Contributing
Onboarding
Your first contribution, end to end.
Your first contribution, end to end.
1. Orient
- Start with the organization profile: https://github.com/ajar-protocol
- Read the planning repo next: https://github.com/ajar-protocol/planning
- Read
planning/ROADMAP.mdfor phase goals and exit criteria. - Read
planning/BUILD-ORDER.mdfor the build sequence: CORE protocol -> server -> client -> plugins -> actions, money, discovery. - Use the repository map in the organization profile:
planning,ajar,conformance,ajar-gateway,ajar-docs-mcp, andawesome-ajarare public launch repos. - Current status: Phase 0 has the v0.1 draft baseline prepared. Phase 1, the Gateway MVP read layer, is kicking off.
- The
ajarspec repo is the source of truth for protocol behavior. If an implementation disagrees with the spec, the implementation is wrong.
2. Pick Work
- Prefer planned work from the Ajar Roadmap Project board: https://github.com/orgs/ajar-protocol/projects/1
- Start with issues labeled
good first issuewhen learning the system. - If the work is not already tracked, open a task proposal issue.
- A task proposal states context, phase or repo, deliverable, Definition of Done, and dependencies or blockers.
- Claim a task by commenting on the issue before opening a PR.
- Use one issue or planning task per PR. Do not bundle unrelated cleanup.
3. Set Up
- Clone the repo that owns the task.
- For spec, schema, example, or vector work in
ajar, use a Python virtual environment. System Python needs a venv. - From the
ajarrepo:
python3 -m venv .venv
. .venv/bin/activate
python3 -m pip install -r requirements-dev.txt
make validate
python3 tools/check_phase0.py- Expected green output from
ajar/README.md:
Validated 12 valid examples, 8 invalid examples, 4 signing vectors, 2 HTTP signature vectors, 5 extension vectors, 6 manifest check vectors, 11 core vectors, 25 runtime vectors, and 12 scope vectors.
MUST coverage OK: 24 requirements mapped.- For manifest-specific edits, also run:
make manifest-check- Record the exact validation output in the PR when it is DoD evidence.
4. Work
- Name branches with the task ID when one exists, for example
T1.6-template-clustering. - Use GLOSSARY terms exactly: Manifest, View, Chunk, Action, Mandate, Offer, Receipt, Owner Key, Operational Key, Tier, Gate, Monitor, Vault.
- One task means one PR.
- Keep docs, tests, examples, schemas, registries, and vectors in the same PR when behavior changes require them.
- The spec is the source of truth. Do not create silent protocol behavior.
- If the spec is ambiguous, file the ambiguity, cite the section, and state the proposed interpretation in the PR.
5. Commit
- DCO sign-off is required:
git commit -s- Documentation is CC-BY-4.0.
- Code and machine-readable implementation artifacts are Apache-2.0.
- Check license compatibility before porting text, code, generated artifacts, or dependencies.
- Do not include secrets, real private keys, real mandates, private receipts, or customer data.
6. Open The PR
- Use the PR template checklist.
- Reference the task or issue.
- Keep scope limited to the task.
- Demonstrate the Definition of Done with tests, recorded output, or documented evidence.
- Include unit, conformance, and adversarial tests as applicable.
- Update docs when behavior changes.
- Update spec, GLOSSARY, DECISIONS, schemas, examples, registries, and vectors when protocol behavior changes.
- Review looks for the same invariants listed in
AGENTS.mdsection 2: owner sovereignty, safe defaults, untrusted models, build-time-only LLM use in Gateway code, spec floors, designated signing modules, fail-closed error handling, and consensual fallback. - Those invariants apply to humans too.
7. After Merge
- Watch follow-up issues from review.
- Keep contributing in the same narrow style: small task, clear evidence, no hidden behavior changes.
- Sustained quality work leads toward review rights under the phase-5 governance workstream.
If You Get Stuck
Use SUPPORT.md:
- Bugs: open an issue in the affected repo.
- Spec questions: open a discussion or issue in
ajar. - Security reports: follow
SECURITY.md; do not open a public issue. - Integration questions: use
planningdiscussions or issues until platform repos publish. - General project direction: use
planning.
AI-agent-driven contributions must follow AGENTS.md; it is binding.