Crucix moves quickly, but review bandwidth is limited. The easiest way to get a change merged is to keep it small, well-scoped, and aligned with the project's direction.
- Focused bug fixes with a clear reproduction and validation path
- Documentation improvements that reduce setup friction
- Dashboard usability improvements with a small review surface
- New OSINT sources that add clear signal, degrade gracefully, and fit the existing architecture
Open an issue before writing code if your change would:
- add a new external provider or paid API
- add a new feature family or dashboard surface
- change the project scope or roadmap
- change licensing, distribution, or deployment model
- introduce new dependencies
- Node.js 22+
- Pure ESM
- Keep the zero-extra-dependency approach unless there is a strong reason not to
- Do not commit secrets,
.envfiles, or generated runtime data
Each source should be a standalone module in apis/sources/ and integrate cleanly with apis/briefing.mjs.
Minimum expectations:
- export a
briefing()function that returns structured data - handle upstream errors and rate limits cleanly
- degrade gracefully when API keys are missing
- avoid breaking the full sweep if the source fails
- document any required environment variables in
.env.exampleandREADME.md - explain why the source improves signal quality, not just source count
If your source also affects the dashboard:
- wire it through
dashboard/inject.mjs - explain the user-facing impact in the PR
- include a screenshot when the UI changes materially
Frontend changes are reviewed carefully because the dashboard renders mixed-source data.
- do not render untrusted content directly with
innerHTMLunless it is sanitized first - only allow safe external URL schemes such as
http:andhttps: - escape JSON injected into inline
<script>tags - prefer text rendering over HTML rendering when possible
One bugfix or one feature family per PR.
Good:
- fix one parser bug
- add one source and its minimal wiring
- improve one dashboard interaction
Bad:
- add a source, redesign the dashboard, and change config behavior in the same PR
- mix bug fixes with unrelated product expansion
- bundle license or provider changes into unrelated work
Large changes may be asked to split before review.
Before opening a PR, make sure you have:
- explained the problem and why the change is needed
- kept the diff focused
- listed any setup or environment variable changes
- validated the changed path locally
- included screenshots for visible dashboard changes
- updated docs when behavior or config changed
Review is primarily about:
- correctness
- regression risk
- security of mixed-source content rendering
- maintainability
- fit with project direction
Not every technically correct change will be merged. Scope and long-term maintenance cost matter.
- Use clear commit messages
- Avoid unrelated file churn
- Do not include generated metadata or tool signatures in PR descriptions unless they are actually useful
- Keep PR titles specific and concrete
If you believe you found a security issue, do not open a public issue first. See SECURITY.md for reporting instructions.