Thanks for helping improve OverSync. This guide is for developers opening pull
requests against the codebase. If you want to operate a resolver, use
docs/RESOLVERS.md instead.
- Node.js 22.5+ and pnpm
- Rust with the
wasm32-unknown-unknownandwasm32v1-nonetargets stellar-cli22.8.1 for Soroban contract builds- Foundry or Hardhat tooling for Solidity contract work
packages/sdk- shared TypeScript SDKcoordinator- SQLite-backed v2 coordinator REST and WebSocket servicecontracts- Solidity contracts and Hardhat testssoroban- Rust workspace for Stellar Soroban contractsfrontend- React and Vite bridge UIresolver- reference community resolver runner
pnpm install
cp env.example .env
pnpm --filter @oversync/sdk buildRun the parts of the stack you are changing. For example:
pnpm --filter @oversync/coordinator dev
pnpm --filter @oversync/frontend devRun the checks that match your change before opening a PR:
pnpm --filter @oversync/sdk build
pnpm --filter @oversync/sdk exec tsc --noEmit
pnpm --filter @oversync/coordinator exec tsc --noEmit
pnpm --filter @oversync/resolver exec tsc --noEmit
pnpm --filter @oversync/frontend exec tsc --noEmit
pnpm --filter @oversync/sdk test
pnpm --filter @oversync/coordinator test
pnpm --filter @oversync/contracts compile
pnpm --filter @oversync/contracts exec hardhat test test/v2/HTLCEscrow.test.ts test/v2/ResolverRegistry.test.tsFor Soroban changes:
cd soroban
stellar contract build
cargo test --releaseFor Solidity contract changes, the contracts workflow also runs Slither on
contracts/contracts/v2.
- Write PR descriptions and code comments in English.
- Link the issue your PR addresses.
- Keep secrets, private keys, RPC credentials, and
.envfiles out of commits. - Include verification notes that list the commands you ran.
- Keep contributor docs focused on development. Resolver operations belong in
docs/RESOLVERS.md.
Report security-sensitive issues privately using docs/SECURITY.md.
Do not open public issues or PRs that reveal exploitable details.