Thank you for your interest in contributing to fastapi-secure-errors! We welcome contributions from the community and appreciate your help in making this library better.
- Code of Conduct
- Getting Started
- Development Setup
- Making Changes
- Testing
- Submitting Changes
- Coding Standards
- Security Considerations
This project adheres to a code of conduct that we expect all contributors to follow. Please be respectful and constructive in all interactions.
- Fork the repository on GitHub
- Clone your fork locally:
git clone https://github.com/your-username/fastapi-secure-errors.git cd fastapi-secure-errors - Add the upstream remote:
git remote add upstream https://github.com/ciscomonkey/fastapi-secure-errors.git
This project uses uv for dependency management. Make sure you have it installed.
-
Install dependencies:
uv sync --all-extras
-
Install the package in development mode:
uv pip install -e . -
Verify your setup by running the tests:
uv run pytest tests/ -v
-
Create a new branch for your feature or bug fix:
git checkout -b feature/your-feature-name # or git checkout -b fix/issue-description -
Make your changes following the coding standards below
-
Write or update tests for your changes
-
Update documentation if needed (README.md, docstrings, etc.)
-
Test your changes:
# Run all tests uv run pytest tests/ -v # Run tests with coverage uv run pytest tests/ --cov=src --cov-report=html --cov-report=term-missing -v # Run tests quickly (stop on first failure) uv run pytest tests/ -x
We maintain high test coverage and all contributions should include appropriate tests.
- Unit tests for individual components:
tests/test_*.py - Integration tests:
tests/test_integration.py - All tests should be runnable with
pytest
- Use descriptive test names that explain what is being tested
- Test both success and failure scenarios
- Test edge cases and error conditions
- For security-related features, ensure tests verify that sensitive information is not leaked
# All tests with verbose output
uv run pytest tests/ -v
# Tests with coverage report
uv run pytest tests/ --cov=src --cov-report=html --cov-report=term-missing -v
# Run a specific test file
uv run pytest tests/test_handlers.py -v
# Run tests matching a pattern
uv run pytest tests/ -k "test_secure" -v-
Ensure all tests pass:
uv run pytest tests/ -v
-
Commit your changes with a clear commit message:
git commit -m "Add feature: description of what you added" # or git commit -m "Fix: description of what you fixed"
-
Push to your fork:
git push origin your-branch-name
-
Create a Pull Request on GitHub with:
- A clear title describing the change
- A detailed description of what was changed and why
- References to any related issues
- Screenshots or examples if applicable
- Follow PEP 8 style guidelines
- Use type hints where appropriate
- Write clear, self-documenting code with meaningful variable names
- Add docstrings to public functions and classes
- Keep functions focused and single-purpose
- Use appropriate abstractions and avoid code duplication
- Organize imports: standard library, third-party, local imports
- Maintain consistent file and directory structure
- Update docstrings for any modified functions or classes
- Update README.md if adding new features or changing behavior
- Include inline comments for complex logic
- Provide examples in docstrings where helpful
Since this library is focused on security, please pay special attention to:
- Information Disclosure: Ensure no sensitive information is leaked in error messages, logs, or responses
- Input Validation: Validate all inputs and handle edge cases securely
- Default Security: Make secure behavior the default, with opt-in for less secure options
- Testing Security Features: Write tests that verify security properties, not just functionality
For changes that affect security behavior:
- Explain the security implications in your PR description
- Include tests that verify the security properties
- Document any security trade-offs or considerations
- Consider backward compatibility and whether changes should be opt-in
When reporting issues:
- Check existing issues first to avoid duplicates
- Use a clear, descriptive title
- Provide detailed steps to reproduce the issue
- Include relevant code examples or error messages
- Specify your environment (Python version, FastAPI version, etc.)
When suggesting new features:
- Explain the use case and why it would be valuable
- Consider security implications of the proposed feature
- Suggest how it might be implemented if you have ideas
- Be open to discussion about alternative approaches
For maintainers creating releases:
- Ensure all tests pass and the main branch is ready for release
- Use the Create Release workflow:
- Go to Actions → Create Release
- Click "Run workflow"
- Enter the version number (e.g.,
1.0.0) - Select release type (release or prerelease)
- The workflow will:
- Run tests to ensure everything works
- Update the version in
pyproject.toml - Build the package
- Create a GitHub release with the built artifacts
- After release, the Release workflow will automatically:
- Build the package distributions
- Upload them as artifacts to the release
You can also manually bump the version using uv:
uv version 1.0.0If you have questions about contributing, feel free to:
- Open an issue with the "question" label
- Start a discussion in the repository
- Reach out to the maintainers
Thank you for contributing to fastapi-secure-errors!