Thanks for your interest in contributing to Telegram Photo Wall!
- Fork the repository
- Clone your fork locally
- Follow the Local Development Guide to set up your environment
- Create a feature branch from
main
# Install dependencies
npm install
cd photo-wall && npm install && cd ..
# Run locally (requires AWS credentials + deployed stack)
./scripts/setup-local-env.sh
cd photo-wall && npm run dev
# Build before submitting
cd photo-wall && npm run build && cd ..
# Lint & type-check
cd photo-wall && npx tsc --noEmit && cd ..- Create a descriptive branch name (e.g.,
feat/video-support,fix/webhook-timeout) - Make focused, atomic commits with clear messages
- Ensure
npm run buildsucceeds without errors - Update documentation if you change API interfaces or add features
- Open a PR against
mainwith:- Summary of what changed and why
- Test plan (how you verified it works)
- Screenshots for UI changes
- TypeScript strict mode
- No hardcoded secrets or credentials
- Sanitize all user input (see
src/lib/sanitize.ts) - Environment-specific config via environment variables, not code
- All secrets live in AWS Secrets Manager, never in environment variables or code
- Telegram webhook validation is mandatory (secret token header check)
- Admin endpoints require Bearer token authentication
- Photos are stored in S3 with pre-signed URLs for access
- Quantum signatures use AWS Braket SV1 with local crypto fallback
- Use GitHub Issues for bugs and feature requests
- Include steps to reproduce for bugs
- Include expected vs actual behavior
If you discover a security vulnerability, please do NOT open a public issue. Instead, email the maintainers directly.
By contributing, you agree that your contributions will be licensed under the MIT License.