KuberCoin Docs

Contributing

Guidelines for code, documentation, and review participation.

Overview

KuberCoin is a community-maintained project. Contributions are welcome from anyone willing to follow the published process and engage in good faith. There is no foundation, no privileged maintainer set, and no paid contributor program. Discussion happens in the open at forum.kuber-coin.com; source mirrors, tagged releases and patch sets are available at open.kuber-coin.com.

Reporting bugs

Open a bug thread in the Bugs category of the forum. Include:

  • The exact KuberCoin version (output of kuber-cli --version).
  • Operating system and architecture.
  • Reproduction steps, expected behaviour and observed behaviour.
  • Relevant log excerpts — redact secrets and personal data first.

Security-sensitive bugs follow a different channel. See the vulnerability report page for the embargoed disclosure pipeline.

Proposing changes

Small fixes (typos, comments, single-file refactors) can land directly via a patch series posted to the Patches category. Anything that touches the wire protocol, consensus rules, exposed APIs or the user interface goes through the Request-for-Comments (RFC) process.

  1. Draft. Author posts an RFC document with motivation, design, alternatives considered, and migration plan.
  2. Review. Two-week public comment window. The author iterates in response to feedback.
  3. Last call. Final one-week window where objections must be substantive.
  4. Accepted. Implementation work begins; the RFC is archived under /rfcs/ in the source mirror.

See the governance page for the full decision-making model that surrounds this lifecycle.

Coding standards

PHP code follows PSR-12 with strict types declared at the top of every file. Static analysis runs at PHPStan level 7. The TypeScript and React surfaces follow the rules in each eslint.config.js and require tsc --noEmit to pass. Run the SAST suite before submitting:

pwsh scripts/run-sast.ps1 -FailOnAudit

All seventeen checks (PHPStan, composer audit, npm audit, secretlint, ESLint and PHP_CodeSniffer across every domain) must report zero findings.

Running tests locally

The end-to-end suite covers all six public surfaces plus the cross- service contract layer. The host-agnostic runner brings up local dev servers, executes the suites in parallel, and tears everything down on exit:

pwsh scripts/run-e2e.ps1

Per-suite invocation is documented in the getting started guide and the published E2E policy.

Code of conduct

Every contributor is expected to follow the community code of conduct. Reports of unacceptable behaviour are routed to the conduct committee at conduct@kuber-coin.com.