring
- `test`: Test additions/changes
- `chore`: Build process or auxiliary tool changes

Examples:
```
feat(contracts): add ERC-8004 policy attestation

Implement ERC-8004 standard for agent policy attestations
with TEE-backed signatures.

Closes #123
```

### 4. Pull Request Process

1. **Ensure tests pass**:
```bash
forge test
npm test
```

2. **Update documentation** if needed

3. **Create PR** with:
- Clear title and description
- Reference to related issue(s)
- Screenshots (for UI changes)
- Test results

4. **Address review feedback** promptly

5. **Wait for approval** from at least one maintainer

## Coding Standards

### Solidity

- Follow [Solidity Style Guide](https://docs.soliditylang.org/en/latest/style-guide.html)
- Use `solhint` for linting
- Document all public functions with NatSpec
- Include comprehensive inline comments for complex logic

```solidity
/**
* @notice Registers an agent's policy on-chain
* @param agentId Unique identifier for the agent
* @param policyHash IPFS hash of the policy document
* @param teeAttestation TEE attestation of policy compliance
* @return policyId The unique policy ID
*/
function registerPolicy(
bytes32 agentId,
string calldata policyHash,
bytes calldata teeAttestation
) external returns (uint256 policyId) {
// Implementation
}
```

### TypeScript/JavaScript

- Use TypeScript for all new code
- Follow ESLint configuration
- Use functional components with hooks
- Document complex functions with JSDoc

```typescript
/**
* Verifies TEE attestation for an agent policy
* @param policyId - The policy ID to verify
* @param attestation - TEE attestation bytes
* @returns Promise resolving to verification result
*/
async function verifyAttestation(
policyId: string,
attestation: Uint8Array
): Promise<VerificationResult> {
// Implementation
}
```

## Testing

### Unit Tests

Write comprehensive unit tests for all contracts:

```solidity
function test_RegisterPolicy_Success() public {
// Arrange
bytes32 agentId = keccak256("agent1");
string memory policyHash = "QmTest123";
bytes memory attestation = hex"1234";

// Act
uint256 policyId = registry.registerPolicy(agentId, policyHash, attestation);

// Assert
assertEq(registry.getPolicyAgent(policyId), agentId);
}
```

### Integration Tests

Test cross-contract interactions:

```bash
# Run all tests
forge test

# Run with gas report
forge test --gas-report

# Run specific test
forge test --match-test test_RegisterPolicy
```

### Frontend Tests

```bash
# Run unit tests
npm test

# Run with coverage
npm run test:coverage

# Run e2e tests
npm run test:e2e
```

## Security

### Reporting Vulnerabilities

**DO NOT** open public issues for security vulnerabilities.

Instead:
1. Email security concerns to: security@agentcircle.xyz
2. Include detailed description and reproduction steps
3. Allow 48 hours for initial response
4. Coordinate disclosure timeline

### Security Best Practices

When contributing:

- **Never commit private keys** or sensitive data
- **Use environment variables** for configuration
- **Validate all inputs** in smart contracts
- **Follow checks-effects-interactions** pattern
- **Use reentrancy guards** where appropriate
- **Get security review** for significant changes

### TEE Security

- Verify attestation signatures
- Validate TEE measurement hashes
- Use secure channels for sensitive data
- Follow Lit Protocol security guidelines

## Community

### Communication Channels

- **GitHub Issues**: Bug reports and feature requests
- **GitHub Discussions**: General questions and ideas
- **Discord**: [Join our community](https://discord.gg/agentcircle)
- **Twitter**: [@AgentCircle](https://twitter.com/AgentCircle)

### Getting Help

- Check [documentation](https://docs.agentcircle.xyz)
- Search existing issues
- Ask in Discord #dev-help channel
- Tag maintainers in PRs if stuck

### Recognition

Contributors will be:
- Listed in CONTRIBUTORS.md
- Mentioned in release notes
- Eligible for bounty programs
- Considered for core team roles

## Bounty Program

We offer bounties for:

- **Critical bugs**: $5,000 - $10,000
- **High impact features**: $1,000 - $5,000
- **Documentation improvements**: $100 - $500
- **Test coverage**: $50 - $200

Check [active bounties](https://github.com/PL-Genesis-AgentCircle/AgentCircle/issues?q=is%3Aopen+label%3Abounty) for opportunities.

## License

By contributing, you agree that your contributions will be licensed under the MIT License.

---

Thank you for helping build the trust layer for AI agents! 🚀