Thank you for your interest in contributing to SpectraGraph π
SpectraGraph is a production-grade OSINT intelligence platform designed for ethical investigations, transparent reporting, and repeatable graph-based analysis.
Because SpectraGraph operates across multiple services, handles sensitive intelligence workflows, and enforces strict ethical boundaries, contributions must follow clearly defined rules.
This document explains:
- How to get started
- How the architecture is structured
- Where different kinds of changes belong
- How to submit high-quality, reviewable pull requests
β οΈ Please read this document fully before contributing.
Pull requests that do not follow these guidelines may be closed without review.
SpectraGraph is built around three core principles.
All contributions are evaluated against them.
- Clear, enforced boundaries between services
- Strict dependency direction
- No hidden coupling or shortcuts
- No intrusive scanning
- No abuse-enabling features
- No unsafe defaults
- No functionality designed to evade safeguards
- Typed data models
- Test coverage where applicable
- Predictable, repeatable workflows
β Contributions that violate these principles will not be accepted.
SpectraGraph is a monorepo with a strict, one-directional dependency flow:
Dependencies may only flow downward.
SpectraGraph/
βββ spectragraph-core/ # Orchestration, Celery, vault, graph logic
β βββ workflows/ # Investigation & execution workflows
β βββ graph/ # Graph construction & traversal logic
β βββ vault/ # Secrets & credential access layer
β βββ tasks/ # Celery task definitions
β βββ tests/
β
βββ spectragraph-types/ # Shared Pydantic schemas (single source of truth)
β βββ entities/ # Entity models (IP, Domain, Email, etc.)
β βββ relations/ # Graph edge definitions
β βββ tests/
β
βββ spectragraph-transforms/ # Stateless OSINT enrichment plugins
β βββ features/ # Individual enrichment features / transforms
β β βββ domain/ # Domain-related transforms
β β βββ ip/ # IP-related transforms
β β βββ email/ # Email-related transforms
β βββ base.py # Transform base class
β βββ tests/
β
βββ spectragraph-api/ # FastAPI service layer
β βββ routes/ # API route definitions
β βββ schemas/ # Request/response validation
β βββ dependencies/ # Auth, context, lifecycle hooks
β βββ tests/
β
βββ spectragraph-app/ # Vite + React frontend
β βββ features/ # UI feature modules
β βββ components/ # Reusable UI components
β βββ pages/ # Route-level pages
β βββ tests/
β
βββ docker-compose*.yml
βββ Makefile
βββ ETHICS.md
βββ DISCLAIMER.md
βββ CONTRIBUTING.md
- May communicate only with the API
- No direct access to databases, Core, or Transforms
- Must respect investigation workflows and safety constraints
- Handles request validation and response shaping
- May call Core and read storage
- β Must not contain business or orchestration logic
- Central orchestration layer
- Manages Celery tasks, secrets, and execution flow
- Acts as the systemβs control plane
- Must be stateless and isolated
- No shared state
- No orchestration logic
- No direct database access
- Single source of truth for schemas
- Shared across all services
- Pydantic models only
β No circular dependencies
β No bypassing Core to call Transforms directly
β No schema duplication outside spectragraph-types
- Docker (required)
- Python 3.10+
- Poetry
- Node.js (for frontend)
git clone https://github.com/<your-username>/spectragraph.git
cd spectragraphEnvironment Configuration
cp .env.example .env
Install Dependencies Python (workspace)
poetry installFrontend
cd spectragraph-app
npm install
Start the Development Stack
make dev# Start all services
make dev
# Access the UI
# http://localhost:3000
# Stop all services
make down
##Services Started
PostgreSQL
Redis
Neo4j
FastAPI
Celery worker
Frontend UI
π§ͺ Testing Requirements
# Core tests
cd spectragraph-core
poetry run pytest
# Transform tests
cd spectragraph-transforms
poetry run pytest
# API tests
cd spectragraph-api
poetry run pytest
Test Policy
β All tests must pass before opening a PR
β PRs without tests (where applicable) may be rejected
Location: spectragraph-transforms/features/
Requirements:
- Must subclass
Transform - Must declare
params_schema - Must implement:
preprocess()scan()
- Secrets must be retrieved via Vault
- No intrusive scanning or scraping beyond ethical OSINT norms
Location: spectragraph-types/
Rules:
- Pydantic models only
- Changes impact multiple services
- Breaking schema changes require prior discussion
Location: spectragraph-api/
Rules:
- Follow FastAPI routing conventions
- Validate inputs strictly
- No business logic leakage into routes
Location: spectragraph-app/
Rules:
- Must respect investigation workflows
- Must not expose unsafe or misleading actions
- UX should reinforce ethical usage
feature/<short-description>
fix/<short-description>
docs/<short-description>
- Target the
mainbranch - Keep PRs focused (one concern per PR)
- Clearly explain what changed and why
- Link related issues or discussions
- Include screenshots for UI changes (if applicable)
- Add or improve tests
- Split changes into smaller PRs
- Adjust architectural placement to respect boundaries
SpectraGraph is an OSINT intelligence platform.
All contributors must follow strict ethical guidelines.
- Read and follow
ETHICS.md
- Enable intrusive scanning
- Circumvent safeguards
- Encourage misuse or harm
- π Security vulnerabilities must be reported privately
- Do not disclose security issues via public issues or PRs
If you are unsure about a featureβs ethical or safety impact,
open a discussion before coding.
SpectraGraph is intentionally strict about structure, safety, and ethics.
This discipline keeps the platform:
- Reliable
- Defensible
- Scalable
- Trusted
Thank you for contributing responsibly to SpectraGraph π