# Contributing to Lore Proofkeeper Thanks for your interest in Proofkeeper. This document covers the two things every contribution needs: the Developer Certificate of Origin sign-off, and the commit conventions the project history follows. ## Developer Certificate of Origin (DCO) This project requires a DCO sign-off on every commit, per the Lore family's licensing decision (Apache-2.0 + DCO). The DCO is a lightweight statement that you have the right to submit the work under the project's license. Read the full text at . To sign off, add a `Signed-off-by` trailer to each commit: ``` Signed-off-by: Your Name ``` Git does this for you with the `-s` flag: ```bash git commit -s -m "feat(coverage): add unverified-capability report" ``` The name and email in the trailer must match the commit author. CI rejects commits without a valid sign-off. ## Commit messages Use the conventional form `type(area): imperative summary [ref]`, for example: ``` feat(coverage): report capabilities with no verified_by edge [roadmap:v0.0.1] ``` Allowed types: `feat`, `fix`, `test`, `docs`, `refactor`, `chore`. Do **not** add tool attribution to commits, pull requests, or comments — no `Co-Authored-By` naming a tool, no "Generated with …" line, no session-link footer. The commit belongs to the project history, not the tool used to write it. ## The boundary (please read before adding features) Proofkeeper is a **contract consumer** of Lore. It reads the published `rac export --graph` JSON contract (and, later, the `lore` MCP); it never imports the Lore engine's internals or its private API. Write-back to a Lore corpus happens **only** as a proposed, human-reviewed pull request — Proofkeeper never mutates a corpus directly. No model is bundled: Proofkeeper is bring-your-own-model. Keep contributions on the right side of that line. ## Local checks ```bash npm install npm run typecheck npm test npm run build ```