mirror of https://github.com/lfnovo/open-notebook.git synced 2026-04-28 11:30:00 +00:00

Luis Novo 8ee18d1fb7 docs: add security guidelines for contributors

Add security.md covering database query safety, template rendering,
file handling, secrets management, and a code review checklist.
Informed by CERT-EU coordinated vulnerability disclosures.

2026-04-09 12:16:09 -03:00

3.8 KiB

Raw Blame History

Development

Welcome to the Open Notebook development documentation! Whether you're contributing code, understanding our architecture, or maintaining the project, you'll find guidance here.

🎯 Pick Your Path

👨‍💻 I Want to Contribute Code

Start with Contributing Guide for the workflow, then check:

Quick Start - Clone, install, verify in 5 minutes
Development Setup - Complete local environment guide
Code Standards - How to write code that fits our style
Testing - How to write and run tests

First time? Check out our Contributing Guide for the issue-first workflow.

🔒 I Want to Understand Security Practices

Security Guidelines covers:

Database query safety (preventing SurrealQL injection)
Template rendering safety (preventing SSTI)
File handling safety (preventing path traversal and LFI)
Secrets management and CORS configuration
Code review security checklist

🏗️ I Want to Understand the Architecture

Architecture Overview covers:

3-tier system design
Tech stack and rationale
Key components and workflows
Design patterns we use

For deeper dives, check /open_notebook/ CLAUDE.md for component-specific guidance.

👨‍🔧 I'm a Maintainer

Maintainer Guide covers:

Issue triage and management
Pull request review process
Communication templates
Best practices

📚 Quick Links

Document	For	Purpose
Quick Start	New developers	Clone, install, and verify setup (5 min)
Development Setup	Local development	Complete environment setup guide
Contributing	Code contributors	Workflow: issue → code → PR
Code Standards	Writing code	Style guides for Python, FastAPI, DB
Testing	Testing code	How to write and run tests
Architecture	Understanding system	System design, tech stack, workflows
Design Principles	All developers	What guides our decisions
API Reference	Building integrations	Complete REST API documentation
Security	All developers	Security practices and vulnerability prevention
Maintainer Guide	Maintainers	Managing issues, PRs, releases

🚀 Current Development Priorities

We're actively looking for help with:

Frontend Enhancement - Improve Next.js/React UI with real-time updates
Performance - Async processing and caching optimizations
Testing - Expand test coverage across components
Documentation - API examples and developer guides
Integrations - New content sources and AI providers

See GitHub Issues labeled good first issue or help wanted.

💬 Getting Help

Discord: Join our server for real-time discussions
GitHub Discussions: For architecture questions
GitHub Issues: For bugs and features

Don't be shy! We're here to help new contributors succeed.

📖 Additional Resources

External Documentation

Our Libraries

Esperanto - Multi-provider AI abstraction
Content Core - Content processing
Podcast Creator - Podcast generation

Ready to get started? Head over to Quick Start! 🎉

3.8 KiB Raw Blame History