SkillHub is a self-hosted registry for agent skills. Contributions should
preserve the existing architecture and product direction documented in
docs/.
- Read
README.mdfor local development commands. - Check the relevant design docs before changing behavior.
- Open an issue for non-trivial changes before sending a large pull request.
Prerequisites:
- Docker and Docker Compose
- Java 21
- Node.js and
pnpm
Start the local stack:
make dev-allUseful commands:
make test
make typecheck-web
make build-web
make generate-api
./scripts/check-openapi-generated.sh
./scripts/smoke-test.shStop the stack:
make dev-all-down- Keep changes focused. Avoid mixing refactors with behavior changes.
- Follow existing module boundaries across
server/,web/, anddocs/. - Add or update tests when behavior changes.
- Update docs when APIs, auth flows, deployment, or operator workflows change.
- Regenerate and commit
web/src/api/generated/schema.d.tswhen backend OpenAPI contracts change. - Prefer backward-compatible changes unless the issue explicitly allows a break.
Before opening a pull request, make sure:
- The branch is rebased or merged cleanly from the target branch.
- Relevant backend tests pass.
- Frontend typecheck/build passes when frontend files changed.
make generate-apior./scripts/check-openapi-generated.shhas been run when backend API contracts changed.- Smoke coverage is updated when operator-facing workflows change.
- The pull request description explains motivation, scope, and rollout impact.
Conventional-style subjects are preferred, for example:
feat(auth): add local account loginfix(ops): align smoke test with csrf flowdocs(deploy): clarify runtime image usage
Do not open public issues for suspected security vulnerabilities.
Use GitHub Security Advisories or your internal security process to report them privately to the maintainers.