Thank you for your interest in contributing to the National Data Sovereignty Enforcement Platform.
- Follow the Quick Start guide
- Ensure all prerequisites are installed
- Run
pnpm installandpnpm devto verify your setup
- Strict mode is enforced (
"strict": truein tsconfig.json) - Do not use
any— define proper interfaces/types - Do not use
@ts-ignoreor@ts-expect-error - Do not use
eval()orFunction()constructor - All tRPC procedures must have Zod input schemas
- All errors must be caught and logged via the structured logger (pino), never
console.log
- Files:
camelCase.tsfor server,PascalCase.tsxfor React components - Variables/functions:
camelCase - Types/interfaces:
PascalCase - Database tables:
snake_case(Drizzle schema) - Environment variables:
UPPER_SNAKE_CASE
- Never hardcode secrets, API keys, or credentials
- All PII fields must use field-level encryption (see
server/kms.ts) - All user input must be validated with Zod schemas before processing
- Use parameterized queries exclusively — no string interpolation in SQL
- CSRF tokens required on all state-changing operations
- Test with
security/automated-security-tests.tsbefore submitting security-related PRs
- Use Radix UI primitives for accessible components
- Include ARIA attributes on interactive elements
- Support dark mode via
dark:Tailwind classes - Use
React.lazy()for page-level code splitting - Handle loading and error states for all async operations
- All schema changes go through Drizzle ORM (
drizzle/schema.ts) - Create a migration file in
migrations/for every schema change - Add foreign key constraints for referential integrity
- Include audit trail entries for data modifications
- Create a feature branch from
main:git checkout -b feature/description - Make your changes following the code standards above
- Ensure TypeScript compiles clean:
npx tsc --noEmit - Run tests:
pnpm test - Run security tests if applicable:
npx tsx security/automated-security-tests.ts - Submit a PR with a clear description of changes and motivation
- TypeScript must compile with zero errors
- All existing tests must pass
- New features should include tests
- Security-sensitive changes require review from the security team
- Database schema changes require migration files
Major architectural decisions are documented in:
CHANGELOG*.md— Phase-by-phase implementation historysecurity/DPIA-NDSEP-Platform.md— Data protection impact assessmentopenapi.yaml— API contract documentation
- Security vulnerabilities: Email security@ndsep.gov.ng (do not open public issues)
- Bugs: Open a GitHub issue with reproduction steps
- Feature requests: Open a GitHub issue with use case description
By contributing, you agree that your contributions will be licensed under the project's proprietary license.