Contributing to SecureLLM MCP Server
Thank you for your interest in contributing to SecureLLM MCP! This project provides production-ready Model Context Protocol (MCP) server capabilities with enterprise-grade features for intelligent development workflows.
We welcome contributions from the community and appreciate your help in making this project better.
Table of Contentsβ
- Development Setup
- Code Style
- Testing Requirements
- Pull Request Process
- Issue Reporting
- Code of Conduct
Development Setupβ
Prerequisitesβ
Before you begin, ensure you have the following installed:
- Node.js: Version 22.0 or higher (native ESM support required)
- npm: Comes with Node.js
- SQLite: Version 3.35+ (for FTS5 full-text search support)
- NixOS: Recommended for full feature set, but not strictly required
- Git: For version control
Optional but recommended:
- llama.cpp server: For semantic caching with embeddings
Clone and Installβ
# Clone the repository
git clone https://github.com/marcosfpina/securellm-mcp.git
cd securellm-mcp
# Install dependencies
npm install
# Build the project
npm run build
Environment Setupβ
Create a .env file in the project root. Use .env.example as a template:
cp .env.example .env
Edit .env with your configuration. At minimum, set:
PROJECT_ROOT=/path/to/your/project
ENABLE_KNOWLEDGE=true
LOG_LEVEL=debug
For full functionality, configure API keys and optional services as needed.
Verify Installationβ
# Run tests to verify everything is working
npm test
# Start the server
node build/src/index.js
Code Styleβ
We maintain high code quality standards to ensure the codebase remains maintainable and production-ready.
TypeScript Guidelinesβ
- Strict Mode Enabled: All TypeScript code must pass strict type checking
- Type Definitions: Prefer explicit types over
any; use proper type definitions insrc/types/ - Zod Validation: Use Zod for runtime validation and schema definitions
- ESM Imports: Always use
.jsextensions in import statements (TypeScript ESM requirement)
Code Organizationβ
Follow the existing project structure:
src/
βββ middleware/ # Rate limiting, caching, circuit breakers
βββ tools/ # MCP tool implementations
βββ types/ # TypeScript type definitions
βββ reasoning/ # Hybrid reasoning system
βββ knowledge/ # Knowledge management
βββ utils/ # Utility functions
βββ index.ts # Main entry point
Naming Conventionsβ
- Files:
kebab-casefor file names (e.g.,semantic-cache.ts) - Classes:
PascalCase(e.g.,SemanticCache) - Functions/Variables:
camelCase(e.g.,createSession) - Constants:
UPPER_SNAKE_CASE(e.g.,DEFAULT_CACHE_TTL) - Types/Interfaces:
PascalCase(e.g.,KnowledgeEntry)
Linting and Formattingβ
Before committing, ensure your code passes linting and formatting checks:
# Run ESLint
npm run lint
# Fix ESLint issues automatically
npm run lint:fix
# Check Prettier formatting
npm run format:check
# Apply Prettier formatting
npm run format
Testing Requirementsβ
We aim for >70% test coverage to ensure reliability and prevent regressions.
Writing Testsβ
- Location: Place test files in the
tests/directory - Naming: Use
.test.tsextension (e.g.,semantic-cache.test.ts) - Framework: Use Node.js built-in test runner with
node:test - Assertions: Use
node:assertfor assertions
Test Structureβ
Follow this pattern for consistency:
import { describe, it } from "node:test";
import assert from "node:assert";
import { YourClass } from "../src/path/to/class.js";
describe("YourClass", () => {
describe("methodName", () => {
it("should handle normal case", () => {
// Arrange
const instance = new YourClass(config);
const input = { /* test data */ };
// Act
const result = instance.methodName(input);
// Assert
assert.strictEqual(result.success, true);
});
it("should handle error conditions", () => {
// Test error paths
});
});
});
Running Testsβ
# Run all tests
npm test
# Run tests in watch mode (during development)
npm run test:watch
# Run tests with coverage report
npm run test:coverage
Coverage Requirementsβ
- New features must include tests
- Bug fixes should include regression tests
- Aim to maintain or improve overall coverage
- Focus on testing critical paths and edge cases
Pull Request Processβ
Before Submittingβ
-
Fork the Repository: Create your own fork on GitHub
-
Create a Feature Branch: Use a descriptive name
git checkout -b feature/your-feature-name# orgit checkout -b fix/bug-description -
Make Your Changes: Follow the code style guidelines
-
Write Tests: Add tests for new functionality
-
Run Checks: Ensure all checks pass
npm run lintnpm run format:checknpm testnpm run build -
Commit with Clear Messages: Use descriptive commit messages
git commit -m "feat: add new caching strategy for embeddings"git commit -m "fix: resolve race condition in rate limiter"git commit -m "docs: update installation instructions"
Commit Message Formatβ
We follow conventional commits:
feat:- New featuresfix:- Bug fixesdocs:- Documentation changestest:- Test additions or modificationsrefactor:- Code refactoringperf:- Performance improvementschore:- Build process or tooling changes
Submitting the Pull Requestβ
-
Push to Your Fork:
git push origin feature/your-feature-name -
Open a Pull Request: Navigate to the repository on GitHub and click "New Pull Request"
-
Fill Out the Template: Provide a clear description including:
- What changes were made
- Why the changes are needed
- How to test the changes
- Related issue numbers (if applicable)
-
Wait for Review: Maintainers will review your PR and may request changes
-
Address Feedback: Make requested changes and push additional commits
-
Merge: Once approved, your PR will be merged
PR Guidelinesβ
- Keep PRs focused on a single feature or fix
- Update documentation for user-facing changes
- Ensure CI/CD checks pass
- Respond to review comments promptly
- Be open to feedback and discussion
Issue Reportingβ
Before Opening an Issueβ
- Search existing issues to avoid duplicates
- Check the documentation for answers
- Try the latest version to see if the issue is resolved
Creating a Good Issueβ
Include the following information:
-
Clear Title: Descriptive and concise
-
Environment Details:
- Node.js version: (e.g., 22.1.0)- npm version: (e.g., 10.3.0)- OS: (e.g., NixOS 24.05, Ubuntu 22.04, macOS 14)- Package version: (e.g., 2.0.0) -
Steps to Reproduce: Detailed steps to reproduce the issue
-
Expected Behavior: What you expected to happen
-
Actual Behavior: What actually happened
-
Relevant Logs: Include error messages or logs (sanitize sensitive data)
-
Minimal Reproduction: If possible, provide minimal code to reproduce
Issue Labelsβ
bug: Something isn't workingenhancement: New feature or requestdocumentation: Documentation improvementsgood first issue: Good for newcomershelp wanted: Extra attention is needed
Code of Conductβ
Our Standardsβ
- Be respectful and professional in all interactions
- Welcome diverse perspectives and experiences
- Accept constructive criticism gracefully
- Focus on what's best for the project and community
- Show empathy towards other contributors
Unacceptable Behaviorβ
- Harassment, trolling, or discriminatory comments
- Personal attacks or political arguments
- Publishing others' private information
- Any conduct that could reasonably be considered inappropriate
Enforcementβ
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, issues, and other contributions that don't align with this Code of Conduct.
Questions?β
If you have questions about contributing, feel free to:
- Open a discussion on GitHub
- Open an issue with the
questionlabel - Review existing documentation in the
docs/directory
Recognitionβ
Contributors who make significant improvements will be acknowledged in the project's release notes and documentation.
Thank you for contributing to SecureLLM MCP! Your efforts help make this project better for everyone.