Contributing
pdcli is open source (MIT) and contributions are welcome. This is the short
version — the canonical, always-current guide lives in
CONTRIBUTING.md in
the repository.
You need Node.js 20+. Clone, install, and run the CLI straight from source — no build, no global install:
git clone https://github.com/wavyx/pdcli.gitcd pdclinpm install./bin/dev.js --helpbin/dev.js loads a local .env, so you can point at a sandbox with
PDCLI_COMPANY_DOMAIN / PDCLI_API_TOKEN without touching your keychain.
How we work
Section titled “How we work”- Test-driven, always. Red → green → refactor: write the failing test first, watch it fail for the right reason, then write the minimal code to pass. No production code lands without a failing test.
- Coverage is enforced at 100% (statements, branches, functions, lines) — exercise the error paths, not just the happy path.
- Lint before every commit:
npm run lintruns the same checks as CI (eslint . && prettier --check .);npm run lint:fixautofixes. - Conventional Commits, scoped when
useful —
feat(deal): …,fix(client): …,docs: …,test: …. - Stage explicit paths — never
git add -A. Scratch/handoff docs, thedesign/directory, and screenshots are git-ignored and must not be committed.
npm test # full suitenpx vitest run test/deal/list.test.js # a single filenpm run test:coverage # suite + coverage reportRelease flow
Section titled “Release flow”Releases are tag-driven and automated (maintainers only): bump the version and
update CHANGELOG.md, then push a vX.Y.Z tag. CI re-runs lint and coverage,
publishes to npm via OIDC trusted publishing with provenance, packs native
tarballs, and creates the GitHub Release from the changelog.
Security
Section titled “Security”Don't put secrets — API tokens, OAuth credentials — in issues, PRs, or test fixtures. Report vulnerabilities privately to the maintainers rather than opening a public issue.