Contributing
Thanks for thinking about contributing! Sentinel sits in the PAM authentication path, so reviewers are pickier than average — but the flow itself is normal GitHub fork-PR-merge.
Development quickstart
git clone https://github.com/atayoez/sentinel
cd sentinel
cargo build --release --workspace
cargo test --workspace --locked
cargo fmt --all -- --check
cargo clippy --workspace --all-targets -- -D warnings
Things reviewers check
The PR template lists the gate. Most-important items:
- Sentinel sits in the PAM auth path. If you touch
pam-sentinel, the agent, or the helper, please runpkexec ./install.sh && pkexec trueend-to-end before opening the PR. A regression here can lock people out ofsudoor polkit. - i18n changes — test with
LANG=tr_TR.UTF-8 pkexec trueor any shipped locale. Theevery_bundle_has_required_keysandevery_bundle_has_matching_placeholderstests catch most issues but not all rendering quirks. - Install / uninstall — please test the rollback path too
(
pkexec ./packaging-kde/uninstall.sh). - i18n: adding a new locale — see
crates/sentinel-shared/src/ui_i18n.rsdoc comment for the steps; the test suite catches missing keys + placeholder drift.
Architecture references
- Architecture for the design and the trust boundaries.
- Configuration for the on-disk schema.
- PAM wiring for the install-time semantics.
Reporting bugs
Use bug_report.yml for general bugs, or compositor_compat.yml for "did Sentinel work on $compositor" reports (the table in the README is fed from these).
Security issues go through GitHub Private Vulnerability Reporting — see the security policy.
Discussions
Open-ended questions ("would you take a PR for X?", "is this in scope?") go in Discussions rather than issues.
License
By contributing you agree your changes ship under
GPL-3.0-or-later,
Sentinel's license. New files should carry the SPDX header
(see existing files for the convention; reuse lint enforces).