|
1 | | -Never comment on code formatting when performing code reviews. |
| 1 | +# CCF Repository Copilot Instructions |
2 | 2 |
|
3 | | -When shell scripts or bash scripts are created or modified, if they contain any use of the pipe (|) operator, they must also set the pipefail option (set -o pipefail). Remind the PR author if they have missed that. |
| 3 | +- This document provides guidance for AI coding and review agents working in the CCF (Confidential Consortium Framework) repository |
| 4 | +- **CCF** is an open-source framework for building secure, highly available, and performant applications focused on multi-party compute and data. It's designed for confidential, distributed systems running on secure hardware. |
| 5 | + |
| 6 | +**Key directories**: |
| 7 | + |
| 8 | +- `src/` - Core CCF implementation in C++ (consensus, crypto, kv store, HTTP, TLS, JavaScript runtime), including unit tests in subdirs |
| 9 | +- `include/ccf/` - Public C++ API headers |
| 10 | +- `tests/` - Python-based end-to-end test suite |
| 11 | +- `python/` - CCF Python SDK and client libraries |
| 12 | +- `doc/` - Sphinx-based RST documentation |
| 13 | +- `3rdparty/` - Third-party dependencies |
| 14 | + |
| 15 | +## Code changes |
| 16 | + |
| 17 | +- Coding style is enforced by the `ci-checks.sh` script, which runs clang-format for C++ and black for Python. |
| 18 | +- Linters and static analysis tools are also run as part of CI, clang-tidy for C++ and ruff for Python. |
| 19 | +- Run `ci-checks.sh -f` to automatically run these tools. |
| 20 | +- This tool must run successfully before creating a PR. |
| 21 | +- Match the existing coding style for naming and casing conventions. This is not automatically enforced, so pay attention to surrounding code for guidance. |
| 22 | +- All tests in `ci.yml` must pass before a PR can be merged. Consider which are likely to be affected by your changes and run those locally before pushing. |
| 23 | +- Take particular care with any changes that may affect compatibility with older releases, and ensure these are tested, via the `lts_compatibility` test with `LONG_TESTS=1` enabled. |
| 24 | +- Take particular care with changes to the consensus and crypto code, as these are critical for security and correctness. Ensure you have a thorough understanding of the existing code and the implications of your changes before proceeding. |
| 25 | + |
| 26 | +### C++ |
| 27 | + |
| 28 | +- C++ changes must be built and tested locally before creating a PR. Use cmake and ninja to build, and refer to CI files for any further build configurations. For example: |
| 29 | + ```bash |
| 30 | + mkdir build && cd build |
| 31 | + cmake -GNinja .. # RelWithDebInfo by default |
| 32 | + ninja # Build all targets |
| 33 | + ``` |
| 34 | +- Both unit tests and end-to-end tests can be run using ctest, but should be invoked via the `tests.sh` wrapper script to ensure the correct environment is set up and used. For example: |
| 35 | + ```bash |
| 36 | + cd build |
| 37 | + ./tests.sh # Run all tests |
| 38 | + ./tests.sh -VV # Verbose output |
| 39 | + ./tests.sh -R pattern # Run tests matching pattern |
| 40 | + ``` |
| 41 | +- Most changes should be accompanied by new or updated tests. End-to-end tests are required for any changes that affect the user-visible behaviour. |
| 42 | +- Use modern features where appropriate, but be wary of newer features that may not be fully supported. |
| 43 | + |
| 44 | +### Python |
| 45 | + |
| 46 | +- There are 2 kinds of Python code in the repository: the end-to-end tests (and supporting infra) in `tests/`, and the Python SDK in `python/`. |
| 47 | +- Pay attention to existing helpers and utilities in the test suite when writing new tests, and avoid duplicating code. If you find yourself copying and pasting code, consider refactoring it into a shared helper function or class. |
| 48 | +- All code in the SDK should include type annotations and docstrings. |
| 49 | + |
| 50 | +### Documentation |
| 51 | + |
| 52 | +- Any RST changes must be built with Sphinx to ensure they render correctly. |
| 53 | +- Check for existing documentation on the topic before creating new docs, and provide thorough crosslinks where appropriate. Avoid duplicating information that already exists in the docs. |
| 54 | +- For any user-facing changes, ensure that the documentation is updated to reflect the new behaviour. |
| 55 | + |
| 56 | +### Security posture |
| 57 | + |
| 58 | +- **No secrets in code**: Avoid committing API keys, passwords, or other secrets. Some certificates and keys are included in the repository for testing purposes, but if adding more ensure these are freshly created and properly documented as test-only artifacts. |
| 59 | +- **Input validation**: Always validate and sanitize external inputs |
| 60 | +- **Cryptographic operations**: Use CCF's crypto library (`include/ccf/crypto/`) - don't roll your own |
| 61 | +- **Memory safety**: Use RAII, smart pointers, and avoid manual memory management |
| 62 | + |
| 63 | +## Reviews |
| 64 | + |
| 65 | +- Never comment on code formatting when performing code reviews. |
| 66 | +- When shell scripts or bash scripts are created or modified, if they contain any use of the pipe (|) operator, they must also set the pipefail option (set -o pipefail). Remind the PR author if they have missed that. |
| 67 | + |
| 68 | +### Code Review Security Focus |
| 69 | + |
| 70 | +When reviewing code, pay special attention to: |
| 71 | + |
| 72 | +- Authentication and authorization logic |
| 73 | +- Cryptographic operations |
| 74 | +- Input parsing and validation |
| 75 | +- Memory management |
| 76 | +- Error handling in security-critical paths |
0 commit comments