Contributing — Lantern

Welcome! To keep Lantern secure, maintainable, and welcoming, please follow these guidelines.

Quick checklist

• Enable 2FA on your GitHub account and link your work email.
• Fork & open PRs from feature branches; keep PRs small and focused. At feature kickoff, explicitly choose main checkout vs git worktree and confirm whether a fresh branch should be created from dev; for most sequential work, prefer the main checkout. See PR Workflow for branch-naming conventions, worktree setup, and the full PR lifecycle.
• Include tests for new behavior and run the test suite locally before opening a PR.
• Update CHANGELOG.md following Keep a Changelog format:
  • Add entries under daily ## [DEV] - YYYY-MM-DD section (create if doesn't exist)
  • Use present tense ("Add feature" not "Added feature")
  • See Changelog Workflow for complete guidelines
• Documentation checklist:
  • [ ] New documentation placed in /docs/ (not in source directories)
  • [ ] Docs organized under correct category (features, engineering, business, etc)
  • [ ] Source directories have README linking to /docs/ version
  • [ ] All internal links use absolute /docs/ paths
  • [ ] File names follow CAPS_SNAKE_CASE.md format
  • See Documentation Safeguards for details
• All PRs must pass automated checks: lint, unit tests, SAST, dependency scanning.
• Remove secrets from code; use Secret Manager for production secrets.
• Explicitly reference ISSUE-### in PRs to link work to tracked tickets.

Security expectations

• Sensitive features (auth, payments, redemptions) require design reviews and a security reviewer on PRs.
• If you find a security issue, follow security/VULNERABILITY_DISCLOSURE.md and do not post details publicly.

Getting started

• Run npm install and npm run dev.
• See TECHSTACK.md for recommended tools and infra.

Thanks for contributing — your work helps keep Lantern safe and mission-focused.