Thanks for your interest in contributing! This guide covers everything you need to get started.
# Clone the repository
git clone https://github.com/lua-ai-global/governance.git
cd governance
# Install dependencies
npm install
# Build all packages
npm run build
# Run tests
npm test
# Type-check without emitting
npm run lint- Node.js >= 20
- TypeScript >= 5.7
packages/
governance/ # Core SDK — policy enforcement, scoring, injection detection, framework adapters
governance-platform/ # PostgreSQL storage layer — auto-migrating schema, org settings
- Files:
kebab-case.ts - Functions/variables:
camelCase - No
anytypes — use proper TypeScript types throughout - < 300 LOC per file — split into modules if approaching limit
- Zero runtime dependencies on the core SDK — never add to
dependencies. Framework imports go inpeerDependencies(optional).
- Fork the repository and create a feature branch
- Make your changes
- Run
npm test— all tests must pass - Run
npm run build— must compile clean - Submit a pull request
- Create
src/plugins/framework-name.ts - Import types only from the framework — never add to
dependencies - Create
src/plugins/framework-name.test.tswith mock framework objects - Add to
package.jsonexports ANDpeerDependencies+peerDependenciesMeta - Add to the framework table in
README.md
- Keep PRs focused — one feature or fix per PR
- Include tests for new functionality
- Update documentation if the public API changes
- Use imperative mood in commit messages (e.g., "Add rate limit policy", not "Added rate limit policy")
- Bugs: Open a GitHub issue with steps to reproduce, expected vs. actual behavior, and your Node/SDK version
- Security vulnerabilities: See SECURITY.md — do not open a public issue
- Feature requests: Open a GitHub issue describing the use case
By contributing, you agree that your contributions will be licensed under the MIT License.