Contributing
Guidelines for contributing to the AIIA codebase.
Development Workflow
- Create a feature branch from
main - Make small, PR-sized changes
- Follow existing patterns — no rewrites
- Include tests (unit + integration)
- Update documentation if needed
- Submit a pull request
Definition of Done
Every change must satisfy:
- RBAC/SoD enforced at API + UI
-
AuditLogEventfor every CUD, state change, approval - Versioning for governed records (workpapers, findings, reports)
- Evidence chain-of-custody maintained
- Tests (unit/integration; E2E for UI)
- SaaS + on-prem compatible
- i18n keys (EN + AR) — no hardcoded strings
- AI outputs = suggestions with human approval
- No hardcoded secrets
Hard Constraints
- ❌ No secrets in code
- ❌ No audit log bypass
- ❌ No AI → official record without human action
- ❌ No cross-boundary data leaks
- ❌ No SaaS-only dependencies breaking on-prem
- ❌ No skipped RBAC checks
- ❌ No weakened security
- ❌ No hardcoded language strings
Code Standards
Backend (Python)
- Use type hints
- Async/await for all database operations
- SQLModel for models
- FastAPI dependencies for auth/RBAC
- Follow existing router patterns
Frontend (TypeScript)
- Functional components with hooks
- TypeScript strict mode
- Use existing UI components
- Follow existing page patterns
Testing
| Level | Tool | Coverage Target |
|---|---|---|
| Unit | pytest | 80%+ |
| Integration | pytest + TestClient | Critical paths |
| E2E | Playwright | Core workflows |