git clone https://github.com/modem-dev/baudbot.git ~/baudbot
npm install- Product/team workflow overview: README.md
- Deep architecture and operations docs:
docs/ - Security model: SECURITY.md
- Configuration reference: CONFIGURATION.md
# All tests (unified Vitest runner)
npm test
# JS/TS only
npm run test:js
# Shell/security script tests only
npm run test:shell
# Coverage
npm run test:coverage
# Lint + typecheck
npm run lint && npm run typecheck- Don't commit directly to
main. Open a PR from a feature branch. - Branch names:
<your-gh-username>/<description>(e.g.youruser/fix-firewall-rules) - Commit messages: prefix with area. Examples:
security: add rate limiting,bridge: fix reconnect,docs: update README - One branch per change. Keep PRs focused.
- Scripts must work on both Ubuntu and Arch Linux. Use POSIX tools,
grep -E(notgrep -P), and avoid distro-specific package manager calls. - Security functions must be pure, testable modules with no side effects or env vars at module scope.
- All security code needs tests before merging.
- New integrations get their own subdirectory (e.g.
discord-bridge/).
If your change touches security code (tool-guard.ts, security.mjs, firewall scripts, etc.):
- Add or update tests.
- Run
bin/security-audit.sh --deepand confirm it passes. - Note the security implications in your PR description.
See SECURITY.md for the threat model and architecture.
Open a GitHub issue. Include:
- What you did
- What you expected
- What happened instead
- OS and version (Ubuntu/Arch/other)
Do not open a public issue for security vulnerabilities. See SECURITY.md for reporting instructions.