Thank you for helping improve DevCongress Community. This app is built for a real community, so good contributions are practical, documented, and easy for another organizer or developer to understand later.
- Development Setup
- Project Orientation
- Code Style
- Branch and Commit Guidance
- Pull Request Process
- Documentation Expectations
- Testing
- Security and Secrets
- Node.js 20 or newer
- pnpm 10 or newer
- Bun 1.1 or newer if you want to run the production server locally
- Git
git clone <repository-url>
cd events-management
pnpm install
cp .env.example .env.local
pnpm seed
pnpm devThe app runs as a Vue SPA with a same-origin Hono API. See Local Development for environment variables and common troubleshooting.
Start with these files before changing code:
| File | Why it matters |
|---|---|
| README.md | Product overview and contributor entry points |
| docs/README.md | Human-friendly documentation map |
| docs/architecture.md | System shape, data flow, auth strategy, and route groups |
| docs/implementation.md | Entry points, modules, configuration, and non-obvious behavior |
| docs/patterns.md | Naming, folder conventions, UI tokens, and anti-patterns |
The legacy Next/React implementation remains in app/, components/, and hooks/ as migration reference. New active UI work should go under src/ unless you are explicitly cleaning up migration leftovers.
- Prefer explicit types at API and persistence boundaries.
- Keep Vue components focused on one screen or reusable primitive.
- Use
PascalCase.vuefor Vue components andkebab-case.tsfor utilities. - Use same-origin
fetch('/api/...')from Vue views. - Use typed mock DB helpers from
lib/mock-db/; do not call generic read/write helpers directly from routes.
- Preserve the DevCongress light visual system on public/community pages.
- Keep
tailwind.config.ts,src/styles.css, andlib/design-system.tsaligned when changing tokens. - Use
AppDropdowninstead of native selects where the app already uses custom dropdowns. - Use
notifyfromsrc/lib/notify.tsfor app toasts. - Avoid adding hover-only behavior that hides critical actions from touch users.
- Active API routes live in
server/app.ts. - Keep server-only secrets out of browser code and out of
VITE_variables. - Treat JSON persistence as prototype infrastructure; keep new durable production work aligned with Supabase migrations.
- Admin mutations should stay behind organizer auth checks.
Use a short, descriptive branch name:
git checkout -b feature/attendance-export-polishCommit messages should explain the user-facing change first:
feat: improve attendance import feedback
- Show CSV validation errors near the import action
- Preserve the previous import when a replacement fails
- Add documentation for Luma export formatting
Keep commits scoped. If a change includes UI, API, and docs, split it when that makes review easier.
Before opening a PR:
- Rebase or merge the latest main branch.
- Run the relevant checks.
- Update documentation for user-facing or architectural changes.
- Include screenshots or short videos for UI changes.
- Call out any migration, seed data, or environment variable changes.
Recommended checks:
pnpm typecheck
pnpm build
pnpm testFor public meetup API changes, also run:
pnpm verify:public-apiPR descriptions should include:
- Summary of the change
- Why it is needed
- Screenshots for UI work
- Testing performed
- Any follow-up work left intentionally out of scope
Documentation is part of the change, not an afterthought.
When adding or changing a feature:
- Add or update a feature doc in
docs/features/. - Link the doc from
docs/features/README.md. - Update the relevant user guide in
docs/user-guides/if behavior changes. - Update technical/reference docs if routes, env vars, persistence, or deployment changes.
- Add a short entry to
docs/changelog.mdat a natural checkpoint.
Use docs/features/_TEMPLATE.md for new feature docs.
pnpm typecheck
pnpm build
pnpm test
pnpm verify:public-apiFor UI changes, test at least:
- Desktop and mobile widths
- Keyboard navigation and visible focus states
- Empty/loading/error states
- The route you changed and one nearby route that shares the same component or API
For organizer changes, verify the action through the organizer console, not only the API.
- Never commit real credentials.
- Keep
.env.locallocal. - Use
SUPABASE_SERVICE_ROLE_KEYonly on the server. - Do not expose server-only keys through
VITE_variables. - Run a local secret scan before opening a large PR if you touched config, docs, or deployment files.
See SECURITY.md for vulnerability reporting.
Be clear, kind, and practical. This project serves a community, and the collaboration style should reflect that.