Skip to content

Contributing

Atay Özcan edited this page May 1, 2026 · 1 revision

Contributing

Issues and PRs welcome.

Dev setup

git clone https://github.com/atayozcan/sentinel
cd sentinel
just check          # cargo fmt --check + cargo clippy -D warnings
just helper-test    # smoke-test the dialog

The Rust toolchain is pinned in rust-toolchain.toml; rustup will fetch it automatically.

Code style

  • cargo fmt — no exceptions.
  • cargo clippy --workspace -- -D warnings — must pass before commit.
  • Comments only when why is non-obvious. If a comment just restates what the code does, delete it.
  • No new external crates without a strong reason — this is a security tool with a small attack surface, every dep counts.

Commit style

Conventional-commit-ish:

feat: add support for foo
fix(install): roll back on partial polkit-1 write
docs(wiki): expand troubleshooting
chore: bump nix to 0.32

Sign-off via Co-Authored-By: if pair-programming with an agent.

PRs

  • Branch off main.
  • One topic per PR. Refactors and feature work in separate PRs.
  • Run just check and just helper-test before submitting. CI will catch the rest.
  • cargo build --release --workspace --locked — Cargo.lock is checked in for both crates.
  • Update the wiki (this repo at github.com/atayozcan/sentinel.wiki) when you change user-facing behaviour. Wiki edits go through the wiki's own git repo (git clone https://github.com/atayozcan/sentinel.wiki.git).

Release process

# 1. Bump workspace.package.version in Cargo.toml
# 2. Bump packaging/arch/PKGBUILD pkgver
# 3. Add release notes:
$EDITOR .github/release-notes/v$NEW_VERSION.md
# 4. Commit + tag + push
git commit -am "release: $NEW_VERSION"
git tag -a v$NEW_VERSION -m "Sentinel v$NEW_VERSION"
git push origin main v$NEW_VERSION
# 5. CI builds source + binary + .deb + .rpm and creates the release.
# 6. Update AUR (separate repo, see packaging/arch/README.md).

What we won't merge

  • Anything that adds a way for the helper to run as root.
  • Features that bypass the min_display_time_ms block.
  • A telemetry/analytics path.
  • New output formats besides ALLOW/DENY/TIMEOUT — keeping the PAM-side parser dumb is intentional.
  • X11 support — the design assumes a layer-shell-capable Wayland compositor. An X11 backend would mean a different threat model and a different program.

Reporting security issues

Please don't open a public issue for security bugs. Email the maintainer (see Cargo.toml authors) or open a GitHub Security Advisory ("Security" tab → "Report a vulnerability").

Clone this wiki locally