Skip to content

Make a Change

  1. Start from main.
  2. Keep the change focused on one component or workflow.
  3. Read the relevant service/package instructions before editing.
  4. Update docs when behavior, APIs, commands, config, examples, or operations change.
  5. Run targeted tests first, then broader checks when shared boundaries changed.
  6. Open a pull request with the problem, solution, validation, and risk notes.
AreaCommon sources
Runtime CLIapps/runtime, packages/engine, runtime tests.
Web consoleapps/web, Admin SDK, web console tests.
APIapps/api, migrations, Admin package, API tests.
Coordinatorapps/coordinator, Coordinator tests, SDK tests.
STS/Gateway/Auditservices/*, Go tests, operations docs.
SDKs/connectorspackages/*, language-specific tests, interoperability fixtures.
Infrainfra/docker, infra/helm, Postgres/Redis scripts.
Docsdocs/src/content/docs, docs/astro.config.mjs, generated docs pages.

Do not add top-level runtime CLI commands for zones, policies, grants, audit, agents, delegation, or Control. Human workflows belong to the web console; automation belongs to Control/Admin APIs.

Do not discuss suspected vulnerabilities in public issues. Use GitHub private advisories or the email path in Report a Vulnerability.

Use Validate Changes to choose the narrowest useful test command before opening a pull request.