Thank you for your interest in contributing to the ObjectStack Auth Plugin! This document provides guidelines and instructions for contributing.
-
Clone the repository
git clone https://github.com/objectstack-ai/plugin-auth.git cd plugin-auth -
Install dependencies
pnpm install
-
Build the project
pnpm run build
-
Watch mode for development
pnpm run dev
src/
├── adapter/ # ObjectQL adapter for Better-Auth
├── schema/ # GraphQL schema definitions
├── client/ # React hooks and client utilities
├── server/ # Server-side initialization
├── types.ts # TypeScript type definitions
└── index.ts # Main plugin entry point
- Never use direct database calls (SQL, Prisma, Drizzle)
- Always use ObjectQL for data operations
- Pattern:
ql.entity('EntityName').operation()
Example:
// ❌ Bad
await prisma.user.create({ ... });
// ✅ Good
await ql.entity('User').create({ ... });- Use TypeScript strict mode
- Export all public types
- Leverage Better-Auth's type inference
- Core plugin should work with any framework
- Framework-specific code goes in separate exports
- Example: React hooks in
client/hooks.ts
- Authentication (who you are) via Better-Auth
- Authorization (what you can do) via ObjectOS
- Inject permissions into session objects
- Use strict mode
- Prefer interfaces over types for objects
- Use explicit return types for public APIs
- Document complex logic with comments
- PascalCase for types, interfaces, classes
- camelCase for functions, variables
- UPPER_CASE for constants
- Prefix private methods with
_
- One export per file (with exceptions for related utilities)
- Group related functionality
- Keep files focused and under 300 lines
When adding tests (future work):
- Test with multiple ObjectQL drivers (Postgres, Redis, etc.)
- Test RBAC permission injection
- Test session lifecycle
- Test error handling
-
Create a feature branch
git checkout -b feature/your-feature-name
-
Make your changes
- Follow coding standards
- Add tests if applicable
- Update documentation
-
Verify your changes
pnpm run typecheck pnpm run build
-
Commit with clear messages
git commit -m "feat: add new feature"Follow Conventional Commits:
feat:New featurefix:Bug fixdocs:Documentation changesrefactor:Code refactoringtest:Test additions/changeschore:Maintenance tasks
-
Push and create PR
git push origin feature/your-feature-name
This repository includes several GitHub Actions workflows to ensure code quality:
- Trigger: Pull requests and pushes to
mainordevelopbranches - Actions:
- Type checking with TypeScript
- Building the project
- Runs on Node.js 18.x and 20.x
- Location:
.github/workflows/ci.yml
- Trigger: Pull requests to
mainordevelopbranches - Actions:
- Dependency review (fails on moderate+ severity issues)
- CodeQL security analysis for TypeScript/JavaScript
- Location:
.github/workflows/code-quality.yml
- Trigger: Version tags (v*) or manual dispatch
- Actions:
- Type checking and building
- Creating GitHub releases with auto-generated release notes
- npm publishing (commented out, ready to enable)
- Location:
.github/workflows/release.yml
- Schedule: Weekly (Mondays)
- Updates:
- pnpm dependencies
- GitHub Actions versions
- Configuration:
.github/dependabot.yml
All PRs will automatically run CI and code quality checks. Make sure your changes pass all checks before requesting review.
- Update
AuthPluginConfiginsrc/index.ts - Add provider configuration to server setup
- Update documentation
- Add example to
example.config.ts
- Update GraphQL schema in
src/schema/auth.gql - Update TypeScript types in
src/types.ts - Update adapter operations in
src/adapter/index.ts - Update documentation
- Add hook to
src/client/hooks.ts - Export from
src/index.ts - Add TypeScript types
- Document with JSDoc comments
- Add usage example to README
- Open an issue for bugs or feature requests
- Start a discussion for questions or ideas
- Tag maintainers for urgent issues
By contributing, you agree that your contributions will be licensed under the MIT License.