# Contributing to LastID Rust SDK
Thank you for your interest in contributing to the LastID Rust SDK!
## Code of Conduct
This project follows the [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct). By participating, you agree to uphold this code.
## Getting Started
### Prerequisites
- Rust 1.89+ (see `rust-version` in Cargo.toml)
- cargo with llvm-cov for coverage reports
- wasm-pack (for WASM testing)
### Building
```bash
# Build with all features
cargo build --all-features
# Build for WASM
cargo build --target wasm32-unknown-unknown --features wasm
```
### Testing
```bash
# Run all tests
cargo test --all-features
# Run with coverage (requires cargo-llvm-cov)
cargo llvm-cov --all-features
# Run WASM tests (requires wasm-pack)
wasm-pack test --headless --chrome
```
## Code Style
This project follows strict quality standards defined in the [SDK Constitution](.specify/memory/constitution.md).
### Required (Enforced by CI)
- **95% test coverage** - PRs that drop coverage below 95% will not be merged
- **Zero clippy warnings** - Run `cargo clippy --all-features -- -D warnings`
- **Formatted code** - Run `cargo fmt` before committing
- **No unsafe code** - The crate uses `#![forbid(unsafe_code)]`
- **Documentation** - All public items must have rustdoc with examples
### Recommended
- Functions under 50 lines
- Modules under 500 lines
- Type-state patterns for compile-time API correctness
- Meaningful, semantic commit messages
## Pull Request Process
1. Fork the repository
2. Create a feature branch from `main`:
```bash
git checkout -b feature/my-feature
```
3. Make your changes following the code style guidelines
4. Add tests for new functionality (maintain 95%+ coverage)
5. Update documentation for any public API changes
6. Run the full CI check locally:
```bash
cargo fmt --check
cargo clippy --all-features -- -D warnings
cargo test --all-features
cargo doc --no-deps --all-features
```
7. Commit with a descriptive message
8. Push and create a Pull Request
### PR Description Template
Please include in your PR description:
- **Summary**: What does this PR do?
- **Motivation**: Why is this change needed?
- **Test Plan**: How was this tested?
- **Breaking Changes**: Does this change any public APIs?
## Constitution Compliance
All contributions must comply with the [SDK Constitution](.specify/memory/constitution.md).
### Key Principles
1. **Customer-Facing Quality** - Public APIs must be production-grade
2. **Test Coverage** - Maintain 95%+ coverage
3. **Code Cleanliness** - Zero clippy warnings, no unsafe code
4. **Cross-Platform** - Must compile for all targets (native + WASM)
5. **Safe Updates** - Prefer edits over rewrites
6. **Maintainability** - Write for long-term maintenance
7. **Security-First** - Follow cryptographic best practices
## Reporting Issues
Please use GitHub Issues with:
- Clear description of the problem
- Steps to reproduce
- Expected vs actual behavior
- SDK version (`cargo pkgid lastid-sdk`)
- Rust version (`rustc --version`)
- Target platform
## Security Vulnerabilities
If you discover a security vulnerability, please do NOT open a public issue. Instead, email security@lastid.co with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
## License
Contributions are dual-licensed under MIT and Apache-2.0. By submitting a PR, you agree to license your contributions under these terms.
## Release Process
Releases are automated via GitHub Actions. When a new release is created:
1. CI validates the release (tests, clippy, docs)
2. Package is published to crates.io
3. WASM package is published to npm
4. Native binaries are built for all platforms
5. Release assets are attached with SHA256 checksums
### Required Secrets
Maintainers with release access need these secrets configured:
- `CARGO_REGISTRY_TOKEN` - crates.io API token
- `NPM_TOKEN` - npm registry token
## Questions?
- Open a GitHub Discussion for general questions
- Check existing issues for known problems
- Read the [documentation](https://docs.rs/lastid-sdk) for API reference